#VU25547 OS Command Injection in KornShell


Published: 2020-02-24

Vulnerability identifier: #VU25547

Vulnerability risk: Low

CVSSv3.1: 7.1 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C]

CVE-ID: CVE-2019-14868

CWE-ID: CWE-78

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
KornShell
Client/Desktop applications / Software for system administration

Vendor: David Korn

Description

The vulnerability allows a local user to execute arbitrary shell commands on the target system.

The vulnerability exists in the way ksh evaluates certain environment variables . A local user can set a specially crafted environment variable and execute arbitrary OS commands on the target system.

Mitigation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

KornShell: 2020.0.0

External links
http://github.com/att/ast/commit/c7de8b641266bac7c77942239ac659edfee9ecd2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Red Hat Enterprise Linux 7.2 Advanced Update Support update for ksh
Red Hat Enterprise Linux 7.3 Advanced Update Support update for ksh
openEuler 20.03 LTS update for ksh-2020.0.0-3
Red Hat Enterprise Linux 7 update for ksh
Red Hat Enterprise Linux 7 update for ksh
Red Hat Enterprise Linux 7 update for ksh
CentOS 7 update for ksh
Red Hat update for ksh
Command injectin in KornShell (ksh)
Red Hat update for ksh