This is the mail archive of the glibc-bugs@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[Bug libc/17625] wordexp fails to honour WRDE_NOCMD (CVE-2014-7817)

From: "carlos at redhat dot com" <sourceware-bugzilla at sourceware dot org>
To: glibc-bugs at sourceware dot org
Date: Wed, 19 Nov 2014 20:03:43 +0000
Subject: [Bug libc/17625] wordexp fails to honour WRDE_NOCMD (CVE-2014-7817)
Auto-submitted: auto-generated
References: <bug-17625-131 at http dot sourceware dot org/bugzilla/>

https://sourceware.org/bugzilla/show_bug.cgi?id=17625

Carlos O'Donell <carlos at redhat dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
            Summary|CVE-2014-7817               |wordexp fails to honour
                   |                            |WRDE_NOCMD (CVE-2014-7817)
              Alias|                            |CVE-2014-7817

--- Comment #1 from Carlos O'Donell <carlos at redhat dot com> ---
* CVE-2104-7817 The wordexp function could ignore the WRDE_NOCMD flag
  under certain input conditions resulting in the execution of a shell for
  command substitution when the applicaiton did not request it. The
  implementation now checks WRDE_NOCMD immediately before executing the
  shell and returns the error WRDE_CMDSUB as expected.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

References:
- [Bug libc/17625] New: CVE-2014-7817
  - From: carlos at redhat dot com

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]