Bug 1589839 (CVE-2014-5220) - CVE-2014-5220 mdadm: Improper sanitization of device names allows arbitrary command execution
Summary: CVE-2014-5220 mdadm: Improper sanitization of device names allows arbitrary c...
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2014-5220
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 1590393
TreeView+ depends on / blocked
 
Reported: 2018-06-11 13:43 UTC by Adam Mariš
Modified: 2019-09-29 14:41 UTC (History)
7 users (show)

Fixed In Version: mdadm 3.3.3
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-06-11 13:46:10 UTC
Embargoed:

Attachments (Terms of Use)

Description Adam Mariš 2018-06-11 13:43:05 UTC 
The mdcheck script of the mdadm package for openSUSE 13.2 prior to version 3.3.1-5.14.1 does not properly sanitize device names, which allows local attackers to execute arbitrary commands as root.

Bug report:

https://bugzilla.suse.com/show_bug.cgi?id=910500
Comment 1 Adam Mariš 2018-06-11 15:55:12 UTC 
Upstream patch:

https://github.com/mapcollab/mdadm/commit/979b1feb093b1c2e0f8b58716329f2da092741d4
Comment 2 Tomas Hoger 2018-06-12 21:06:20 UTC 
The mdcheck script was added to mdadm in the upstream version 3.3.1, and it was fixed via the the commit linked above in upstream version 3.3.3.
Comment 3 Tomas Hoger 2018-06-15 21:36:33 UTC 
Affected upstream versions of mdadm were included in Red Hat Enterprise Linux 6.7, 7.1, and 7.2.

However, in the Red Hat Enterprise Linux mdadm packages, the mdcheck script is only included in the /usr/share/doc/mdadm* directory and is not installed executable.  Therefore, it is not used by default, and is not expected to be commonly used.
Note You need to log in before you can comment on or make changes to this bug.