Command Execution Vulnerability in Bash Shell Software
CVE-2019-9924

7.8HIGH

Key Information:

Vendor
Gnu
Status
Bash
Vendor
CVE Published:
22 March 2019

Summary

The Bash shell prior to version 4.4-beta2 contains a vulnerability where rbash does not sufficiently restrict the shell user from altering the BASH_CMDS variable. This oversight allows an attacker to execute arbitrary commands with all the privileges of the shell user, potentially leading to unauthorized access and execution of sensitive operations within the system. Proper configuration and updates are recommended to mitigate this risk.

References

https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1803441
x_refsource_MISC
http://git.savannah.gnu.org/cgit/bash.git/tree/CHANGES?h=...
x_refsource_MISC
https://lists.debian.org/debian-lts-announce/2019/03/msg0...
mailing-listx_refsource_MLIST

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.