GNU glibc Arbitrary Command Execution Vulnerability (CVE-2014-7817)
Release date:
Updated on:
Affected Systems:
GNU glibc
Description:
Bugtraq id: 71216
CVE (CAN) ID: CVE-2014-7817
Glibc is the implementation of C libraries in most Linux operating systems.
In some input conditions, the wordexp () function ignores the WRDE_NOCMD identifier, which causes the shell to be replaced by the executed command.
<* Source: Tim Waugh (twaugh@redhat.com)
Link: http://seclists.org/oss-sec/2014/q4/740
*>
Suggestion:
Vendor patch:
GNU
---
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.gnu.org
Git commit:
Https://sourceware.org/git/gitweb.cgi? P = glibc. git; a = commitdiff; h = a39208bd7fb76c1b01c417b4c61f9bfd915bfe7c
Refer:
Https://bugzilla.redhat.com/show_bug.cgi? Id = 1157689
Https://sourceware.org/ml/libc-alpha/2014-11/msg00519.html
Https://sourceware.org/bugzilla/show_bug.cgi? CVE-2014-7817
Upgrade glibc to 7.6 In Debian 2.15
Glibc details: click here
Glibc: click here
This article permanently updates the link address: