Bugzilla – Bug 906371
VUL-0: CVE-2014-7817: glibc,glibc.i686: Command execution in wordexp() with WRDE_NOCMD specified
Last modified: 2015-07-07 08:00:33 UTC
rh#1157689 Tim Waugh from Red Hat has reported the below issue: The wordexp() function will perform command substitution even when explicitly told not to, when expanding "$((`...`))". ... #include <wordexp.h> int main (void) { wordexp_t we; return wordexp ("$((1`touch /tmp/x`))", &we, WRDE_NOCMD); } glibc-2.20-5.fc21.x86_64 ... This can allow a local authenticated attacker to execute arbitrary commands with the credentials of a process calling wordexp() on an attacker-supplied data. The RH bug discusses the impact further. References: https://bugzilla.redhat.com/show_bug.cgi?id=1157689 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7817 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7817
bugbot adjusting priority
This is probably less a glibc issue and more a issue of the programs calling it.
An update workflow for this issue was started. This issue was rated as moderate. Please submit fixed packages until 2015-02-24. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/60630
openSUSE-SU-2015:0351-1: An update that fixes four vulnerabilities is now available. Category: security (moderate) Bug References: 906371,910599,915526,916222 CVE References: CVE-2013-7423,CVE-2014-7817,CVE-2014-9402,CVE-2015-1472 Sources used: openSUSE 13.2 (src): glibc-2.19-16.5.1, glibc-testsuite-2.19-16.5.2, glibc-utils-2.19-16.5.1 openSUSE 13.1 (src): glibc-2.18-4.25.1, glibc-testsuite-2.18-4.25.2, glibc-utils-2.18-4.25.1
Apparently no packages for i686 were published, yet. Will there be RPMs for i686, too?
(In reply to Till Dörges from comment #8) They were just released.
SUSE-SU-2015:0439-1: An update that solves four vulnerabilities and has one errata is now available. Category: security (moderate) Bug References: 904461,906371,915526,916222,917072 CVE References: CVE-2013-7423,CVE-2014-7817,CVE-2014-9402,CVE-2015-1472 Sources used: SUSE Linux Enterprise Software Development Kit 11 SP3 (src): glibc-2.11.3-17.82.11 SUSE Linux Enterprise Server 11 SP3 for VMware (src): glibc-2.11.3-17.82.11 SUSE Linux Enterprise Server 11 SP3 (src): glibc-2.11.3-17.82.11 SUSE Linux Enterprise Desktop 11 SP3 (src): glibc-2.11.3-17.82.11
SUSE-SU-2015:0526-1: An update that solves four vulnerabilities and has four fixes is now available. Category: security (moderate) Bug References: 864081,905313,906371,909053,910599,915526,915985,916222 CVE References: CVE-2013-7423,CVE-2014-7817,CVE-2014-9402,CVE-2015-1472 Sources used: SUSE Linux Enterprise Software Development Kit 12 (src): glibc-2.19-20.3 SUSE Linux Enterprise Server 12 (src): glibc-2.19-20.3 SUSE Linux Enterprise Desktop 12 (src): glibc-2.19-20.3
released all of them now I think
respolve
SUSE-SU-2015:0550-1: An update that solves four vulnerabilities and has one errata is now available. Category: security (moderate) Bug References: 887022,906371,910599,916222,918233 CVE References: CVE-2013-7423,CVE-2014-7817,CVE-2014-9402,CVE-2015-1472 Sources used: SUSE Linux Enterprise Server 10 SP4 LTSS (src): glibc-2.4-31.117.1
SUSE-SU-2015:0551-1: An update that solves four vulnerabilities and has two fixes is now available. Category: security (moderate) Bug References: 887022,906371,910599,915526,916222,918233 CVE References: CVE-2013-7423,CVE-2014-7817,CVE-2014-9402,CVE-2015-1472 Sources used: SUSE Linux Enterprise Server 11 SP2 LTSS (src): glibc-2.11.3-17.45.59.1 SUSE Linux Enterprise Server 11 SP1 LTSS (src): glibc-2.11.1-0.64.1
This is an autogenerated message for OBS integration: This bug (906371) was mentioned in https://build.opensuse.org/request/show/315336 42 / glibc