Lucene search
Arch LinuxASA-201503-23HistoryMar 24, 2015 - 12:00 a.m.
util-linux: command injection
2015-03-2400:00:00
Arch Linux
lists.archlinux.org
27
0.0004 Low
EPSS
Percentile
5.1%
There is a command injection inside blkid. It uses caching files
(/dev/.blkid.tab or /run/blkid/blkid.tab) to store info about the UUID,
LABEL etc it finds on certain devices.
However, it does not strip " character, so it can be confused to build
variable names containing embedded shell metas, which it would usually
encode inside the value.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| any | any | any | util-linux | < 2.26.1-3 | UNKNOWN |
Related
nessus
nessus
GLSA-201612-14 : util-linux: Arbitrary code execution
2016-12-06 00:00:00
EulerOS 2.0 SP3 : util-linux (EulerOS-SA-2019-2061)
2019-09-24 00:00:00
openSUSE Security Update : util-linux (openSUSE-SU-2015:0066-1)
2015-01-19 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for util-linux (EulerOS-SA-2019-2061)
2020-01-23 00:00:00
Fedora Update for util-linux FEDORA-2014-16016
2014-12-05 00:00:00
Mageia: Security Advisory (MGASA-2014-0517)
2022-01-28 00:00:00
fedora
fedora
[SECURITY] Fedora 20 Update: util-linux-2.24.2-2.fc20
2014-12-04 06:24:06
[SECURITY] Fedora 21 Update: util-linux-2.25.2-2.fc21
2014-12-15 04:33:25
securityvulns
securityvulns
util-linux blkid commands injection
2015-04-19 00:00:00
[ MDVSA-2015:122 ] util-linux
2015-04-19 00:00:00
gentoo
gentoo
util-linux: Arbitrary code execution
2016-12-06 00:00:00
cvelist
cvelist
CVE-2014-9114
2017-03-31 15:00:00
debiancve
debiancve
CVE-2014-9114
2017-03-31 16:59:00
nvd
nvd
CVE-2014-9114
2017-03-31 16:59:00
cve
cve
CVE-2014-9114
2017-03-31 16:59:00
mageia
mageia
Updated util-linux packages fix CVE-2014-9114
2014-12-09 23:12:41
ubuntucve
ubuntucve
CVE-2014-9114
2017-03-31 00:00:00
prion
prion
Code injection
2017-03-31 16:59:00