CVE-2016-7543

8.4HIGH

Key Information:

Vendor: Gnu
Status: Bash
Vendor: CVE Published:; 19 January 2017

Summary

Bash before 4.4 allows local users to execute arbitrary commands with root privileges via crafted SHELLOPTS and PS4 environment variables.

References

http://rhn.redhat.com/errata/RHSA-2017-0725.html

vendor-advisoryx_refsource_REDHAT

https://lists.fedoraproject.org/archives/list/package-ann...

vendor-advisoryx_refsource_FEDORA

https://access.redhat.com/errata/RHSA-2017:1931

vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:

8.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 19, 2017
Vulnerability Reserved
Sep 9, 2016

.