Описание
rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the user to execute any command with the permissions of the shell.
Отчет
Impact of the flaw set to Moderate as restricted shell shall not be used as a security feature alone, as it is very hard to configure it properly and several bypasses exist for it. This issue did not affect the versions of bash as shipped with Red Hat Enterprise Linux 5 as they did not include support for BASH_CMDS environment variable. Red Hat Virtualization Hypervisor and Management Appliance were affected by this issue, but do not use the restricted bash shell in a way that would be exposed to attackers. Future updates may address this issue.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | bash | Not affected | ||
| Red Hat Enterprise Linux 6 | bash | Will not fix | ||
| Red Hat Enterprise Linux 8 | bash | Not affected | ||
| Red Hat Virtualization 4 | redhat-virtualization-host | Will not fix | ||
| Red Hat Virtualization 4 | rhvm-appliance | Will not fix | ||
| Red Hat Ansible Tower 3.5 for RHEL 7 | ansible-tower-35/ansible-tower | Fixed | RHBA-2020:1539 | 22.04.2020 |
| Red Hat Ansible Tower 3.6 for RHEL 7 | ansible-tower-36/ansible-tower | Fixed | RHBA-2020:1540 | 22.04.2020 |
| Red Hat Enterprise Linux 7 | bash | Fixed | RHSA-2020:1113 | 31.03.2020 |
| Red Hat Enterprise Linux 7.4 Advanced Update Support | bash | Fixed | RHSA-2020:3803 | 22.09.2020 |
| Red Hat Enterprise Linux 7.4 Telco Extended Update Support | bash | Fixed | RHSA-2020:3803 | 22.09.2020 |
Показывать по
Дополнительная информация
Статус:
7.8 High
CVSS3
Связанные уязвимости
rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the user to execute any command with the permissions of the shell.
rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the user to execute any command with the permissions of the shell.
rbash in Bash before 4.4-beta2 did not prevent the shell user from mod ...
7.8 High
CVSS3