CVE-2016-9401

5.5MEDIUM

Key Information:

Vendor: Gnu
Status: Bash
Vendor: CVE Published:; 23 January 2017

Summary

popd in bash might allow local users to bypass the restricted shell and cause a use-after-free via a crafted address.

References

http://rhn.redhat.com/errata/RHSA-2017-0725.html

vendor-advisoryx_refsource_REDHAT

https://access.redhat.com/errata/RHSA-2017:1931

vendor-advisoryx_refsource_REDHAT

http://www.openwall.com/lists/oss-security/2016/11/17/5

mailing-listx_refsource_MLIST

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 23, 2017
Vulnerability Reserved
Nov 17, 2016

.