fedora 23
shell weakness #24


Weakness Breakdown


A shell weakness occurs when a program enables an attacker to execute unexpected commands on the operating system.

Warning code(s):

This causes a new program to execute and is difficult to use safely.

File Name:



The highlighted line of code below is the trigger point of this particular Fedora 23 shell weakness.


SocketOutput::connect_to_server (const std::string &name)
    std::map<std::string, std::string> rest_args;
    std::string baseurl;
    rest_args["port"] = socket_pvt::default_port;
    rest_args["host"] = socket_pvt::default_host;
    if (! Strutil::get_rest_arguments (name, baseurl, rest_args)) {
        error ("Invalid 'open ()' argument: %s", name.c_str ());
        return false;

    try {
        ip::tcp::resolver resolver (io);
        ip::tcp::resolver::query query (rest_args["host"].c_str (),
                rest_args["port"].c_str ());
        ip::tcp::resolver::iterator endpoint_iterator = resolver.resolve (query);
        ip::tcp::resolver::iterator end;

        boost::system::error_code err = error::host_not_found;
        while (err && endpoint_iterator != end) {
            socket.close ();
            socket.connect (*endpoint_iterator++, err);
        if (err) {
            error ("Host \"%s\" not found", rest_args["host"].c_str ());
            return false;
    } catch (boost::system::system_error &err) {
        error ("Error while connecting: %s", err.what ());
        return false;
    } catch (...) {
        error ("Error while connecting: unknown exception");
        return false;

    return true;


The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.