What Are You Looking For?

Sign Up
Arch Linux Security Advisory ASA-201503-23
=========================================
Severity: Medium
Date    : 2015-03-24
CVE-ID  : CVE-2014-9114
Package : util-linux
Type    : command injection
Remote  : No
Link    : https://wiki.archlinux.org/index.php/CVE

Summary
======
The package util-linux before version 2.26.1-3 is vulnerable to command
injection via malicious devices.

Resolution
=========
Upgrade to 2.26.1-3.

# pacman -Syu "util-linux>=2.26.1-3"

The problem has been fixed upstream in version 2.26.

Workaround
=========
None.

Description
==========
There is a command injection inside blkid. It uses caching files
(/dev/.blkid.tab or /run/blkid/blkid.tab) to store info about the UUID,
LABEL etc it finds on certain devices.
However, it does not strip " character, so it can be confused to build
variable names containing embedded shell metas, which it would usually
encode inside the value.

Impact
=====
An attacker is able to use a specially prepared device with a malicious
label to potentially inject arbitrary shell commands when mounted with a
wrapper that uses 'blkid -o' passed to eval.

References
=========
https://seclists.org/oss-sec/2014/q4/811
https://access.redhat.com/security/cve/CVE-2014-9114
https://bugs.archlinux.org/task/43886

ArchLinux: 201503-23: util-linux: command injection

March 24, 2015

Summary

There is a command injection inside blkid. It uses caching files (/dev/.blkid.tab or /run/blkid/blkid.tab) to store info about the UUID, LABEL etc it finds on certain devices. However, it does not strip " character, so it can be confused to build variable names containing embedded shell metas, which it would usually encode inside the value.

Resolution

Upgrade to 2.26.1-3. # pacman -Syu "util-linux>=2.26.1-3"
The problem has been fixed upstream in version 2.26.

References

https://seclists.org/oss-sec/2014/q4/811 https://access.redhat.com/security/cve/CVE-2014-9114 https://bugs.archlinux.org/task/43886

Severity
Package : util-linux
Type : command injection
Remote : No
Link : https://wiki.archlinux.org/index.php/CVE

Workaround

None.

Related News

OpenSSL 3.2 Adds Support for TCP Fast Open on Linux, Argon2 KDF, and More

Nov 27, 2023

New CacheWarp AMD CPU attack lets hackers gain root in Linux VMs

Nov 15, 2023

Firefox 119 Starts to Roll Out Improved Firefox View Feature, Ramps Up Privacy and Security

Oct 25, 2023

Severe Poppler DoS Flaw Fixed

Oct 25, 2023

News

Advisories

HOWTOs

Features

Unlocking the Future of Authentication: Passkeys vs. Passwords
Empowering MSPs with Straightforward Linux Device Management
A Complete Guide to Torrenting Safely in 2024
Cloud Security Basics for Small Businesses
Scanning and Defending Networks with Nmap

About Us

Powered By

Footer Logo