CVE-2016-7543

Опубликовано: 16 сент. 2016

Источник: redhat

CVSS3: 7

CVSS2: 6.9

EPSS Низкий

Описание

Bash before 4.4 allows local users to execute arbitrary commands with root privileges via crafted SHELLOPTS and PS4 environment variables.

An arbitrary command injection flaw was found in the way bash processed the SHELLOPTS and PS4 environment variables. A local, authenticated attacker could use this flaw to exploit poorly written setuid programs to elevate their privileges under certain circumstances.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 5	bash	Will not fix
Red Hat Enterprise Linux 6	bash	Fixed	RHSA-2017:0725	21.03.2017
Red Hat Enterprise Linux 7	bash	Fixed	RHSA-2017:1931	01.08.2017

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-77

https://bugzilla.redhat.com/show_bug.cgi?id=1379630bash: Specially crafted SHELLOPTS+PS4 variables allows command substitution

EPSS

Процентиль: 29%

0.00101

Низкий

7 High

CVSS3

6.9 Medium

CVSS2

Связанные уязвимости

CVE-2016-7543

CVSS3: 8.4

ubuntu

почти 9 лет назад

Bash before 4.4 allows local users to execute arbitrary commands with root privileges via crafted SHELLOPTS and PS4 environment variables.

CVE-2016-7543

CVSS3: 8.4

nvd

почти 9 лет назад

Bash before 4.4 allows local users to execute arbitrary commands with root privileges via crafted SHELLOPTS and PS4 environment variables.

CVE-2016-7543

CVSS3: 8.4

debian

почти 9 лет назад

Bash before 4.4 allows local users to execute arbitrary commands with ...

GHSA-6xh6-xvh9-w4h5

CVSS3: 8.4

github

больше 3 лет назад

Bash before 4.4 allows local users to execute arbitrary commands with root privileges via crafted SHELLOPTS and PS4 environment variables.

openSUSE-SU-2018:1419-1

suse-cvrf

больше 7 лет назад

Security update for bash

EPSS

Процентиль: 29%

0.00101

Низкий

7 High

CVSS3

6.9 Medium

CVSS2