Main Vulnerability Database SB2019032210

SB2019032210 - Input validation error in GNU Bash

Published: March 22, 2019 Updated: October 15, 2019

Security Bulletin ID SB2019032210

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Input validation error (CVE-ID: CVE-2019-9924)

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to "rbash" does not prevent the shell user from modifying BASH_CMDS. A local authenticate user can execute any command with the permissions of the shell.

Remediation

Install update from vendor's website.

References

http://git.savannah.gnu.org/cgit/bash.git/tree/CHANGES?h=bash-4.4-testing#n65
https://security.netapp.com/advisory/ntap-20190411-0001/