CVE-2019-9924

7.8HIGH

Key Information:

Vendor: Gnu
Status: Bash
Vendor: CVE Published:; 22 March 2019

Summary

rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the user to execute any command with the permissions of the shell.

References

https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1803441

x_refsource_MISC

http://git.savannah.gnu.org/cgit/bash.git/tree/CHANGES?h=...

x_refsource_MISC

https://lists.debian.org/debian-lts-announce/2019/03/msg0...

mailing-listx_refsource_MLIST

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 22, 2019
Vulnerability Reserved
Mar 22, 2019