CVE-2019-18276

Name of the Vulnerable Software and Affected Versions GNU Bash versions 5.0 patch 11 and earlier

Description An issue was discovered in the disable priv mode function in shell.c. By default, if Bash is run with its effective UID not equal to its real UID, it will drop privileges by setting its effective UID to its real UID. However, it does so incorrectly. On Linux and other systems that support "saved UID" functionality, the saved UID is not dropped. An attacker with command execution in the shell can use "enable -f" for runtime loading of a new builtin, which can be a shared object that calls setuid() and therefore regains privileges.

Recommendations For GNU Bash versions 5.0 patch 11 and earlier, consider disabling the disable priv mode function until a patch is available. Restrict access to the enable command with the -f option to minimize the risk of exploitation. Avoid using the enable -f command for runtime loading of new builtins until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.