CVE-2017-5932

7.8HIGH

Key Information:

Vendor: Gnu
Status: Bash
Vendor: CVE Published:; 27 March 2017

Summary

The path autocompletion feature in Bash 4.4 allows local users to gain privileges via a crafted filename starting with a " (double quote) character and a command substitution metacharacter.

References

http://git.savannah.gnu.org/cgit/bash.git/commit/?id=4f74...

x_refsource_CONFIRM

https://lists.gnu.org/archive/html/bug-bash/2017-01/msg00...

mailing-listx_refsource_MLIST

http://www.openwall.com/lists/oss-security/2017/02/08/3

mailing-listx_refsource_MLIST

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 27, 2017
Vulnerability Reserved
Feb 7, 2017