The wordexp function in GNU C Library (aka glibc) 2.21 does not enforce the WRDE_NOCMD flag, which allows context-dependent malicious users to execute arbitrary commands, as demonstrated by input containing "$((`...`))".
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
canonical ubuntu linux 12.04 |
||
canonical ubuntu linux 14.10 |
||
canonical ubuntu linux 14.04 |
||
canonical ubuntu linux 10.04 |
||
debian debian linux 7.0 |
||
gnu glibc 2.21 |
||
opensuse opensuse 13.1 |
||
opensuse opensuse 13.2 |