CVE-2014-7817

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2014-7817
The wordexp function in GNU C Library (aka glibc) 2.21 does not enforce the WRDE_NOCMD flag, which allows context-dependent attackers to execute arbitrary commands, as demonstrated by input containing "$((`...`))".

4.6 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 3.9 / Impact : 6.4

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://linux.oracle.com/errata/ELSA-2015-0016.html
http://linux.oracle.com/errata/ELSA-2015-0092.html Vendor Advisory
http://lists.opensuse.org/opensuse-updates/2015-02/msg00089.html Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2014-2023.html Vendor Advisory
http://seclists.org/oss-sec/2014/q4/730
http://secunia.com/advisories/62100
http://secunia.com/advisories/62146
http://www.debian.org/security/2015/dsa-3142 Vendor Advisory
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
http://www.securityfocus.com/bid/71216
http://www.ubuntu.com/usn/USN-2432-1
https://exchange.xforce.ibmcloud.com/vulnerabilities/98852
https://security.gentoo.org/glsa/201602-02
https://sourceware.org/bugzilla/show_bug.cgi?id=17625
https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Ba=commitdiff%3Bh=a39208bd7fb76c1b01c127b4c61f9bfd915bfe7c
https://sourceware.org/ml/libc-alpha/2014-11/msg00519.html Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:a:gnu:glibc:2.21:*:*:*:*:*:*:*

Configuration 4 (hide)

OR cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
History

13 Feb 2023, 00:42

Type Values Removed Values Added
References
  • {'url': 'https://bugzilla.redhat.com/show_bug.cgi?id=1157689', 'name': 'https://bugzilla.redhat.com/show_bug.cgi?id=1157689', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://access.redhat.com/errata/RHSA-2015:0016', 'name': 'https://access.redhat.com/errata/RHSA-2015:0016', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://access.redhat.com/security/cve/CVE-2014-7817', 'name': 'https://access.redhat.com/security/cve/CVE-2014-7817', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://access.redhat.com/errata/RHSA-2014:2023', 'name': 'https://access.redhat.com/errata/RHSA-2014:2023', 'tags': [], 'refsource': 'MISC'}
Summary It was found that the wordexp() function would perform command substitution even when the WRDE_NOCMD flag was specified. An attacker able to provide specially crafted input to an application using the wordexp() function, and not sanitizing the input correctly, could potentially use this flaw to execute arbitrary commands with the credentials of the user running that application. The wordexp function in GNU C Library (aka glibc) 2.21 does not enforce the WRDE_NOCMD flag, which allows context-dependent attackers to execute arbitrary commands, as demonstrated by input containing "$((`...`))".

02 Feb 2023, 20:18

Type Values Removed Values Added
Summary The wordexp function in GNU C Library (aka glibc) 2.21 does not enforce the WRDE_NOCMD flag, which allows context-dependent attackers to execute arbitrary commands, as demonstrated by input containing "$((`...`))". It was found that the wordexp() function would perform command substitution even when the WRDE_NOCMD flag was specified. An attacker able to provide specially crafted input to an application using the wordexp() function, and not sanitizing the input correctly, could potentially use this flaw to execute arbitrary commands with the credentials of the user running that application.
References
  • {'url': 'https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=a39208bd7fb76c1b01c127b4c61f9bfd915bfe7c', 'name': 'https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=a39208bd7fb76c1b01c127b4c61f9bfd915bfe7c', 'tags': [], 'refsource': 'CONFIRM'}
  • (MISC) https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Ba=commitdiff%3Bh=a39208bd7fb76c1b01c127b4c61f9bfd915bfe7c -
  • (MISC) https://access.redhat.com/security/cve/CVE-2014-7817 -
  • (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1157689 -
  • (MISC) https://access.redhat.com/errata/RHSA-2014:2023 -
  • (MISC) https://access.redhat.com/errata/RHSA-2015:0016 -
Information

Published : 2014-11-24 15:59

Updated : 2023-12-10 11:31

NVD link : CVE-2014-7817

Mitre link : CVE-2014-7817

CVE.ORG link : CVE-2014-7817

JSON object : View

Products Affected

opensuse

  • opensuse

canonical

  • ubuntu_linux

debian

  • debian_linux

gnu

  • glibc
CWE
CWE-20

Improper Input Validation