Vulnerability CVE-2016-7543


Published: 2017-01-19   Modified: 2017-07-24

Description:
Bash before 4.4 allows local users to execute arbitrary commands with root privileges via crafted SHELLOPTS and PS4 environment variables.

Vendor: GNU
Product: BASH 
Version: 4.3;
Vendor: Fedoraproject
Product: Fedora 
Version:
25
24
23

CVSS2 => (AV:L/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.2/10
10/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete

 References:
http://www.openwall.com/lists/oss-security/2016/09/26/9
http://www.securityfocus.com/bid/93183
http://www.securitytracker.com/id/1037812
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05388115
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F7XOQSHU63Y357NHU5FPTFBM6I3YOCQB/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OU3C756YPHDAAPFX76UGZBAQQQ5UMHS5/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z2VRBSIPZDZ75ZQ2DLITHUIDW4W26KVR/
https://lists.gnu.org/archive/html/bug-bash/2016-09/msg00018.html
https://security.gentoo.org/glsa/201701-02

Related CVE
CVE-2017-13704
In dnsmasq before 2.78, if the DNS packet size does not match the expected size, the size parameter in a memset call gets a negative value. As it is an unsigned value, memset ends up writing up to 0xffffffff zero's (0xffffffffffffffff in 64 bit platf...
CVE-2015-5070
The (1) filesystem::get_wml_location function in filesystem.cpp and (2) is_legal_file function in filesystem_boost.cpp in Battle for Wesnoth before 1.12.4 and 1.13.x before 1.13.1, when a case-insensitive filesystem is used, allow remote attackers to...
CVE-2015-5069
The (1) filesystem::get_wml_location function in filesystem.cpp and (2) is_legal_file function in filesystem_boost.cpp in Battle for Wesnoth before 1.12.3 and 1.13.x before 1.13.1 allow remote attackers to obtain sensitive information via vectors rel...
CVE-2015-5704
scripts/licensecheck.pl in devscripts before 2.15.7 allows local users to execute arbitrary shell commands.
CVE-2017-12170
Downstream version 1.0.46-1 of pure-ftpd as shipped in Fedora was vulnerable to packaging error due to which the original configuration was ignored after update and service started running with default configuration. This has security implications be...
CVE-2015-5607
Cross-site request forgery in the REST API in IPython 2 and 3.
CVE-2015-3420
The ssl-proxy-openssl.c function in Dovecot before 2.2.17, when SSLv3 is disabled, allow remote attackers to cause a denial of service (login process crash) via vectors related to handshake failures.
CVE-2015-1854
389 Directory Server before 1.3.3.10 allows attackers to bypass intended access restrictions and modify directory entries via a crafted ldapmodrdn call.

Copyright 2017, cxsecurity.com

 

Back to Top