PT-2018-2699 · Gnu+5 · Bash+5

Sylvain Beucler

Publicado

2018-11-14

Atualizado

2022-04-05

CVE-2019-9924

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Bash versions prior to 4.4-beta2

Description The issue is related to the restricted command interpreter rbash in Bash, which is associated with insufficient checking of the BASH CMDS array values. This could allow an attacker to execute arbitrary commands. The problem arises because rbash does not prevent the shell user from modifying BASH CMDS, thus enabling the user to execute any command with the permissions of the shell.

Recommendations For versions prior to 4.4-beta2, update to version 4.4-beta2 or later to resolve the issue. As a temporary workaround, consider restricting access to the BASH CMDS array to minimize the risk of exploitation.

Correção

Missing Authorization

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-862CWE-20

Identificadores relacionados

ALT-PU-2018-2880

BDU:2019-01405

CESA-2020_1113

CVE-2019-9924

DLA-1726-1

MGASA-2019-0163

OPENSUSE-SU-2019_1178-1

RHSA-2020:1113

RHSA-2020:3474

RHSA-2020:3592

RHSA-2020:3803

RHSA-2020_1113

SUSE-SU-2019:0838-1

SUSE-SU-2019:0838-2

SUSE-SU-2019:0898-1

SUSE-SU-2019_0838-1

SUSE-SU-2019_0838-2

SUSE-SU-2019_0898-1

USN-4058-1

USN-4058-2

Produtos afetados

Alt Linux

Bash

Centos

Red Hat

Suse

Ubuntu

PT-2018-2699 · Gnu+5 · Bash+5

CVE-2019-9924

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 35