fedora 24
shell weakness #9

4

Weakness Breakdown


Definition:

A shell weakness occurs when a program enables an attacker to execute unexpected commands on the operating system.

Warning code(s):

This causes a new program to execute and is difficult to use safely.

File Name:

EMBOSS-6.6.0/scripts/bundlewin.c

Context:

The highlighted line of code below is the trigger point of this particular Fedora 24 shell weakness.

     
    sprintf(src,"%s/emboss/index/*",basedir);
    fix_dir(src);
    
    sprintf(dest,"%s/win32build/index",newbasedir);
    fix_dir(dest);

    sprintf(command,"%s %s %s",CPR,src,dest);

    if(system(command))
    {
	fprintf(stderr,"Can't execute %s\n",command);
	exit(-1);
    }


    sprintf(src,"%s/emboss/emboss.standard",basedir);
    fix_dir(src);
    
    sprintf(dest,"%s/win32build",newbasedir);
    fix_dir(dest);

    sprintf(command,"%s %s %s",CP,src,dest);

    if(system(command))
    {
	fprintf(stderr,"Can't execute %s\n",command);
	exit(-1);
    }

    sprintf(src,"%s/emboss/server.*",basedir);
    fix_dir(src);
    
    sprintf(dest,"%s/win32build",newbasedir);
    fix_dir(dest);

    sprintf(command,"%s %s %s",CPR,src,dest);

    if(system(command))
    {
	fprintf(stderr,"Can't execute %s\n",command);
	exit(-1);
    }
    
    return;
}



 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.