CVE-2014-7208
published 2014-12-19CVE-2014-7208: GParted before 0.15.0 allows local users to execute arbitrary commands with root privileges via shell metacharacters in a crafted filesystem label.
PriorityP342high7.2CVSS 2.0
AVLACLAuNCCICAC
EXPLOIT
EPSS
1.11%
61.9th percentile
GParted before 0.15.0 allows local users to execute arbitrary commands with root privileges via shell metacharacters in a crafted filesystem label.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | gparted | < gparted 0.16.1-1 (bookworm) | gparted 0.16.1-1 (bookworm) |
| gparted | gparted | < 0.15.0 | 0.15.0 |
| gparted | gparted | >= 0 < 0.16.1-1 | 0.16.1-1 |
| gparted | gparted | >= 0 < 0.16.1-1 | 0.16.1-1 |
| gparted | gparted | >= 0 < 0.16.1-1 | 0.16.1-1 |
| gparted | gparted | >= 0 < 0.16.1-1 | 0.16.1-1 |
CVSS provenance
nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
osv7.2HIGH
vendor_debian7.2HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
GParted vulnerability
vendor_ubuntu·2015-01-14
CVE-2014-7208 GParted vulnerability
Title: GParted vulnerability
Summary: GParted could be made to run programs as an administrator.
Wolfgang Ettlinger discovered that GParted incorrectly filtered shell
metacharacters when running external commands. A local attacker could use
this issue with a crafted filesystem label to run arbitrary commands as the
administrator.
Instructions: In general, a standard system update will make all the necessary changes.
Debian
CVE-2014-7208: gparted - GParted before 0.15.0 allows local users to execute arbitrary commands with root...
vendor_debian·2014·CVSS 7.2
CVE-2014-7208 [HIGH] CVE-2014-7208: gparted - GParted before 0.15.0 allows local users to execute arbitrary commands with root...
GParted before 0.15.0 allows local users to execute arbitrary commands with root privileges via shell metacharacters in a crafted filesystem label.
Scope: local
bookworm: resolved (fixed in 0.16.1-1)
bullseye: resolved (fixed in 0.16.1-1)
forky: resolved (fixed in 0.16.1-1)
sid: resolved (fixed in 0.16.1-1)
trixie: resolved (fixed in 0.16.1-1)
GHSA
GHSA-6gcm-82p2-f4qv: GParted before 0
ghsa_unreviewed·2022-05-13
CVE-2014-7208 [HIGH] CWE-77 GHSA-6gcm-82p2-f4qv: GParted before 0
GParted before 0.15.0 allows local users to execute arbitrary commands with root privileges via shell metacharacters in a crafted filesystem label.
OSV
CVE-2014-7208: GParted before 0
osv·2014-12-19·CVSS 7.2
CVE-2014-7208 [HIGH] CVE-2014-7208: GParted before 0
GParted before 0.15.0 allows local users to execute arbitrary commands with root privileges via shell metacharacters in a crafted filesystem label.
No detection rules found.
2014-12-19
Published