This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug libc/17625] wordexp fails to honour WRDE_NOCMD (CVE-2014-7817)
- From: "carlos at redhat dot com" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sourceware dot org
- Date: Wed, 19 Nov 2014 20:03:43 +0000
- Subject: [Bug libc/17625] wordexp fails to honour WRDE_NOCMD (CVE-2014-7817)
- Auto-submitted: auto-generated
- References: <bug-17625-131 at http dot sourceware dot org/bugzilla/>
https://sourceware.org/bugzilla/show_bug.cgi?id=17625
Carlos O'Donell <carlos at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Summary|CVE-2014-7817 |wordexp fails to honour
| |WRDE_NOCMD (CVE-2014-7817)
Alias| |CVE-2014-7817
--- Comment #1 from Carlos O'Donell <carlos at redhat dot com> ---
* CVE-2104-7817 The wordexp function could ignore the WRDE_NOCMD flag
under certain input conditions resulting in the execution of a shell for
command substitution when the applicaiton did not request it. The
implementation now checks WRDE_NOCMD immediately before executing the
shell and returns the error WRDE_CMDSUB as expected.
--
You are receiving this mail because:
You are on the CC list for the bug.