76 matches found
CVE-2019-20373
LTSP LDM through 2.18.06 allows fat-client root access because the LDMUSERNAME variable may have an empty value if the user's shell lacks support for Bourne shell syntax. This is related to a run-x-session script...
CVE-2019-20373
LTSP LDM through 2.18.06 allows fat-client root access because the LDMUSERNAME variable may have an empty value if the user's shell lacks support for Bourne shell syntax. This is related to a run-x-session script...
CVE-2019-20373
Removed by vendor...
UNIX Co-Founder Ken Thompson's BSD Password Has Finally Been Cracked
A 39-year-old password of Ken Thompson, the co-creator of the UNIX operating system among, has finally been cracked that belongs to a BSD-based system, one of the original versions of UNIX, which was back then used by various computer science pioneers. In 2014, developer Leah Neukirchen spotted a...
Scientific Linux Security Update : kdelibs and kde-settings on SL7.x x86_64 (20190903)
kdelibs: malicious desktop files and configuration files lead to code execution with minimal user interaction CVE-2019-14744 Bug Fixes: - kde.csh profile file contains bourne-shell code -- C Tenable Network Security, Inc. The descriptive text is C Scientific Linux. include'compat.inc'; if...
Debian DLA-1726-1 : bash security update
Two issues have been fixed in bash, the GNU Bourne-Again Shell : CVE-2016-9401 The popd builtin segfaulted when called with negative out of range offsets. CVE-2019-9924 Sylvain Beucler discovered that it was possible to call commands that contained a slash when in restricted mode rbash by adding...
Hashicorp Consul - Remote Command Execution via Rexec (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Hashicorp Consul Remote Command Execution via Rexec", 'Description' = %q This module exploits a feature of Hashicorp Consul named rexec. ,...
USN-3294-2: Bash vulnerability
USN-3294-1 fixed a vulnerability in Bash. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that Bash incorrectly handled the SHELLOPTS and PS4 environment variables. A local attacker could use this issue to execute arbitrary code wit...
Man In The Middle (Mitm)
bourne is vulnerable to man-in-the-middle MitM attacks. The rubygems source is deprecated because HTTP requests are insecure. A malicious user can potentially compromise the source to conduct man-in-the-middle attacks...
GNU Bourne-Again Shell (Bash) 'Shellshock' - Lenovo Support US
No description provided...
[SECURITY] Fedora 23 Update: bash-4.3.42-5.fc23
The GNU Bourne Again shell Bash is a shell or command language interpreter that is compatible with the Bourne shell sh. Bash incorporates useful features from the Korn shell ksh and the C shell csh. Most sh scripts can be run by bash without modification...
[SECURITY] Fedora 25 Update: bash-4.3.43-4.fc25
The GNU Bourne Again shell Bash is a shell or command language interpreter that is compatible with the Bourne shell sh. Bash incorporates useful features from the Korn shell ksh and the C shell csh. Most sh scripts can be run by bash without modification...
[SECURITY] Fedora 23 Update: bash-4.3.42-4.fc23
The GNU Bourne Again shell Bash is a shell or command language interpreter that is compatible with the Bourne shell sh. Bash incorporates useful features from the Korn shell ksh and the C shell csh. Most sh scripts can be run by bash without modification...
[SECURITY] Fedora 25 Update: bash-4.3.43-3.fc25
The GNU Bourne Again shell Bash is a shell or command language interpreter that is compatible with the Bourne shell sh. Bash incorporates useful features from the Korn shell ksh and the C shell csh. Most sh scripts can be run by bash without modification...
[SECURITY] Fedora 24 Update: bash-4.3.42-6.fc24
The GNU Bourne Again shell Bash is a shell or command language interpreter that is compatible with the Bourne shell sh. Bash incorporates useful features from the Korn shell ksh and the C shell csh. Most sh scripts can be run by bash without modification...
Vulnerability of Cisco Nexus 7000 software, allowing attackers to access confidential information
The GNU Bash command shell, as of version 4.3 bash43-025 and later, incorrectly handles lines that follow the declaration of a specially crafted function, which is exported as a variable. This allows a malicious actor to read and write arbitrary files, as well as perform other undefined actions...
[SECURITY] Fedora 21 Update: mksh-50f-1.fc21
mksh is the MirBSD enhanced version of the Public Domain Korn shell pdksh, a bourne-compatible shell which is largely similar to the original AT&T Korn shell. It includes bug fixes and feature improvements in order to produce a modern, robust shell good for interactive and especially script use,...
[SECURITY] Fedora 20 Update: mksh-50f-1.fc20
mksh is the MirBSD enhanced version of the Public Domain Korn shell pdksh, a bourne-compatible shell which is largely similar to the original AT&T Korn shell. It includes bug fixes and feature improvements in order to produce a modern, robust shell good for interactive and especially script use,...
[SECURITY] Fedora 22 Update: mksh-50f-1.fc22
mksh is the MirBSD enhanced version of the Public Domain Korn shell pdksh, a bourne-compatible shell which is largely similar to the original AT&T Korn shell. It includes bug fixes and feature improvements in order to produce a modern, robust shell good for interactive and especially script use,...
[SECURITY] Fedora 20 Update: mksh-50c-1.fc20
mksh is the MirBSD enhanced version of the Public Domain Korn shell pdksh, a bourne-compatible shell which is largely similar to the original AT&T Korn shell. It includes bug fixes and feature improvements in order to produce a modern, robust shell good for interactive and especially script use,...