CVE-2019-9924
Published: 22 March 2019
rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the user to execute any command with the permissions of the shell.
Priority
CVSS 3 base score: 7.8
Status
Package | Release | Status |
---|---|---|
bash Launchpad, Ubuntu, Debian |
Upstream |
Released
(4.4-1)
|
Ubuntu 18.04 LTS (Bionic Beaver) |
Not vulnerable
(4.4.18-2ubuntu1)
|
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Released
(4.3-14ubuntu1.4)
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Released
(4.3-7ubuntu1.8+esm1)
|
|
Patches: Upstream: http://git.savannah.gnu.org/cgit/bash.git/commit/?h=bash-4.4-testing&id=a4eef1991c25c9d1c55f777952cd522c762c6fc3 |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9924
- http://git.savannah.gnu.org/cgit/bash.git/tree/CHANGES?h=bash-4.4-testing#n65
- https://lists.gnu.org/archive/html/bug-bash/2017-03/msg00077.html
- https://usn.ubuntu.com/usn/usn-4058-1
- https://usn.ubuntu.com/usn/usn-4058-2
- NVD
- Launchpad
- Debian