CVE-2014-7817
Publication date 24 November 2014
Last updated 24 July 2024
Ubuntu priority
The wordexp function in GNU C Library (aka glibc) 2.21 does not enforce the WRDE_NOCMD flag, which allows context-dependent attackers to execute arbitrary commands, as demonstrated by input containing "$((`...`))".
Status
Package | Ubuntu Release | Status |
---|---|---|
eglibc | ||
14.04 LTS trusty |
Fixed 2.19-0ubuntu6.4
|
|
glibc | ||
14.04 LTS trusty | Not in release | |
Patch details
Package | Patch details |
---|---|
glibc |
References
Related Ubuntu Security Notices (USN)
- USN-2432-1
- GNU C Library vulnerabilities
- 3 December 2014