CVE-2016-0634

Опубликовано: 16 окт. 2015

Источник: redhat

CVSS3: 4.9

CVSS2: 3.7

EPSS Низкий

Описание

The expansion of '\h' in the prompt string in bash 4.3 allows remote authenticated users to execute arbitrary code via shell metacharacters placed in 'hostname' of a machine.

An arbitrary command injection flaw was found in the way bash processed the hostname value. A malicious DHCP server could use this flaw to execute arbitrary commands on the DHCP client machines running bash under specific circumstances.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 5	bash	Will not fix
Red Hat Enterprise Linux 6	bash	Fixed	RHSA-2017:0725	21.03.2017
Red Hat Enterprise Linux 7	bash	Fixed	RHSA-2017:1931	01.08.2017

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

https://bugzilla.redhat.com/show_bug.cgi?id=1377613bash: Arbitrary code execution via malicious hostname

EPSS

Процентиль: 80%

0.01448

Низкий

4.9 Medium

CVSS3

3.7 Low

CVSS2

Связанные уязвимости

CVE-2016-0634

CVSS3: 7.5

ubuntu

около 8 лет назад

The expansion of '\h' in the prompt string in bash 4.3 allows remote authenticated users to execute arbitrary code via shell metacharacters placed in 'hostname' of a machine.

CVE-2016-0634

CVSS3: 7.5

nvd

около 8 лет назад

The expansion of '\h' in the prompt string in bash 4.3 allows remote authenticated users to execute arbitrary code via shell metacharacters placed in 'hostname' of a machine.

CVE-2016-0634

CVSS3: 7.5

debian

около 8 лет назад

The expansion of '\h' in the prompt string in bash 4.3 allows remote a ...

GHSA-h2ww-3j54-pccx

CVSS3: 7.5

github

больше 3 лет назад

The expansion of '\h' in the prompt string in bash 4.3 allows remote authenticated users to execute arbitrary code via shell metacharacters placed in 'hostname' of a machine.

openSUSE-SU-2018:1419-1

suse-cvrf

больше 7 лет назад

Security update for bash

EPSS

Процентиль: 80%

0.01448

Низкий

4.9 Medium

CVSS3

3.7 Low

CVSS2