CVE-2014-7817

Name of the Vulnerable Software and Affected Versions glibc versions 2.12 glibc-common versions 2.12 glibc-devel versions 2.12 glibc-debuginfo versions 2.12 glibc-debuginfo-common versions 2.12 glibc-headers versions 2.12 glibc-static versions 2.12 glibc-utils versions 2.12

Description The issue concerns multiple vulnerabilities in the glibc package, which can lead to a breach of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. The wordexp function in GNU C Library (aka glibc) does not enforce the WRDE NOCMD flag, allowing context-dependent attackers to execute arbitrary commands, as demonstrated by input containing "$((...))".

Recommendations For glibc versions 2.12, update to a newer version to mitigate the risk. For glibc-common versions 2.12, update to a newer version to mitigate the risk. For glibc-devel versions 2.12, update to a newer version to mitigate the risk. For glibc-debuginfo versions 2.12, update to a newer version to mitigate the risk. For glibc-debuginfo-common versions 2.12, update to a newer version to mitigate the risk. For glibc-headers versions 2.12, update to a newer version to mitigate the risk. For glibc-static versions 2.12, update to a newer version to mitigate the risk. For glibc-utils versions 2.12, update to a newer version to mitigate the risk. As a temporary workaround, consider restricting access to the wordexp function until a patch is available.