Bug 1172549 (CVE-2014-7208)

Summary: CVE-2014-7208 gparted: unsafe OS command execution
Product: [Other] Security Response Reporter: Vasyl Kaigorodov <vkaigoro>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED NOTABUG QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: carnil, dakingun, nonamedotc, security-response-team, vkrizan
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: GParted 0.15.0 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-01-20 14:48:48 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1133315, 1171909    
Bug Blocks:    

Description Vasyl Kaigorodov 2014-12-10 11:06:43 UTC 
Gparted <=0.14.1 does not properly sanitize strings before passing
them as parameters to an OS command.  Those commands are executed
using root privileges.

Parameters that are being used for OS commands in GParted are normally 
determined by the user (e.g. disk labels, mount points). 
However, under certain circumstances, an attacker can use an external 
storage to inject command parameters.  These circumstances are met if 
for example an automounter uses a file system label as part of the mount
path.
Comment 2 Vincent Danen 2015-01-20 14:48:48 UTC 
Both Fedora and EPEL currently provide GParted >= 0.18.0 and are as such unaffected.


External References:

http://gparted.org/news.php?item=184