Note:
This project will be discontinued after December 13, 2021. [more]
2014-12-19
GParted before 0.15.0 allows local users to execute arbitrary commands with root privileges via shell metacharacters in a crafted filesystem label.
Products | Gparted |
Type | Improper Neutralization of Special Elements used in a Command ('Command Injection') (CWE-77) |
First patch | - None (likely due to unavailable code) |
Links |
• http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
• http://seclists.org/fulldisclosure/2014/Dec/77 |