Your submission was sent successfully! Close

CVE-2017-5932

Published: 27 March 2017

The path autocompletion feature in Bash 4.4 allows local users to gain privileges via a crafted filename starting with a " (double quote) character and a command substitution metacharacter.

Priority

Medium

CVSS 3 base score: 7.8

Status

Package Release Status
bash
Launchpad, Ubuntu, Debian
Upstream
Released (4.4-3)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(code not present)
Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable
(code not present)
Patches:
Upstream: https://ftp.gnu.org/gnu/bash/bash-4.4-patches/bash44-007