alpine 3.6
shell weakness #14


Weakness Breakdown


A shell weakness occurs when a program enables an attacker to execute unexpected commands on the operating system.

Warning code(s):

This causes a new program to execute and is difficult to use safely.

File Name:



The highlighted line of code below is the trigger point of this particular Alpine 3.6 shell weakness.

	/* get the payload type */

	if (fseek (stream, offset, SEEK_SET) != 0) {
		fclose (stream);
		return 1;
	if (fread (bytes, 1, 8, stream) == 0) {
		fclose (stream);
		return 1;
	mime_type = get_mime_type_from_magic_numbers ((char *)bytes);
	if (mime_type == NULL)
		archive_command = "lzma -dc";
	else if (strcmp (mime_type, "application/x-xz") == 0)
		archive_command = "xz -dc";
	else if (strcmp (mime_type, "application/x-gzip") == 0)
		archive_command = "gzip -dc";
		archive_command = "bzip2 -dc";
	fclose (stream);

	command = g_strdup_printf ("sh -c \"dd if=%s ibs=%u skip=1 2>/dev/null | %s | cpio %s\"", g_shell_quote (filename), offset, archive_command, cpio_args->str);

	return system (command);

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.