centos 6
shell weakness #5

4

Weakness Breakdown


Definition:

A shell weakness occurs when a program enables an attacker to execute unexpected commands on the operating system.

Warning code(s):

This causes a new program to execute and is difficult to use safely.

File Name:

gawk-3.1.7/vms/redirect.h

Context:

The highlighted line of code below is the trigger point of this particular Centos 6 shell weakness.

 #else
#ifdef CRTL_VER_V732
/* when overriding the version of the C library that compiler thinks is
   in use, we need to duplicate something being suppressed in <stdio.h> */
int snprintf(char *,size_t,const char *,...);
#endif
#endif
#define strerror	vms_strerror
#define strdup		vms_strdup
#define unlink		vms_unlink
#if defined(VAXC) || (defined(__GNUC__) && !defined(__alpha))
#define fstat(fd,sb)	VMS_fstat(fd,sb)
#endif
extern void  exit P((int));
extern int   open P((const char *,int,...));
extern char *strerror P((int));
extern char *strdup P((const char *str));
extern int   vms_devopen P((const char *,int));
# ifndef NO_TTY_FWRITE
#define fwrite		tty_fwrite
#define fclose		tty_fclose
extern size_t fwrite P((const void *,size_t,size_t,FILE *));
extern int    fclose P((FILE *));
# endif
extern FILE *popen P((const char *,const char *));
extern int   pclose P((FILE *));
extern void vms_arg_fixup P((int *,char ***));
/* some things not in STDC_HEADERS */
extern size_t gnu_strftime P((char *,size_t,const char *,const struct tm *));
extern int unlink P((const char *));
extern int getopt P((int,char **,char *));
extern int isatty P((int));
#ifndef fileno
extern int fileno P((FILE *));
#endif
extern int close P((int));
extern int dup P((int));
extern int dup2 P((int, int));
extern int read P((int, void *, int));
extern int getpgrp P((void));
extern void tzset P((void));

#endif	/* not VMS_POSIX and not IN_CONFIG_H */

/*vms/redirect.h*/ 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.