Advisory ROSA-SA-2021-1802

Software: bash 4.2.46
OS: Cobalt 7.9

CVE-ID: CVE-2012-6711
CVE-Crit: HIGH
CVE-DESC: A heap-based buffer overflow exists in GNU Bash before 4.3, when broad characters not supported by the current language standard set in the LC_CTYPE environment variable are printed using the built-in echo function. A local attacker who can provide print data using the built-in “echo -e” function can exploit this vulnerability to crash a script or execute code with bash process privileges. This happens because ansicstr () in lib / sh / strtrans.c does not properly handle u32cconv ().
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2019-18276
CVE-Crit: HIGH
CVE-DESC: A problem was found in disable_priv_mode in shell.c in GNU Bash before version 5.0, patch 11. By default, if Bash runs with its effective UID not equal to its real UID, it loses privileges by setting its effective UID to its real UID. However, it does this incorrectly. On Linux and other systems that support the “saved UID” feature, the saved UID is not deleted. An attacker executing a shell command could use “enable -f” to bootstrap while executing a new built-in function, which could be a generic object that calls setuid () and therefore restores privileges. However, binaries running with an effective UID of 0 are not affected.
CVE-STATUS: default
CVE-REV: default