alpine 3.8
shell weakness #12
Weakness Breakdown
Definition:
A shell weakness occurs when a program enables an attacker to execute unexpected commands on the operating system.
Warning code(s):
This causes a new program to execute and is difficult to use safely.
File Name:
icinga2/src/icinga2-2.8.4/lib/base/utility.cpp
Context:
The highlighted line of code below is the trigger point of this particular Alpine 3.8 shell weakness.
if (WEXITSTATUS(status) == 0) {
if (platformVersion)
*platformVersion = msgbuf.str();
}
}
/* OS X */
fp = popen("type sw_vers >/dev/null 2>&1 && sw_vers -productName 2>&1", "r");
if (fp != NULL) {
std::ostringstream msgbuf;
char line[1024];
while (fgets(line, sizeof(line), fp) != NULL)
msgbuf << line;
int status = pclose(fp);
if (WEXITSTATUS(status) == 0) {
String info = msgbuf.str();
info = info.Trim();
if (platformName)
*platformName = info;
}
}
fp = popen("type sw_vers >/dev/null 2>&1 && sw_vers -productVersion 2>&1", "r");
if (fp != NULL) {
std::ostringstream msgbuf;
char line[1024];
while (fgets(line, sizeof(line), fp) != NULL)
msgbuf << line;
int status = pclose(fp);
if (WEXITSTATUS(status) == 0) {
String info = msgbuf.str();
info = info.Trim();
if (platformVersion)
*platformVersion = info;
return true;
}
}
/* Centos/RHEL < 7 */
release.close();
release.open("/etc/redhat-release");
if (release.is_open()) {
std::string release_line;
getline(release, release_line);
