alpine 3.6
shell weakness #94


Weakness Breakdown


A shell weakness occurs when a program enables an attacker to execute unexpected commands on the operating system.

Warning code(s):

This causes a new program to execute and is difficult to use safely.

File Name:



The highlighted line of code below is the trigger point of this particular Alpine 3.6 shell weakness.

#ifdef _WIN32
#define DLLAPI  __declspec(dllexport)

#include "fcgiapp.h"
#include "fcgios.h"
#include "fcgimisc.h"

#include "fcgi_stdio.h"

#ifndef _WIN32

extern char **environ;

#include <stdio.h>
extern int fileno(FILE *stream);

extern FILE *fdopen(int fildes, const char *type);
extern FILE *popen(const char *command, const char *type);
extern int pclose(FILE *stream);

#else /* _WIN32 */

#define popen _popen
#define pclose _pclose

#endif /* _WIN32 */

FCGI_FILE _fcgi_sF[3];

 * FCGI_Accept --
 *      Accepts a new request from the HTTP server and creates
 *      a conventional execution environment for the request.
 *      If the application was invoked as a FastCGI server,
 *      the first call to FCGI_Accept indicates that the application
 *      has completed its initialization and is ready to accept
 *      a request.  Subsequent calls to FCGI_Accept indicate that
 *      the application has completed its processing of the 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.