Vulnerability CVE-2016-7543


Published: 2017-01-19   Modified: 2017-05-08

Description:
Bash before 4.4 allows local users to execute arbitrary commands with root privileges via crafted SHELLOPTS and PS4 environment variables.

Vendor: GNU
Product: BASH 
Version: 4.3;
Vendor: Fedoraproject
Product: Fedora 
Version:
25
24
23

CVSS2 => (AV:L/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.2/10
10/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete

 References:
http://www.openwall.com/lists/oss-security/2016/09/26/9
http://www.securityfocus.com/bid/93183
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05388115
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F7XOQSHU63Y357NHU5FPTFBM6I3YOCQB/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OU3C756YPHDAAPFX76UGZBAQQQ5UMHS5/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z2VRBSIPZDZ75ZQ2DLITHUIDW4W26KVR/
https://lists.gnu.org/archive/html/bug-bash/2016-09/msg00018.html
https://security.gentoo.org/glsa/201701-02

Related CVE
CVE-2016-5391
libreswan before 3.18 allows remote attackers to cause a denial of service (NULL pointer dereference and pluto daemon restart).
CVE-2016-3696
The pulp-qpid-ssl-cfg script in Pulp before 2.8.5 allows local users to obtain the CA key.
CVE-2016-3704
Pulp before 2.8.5 uses bash's $RANDOM in an unsafe way to generate passwords.
CVE-2016-3095
server/bin/pulp-gen-ca-certificate in Pulp before 2.8.2 allows local users to read the generated private key.
CVE-2016-9961
game-music-emu before 0.6.1 mishandles unspecified integer values.
CVE-2016-9960
game-music-emu before 0.6.1 allows local users to cause a denial of service (divide by zero and process crash).
CVE-2017-8386
git-shell in git before 2.4.12, 2.5.x before 2.5.6, 2.6.x before 2.6.7, 2.7.x before 2.7.5, 2.8.x before 2.8.5, 2.9.x before 2.9.4, 2.10.x before 2.10.3, 2.11.x before 2.11.2, and 2.12.x before 2.12.3 might allow remote authenticated users to gain pr...
CVE-2016-5178
Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.143 allow remote attackers to cause a denial of service or possibly have other impact via unknown vectors.

Copyright 2017, cxsecurity.com