Lucene search

K

Veracode Vulnerability DatabaseVERACODE:17705

HistoryMay 02, 2019 - 5:51 a.m.

Privilege Escalation

2019-05-0205:51:56

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

5

8.4 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

Bash is vulnerable to privilege escalation. This allows to local authenticated user to inject arbitrary commands via crafted SHELLOPTS and PS4 environment variables leading to data modification and disclosure of information.

CPENameOperatorVersion
basheq4.1.2__15.el6_4.2
basheq4.1.2__29.el6_6.sjis.1
basheq4.1.2__15.el6_5.2.sjis.1
basheq4.2.46__20.el7_2.sjis.1
basheq4.1.2__15.el6_5.1
basheq4.1.2__15.el6_4.1
basheq4.1.2__40.el6_8.sjis.1
basheq4.1.2__15.el6_4
basheq4.1.2__8.el6
basheq4.1.2__9.el6_2

Rows per page:

1-10 of 561

References

rhn.redhat.com/errata/RHSA-2017-0725.html

www.openwall.com/lists/oss-security/2016/09/26/9

www.securityfocus.com/bid/93183

www.securitytracker.com/id/1037812

access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/6.9_Release_Notes/index.html

access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/6.9_Technical_Notes/index.html

access.redhat.com/errata/RHSA-2017:0725

access.redhat.com/errata/RHSA-2017:1931

access.redhat.com/security/updates/classification/#moderate

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05388115

lists.fedoraproject.org/archives/list/[email protected]/message/F7XOQSHU63Y357NHU5FPTFBM6I3YOCQB/

lists.fedoraproject.org/archives/list/[email protected]/message/OU3C756YPHDAAPFX76UGZBAQQQ5UMHS5/

lists.fedoraproject.org/archives/list/[email protected]/message/Z2VRBSIPZDZ75ZQ2DLITHUIDW4W26KVR/

lists.gnu.org/archive/html/bug-bash/2016-09/msg00018.html

security.gentoo.org/glsa/201701-02

8.4 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

Related for VERACODE:17705

fedora3 nessus34 debiancve1 ubuntu2 debian2 f51 openvas22 redhatcve1 osv2 cve1 ubuntucve1 photon1 prion1 mageia1 suse3 slackware1 gentoo1 oraclelinux2 ibm13 centos2 redhat2 amazon1 cloudfoundry1 kitploit1