alpine 3.6
shell weakness #41


Weakness Breakdown


A shell weakness occurs when a program enables an attacker to execute unexpected commands on the operating system.

Warning code(s):

This causes a new program to execute and is difficult to use safely.

File Name:



The highlighted line of code below is the trigger point of this particular Alpine 3.6 shell weakness.

 extern aptr_t memchr(const aptr_t, int, size_t);
extern int memcmp(const aptr_t, const aptr_t, size_t);
#endif /* ! defined(HAVE_STRING_H) && ! defined(HAVE_STRINGS_H) */

#ifndef VMS
extern char *strerror(int);
extern char *strerror(int,...);

#if ! defined(__GNU_LIBRARY__)
extern size_t strftime(char *, size_t, const char *, const struct tm *);
extern time_t time(time_t *);

extern FILE *fdopen(int, const char *);
extern int fprintf(FILE *, const char *, ...); 
#if ! defined(__GNU_LIBRARY__)
extern size_t fwrite(const aptr_t, size_t, size_t, FILE *);
extern int fputs(const char *, FILE *);
extern int unlink(const char *);
extern int fflush(FILE *);
extern int fclose(FILE *);
extern FILE *popen(const char *, const char *);
extern int pclose(FILE *);
extern void abort();
extern int isatty(int);
extern void exit(int);
extern int system(const char *);
extern int sscanf(const char *, const char *, ...);
#ifndef toupper
extern int toupper(int);
#ifndef tolower
extern int tolower(int);

extern double pow(double x, double y);
extern double atof(const char *);
extern double strtod(const char *, char **);
extern int fstat(int, struct stat *);
extern int stat(const char *, struct stat *);
extern off_t lseek(int, off_t, int);
extern int close(int);
extern int creat(const char *, mode_t);
extern int open(const char *, int, ...);
extern int pipe(int *);
extern int dup(int);
extern int dup2(int,int); 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.