CVE-2014-7208 : GParted before 0.15.0 allows local users to execute arbitrary commands with root

GParted before 0.15.0 allows local users to execute arbitrary commands with root privileges via shell metacharacters in a crafted filesystem label.

Published 2014-12-19 15:59:08

Updated 2025-04-12 10:46:41

Source Debian GNU/Linux

View at NVD, CVE.org

Products affected by CVE-2014-7208

Gparted » Gparted
Versions before (<) 0.15.0
cpe:2.3:a:gparted:gparted:*:*:*:*:*:*:*:*
Matching versions

EPSS FAQ

0.53%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 65 %

Percentile, the proportion of vulnerabilities that are scored at or less

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.2	HIGH	AV:L/AC:L/Au:N/C:C/I:C/A:C	3.9	10.0	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

Assigned by: nvd@nist.gov (Primary)

http://seclists.org/fulldisclosure/2014/Dec/77

Full Disclosure: SEC Consult SA-20141218-1 :: OS command execution vulnerability in GParted
Exploit;Mailing List;Third Party Advisory
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html

Oracle Bulletin Board Update - January 2015
Third Party Advisory

CVEs referencing this url

Jump to