CVE-2014-7817

The wordexp function in GNU C Library (aka glibc) 2.21 does not enforce the WRDE_NOCMD flag, which allows context-dependent attackers to execute arbitrary commands, as demonstrated by input containing "$((`…`))".

Date published : 2014-11-24

http://www.securityfocus.com/bid/71216

http://linux.oracle.com/errata/ELSA-2015-0016.html