Bug 909275 (CVE-2014-7208) - VUL-0: CVE-2014-7208: gparted: unsafe OS command execution
Summary: VUL-0: CVE-2014-7208: gparted: unsafe OS command execution
Status: RESOLVED WONTFIX
Alias: CVE-2014-7208
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P5 - None : Normal
Target Milestone: ---
Assignee: openSUSE GNOME
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/111425/
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2014-12-10 14:31 UTC by Alexander Bergmann
Modified: 2015-05-21 11:26 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Bergmann 2014-12-10 14:31:45 UTC 
rh#1172549

Gparted <=0.14.1 does not properly sanitize strings before passing
them as parameters to an OS command.  Those commands are executed
using root privileges.

Parameters that are being used for OS commands in GParted are normally 
determined by the user (e.g. disk labels, mount points). 
However, under certain circumstances, an attacker can use an external 
storage to inject command parameters.  These circumstances are met if 
for example an automounter uses a file system label as part of the mount
path.

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1172549
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7208
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7208
Comment 1 Dominique Leuenberger 2014-12-10 14:42:41 UTC 
Version matrix of gparted in openSUSE:

12.3: => gparted 0.14.1 (vulnerable)
13.1: => gparted 0.16.2 (no issue)
13.2: => gparted 0.19.1 (no issue)
Comment 2 Bjørn Lie 2015-05-21 11:26:10 UTC 
No current openSUSE releases affected, nor shipped on SLE, closing bug.