CVE-2016-0634: OS Command Injection
First published: Tue Sep 20 2016(Updated: )
A vulnerability was found in a way bash expands the $HOSTNAME. Injecting the hostname with malicious code would cause it to run each time bash expanded \h in the prompt string. References: <a href="http://seclists.org/oss-sec/2016/q3/528">http://seclists.org/oss-sec/2016/q3/528</a> Ubuntu bug: <a href="https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1507025">https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1507025</a>
Credit: secalert_us@oracle.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GNU Bash | =4.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://rhn.redhat.com/errata/RHSA-2017-0725.html
- http://www.openwall.com/lists/oss-security/2016/09/16/12
- http://www.openwall.com/lists/oss-security/2016/09/16/8
- http://www.openwall.com/lists/oss-security/2016/09/18/11
- http://www.openwall.com/lists/oss-security/2016/09/19/7
- http://www.openwall.com/lists/oss-security/2016/09/20/1
- http://www.openwall.com/lists/oss-security/2016/09/27/9
- http://www.openwall.com/lists/oss-security/2016/09/29/27
- http://www.openwall.com/lists/oss-security/2016/10/07/6
- http://www.openwall.com/lists/oss-security/2016/10/10/3
- http://www.openwall.com/lists/oss-security/2016/10/10/4
- http://www.securityfocus.com/bid/92999
- https://access.redhat.com/errata/RHSA-2017:1931
- https://bugzilla.redhat.com/show_bug.cgi?id=1377613
- https://security.gentoo.org/glsa/201612-39
- http://seclists.org/oss-sec/2016/q3/528
- https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1507025
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1377614
- http://openwall.com/lists/oss-security/2016/09/16/18
- http://seclists.org/oss-sec/2016/q3/538
- https://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-047
- https://rhn.redhat.com/errata/RHSA-2017-0725.html
Frequently Asked Questions
What is the severity of CVE-2016-0634?
CVE-2016-0634 is considered a medium severity vulnerability, potentially allowing remote code execution.
How do I fix CVE-2016-0634?
To fix CVE-2016-0634, update GNU Bash to version 4.3 or later.
What systems are affected by CVE-2016-0634?
CVE-2016-0634 affects systems running GNU Bash version 4.3 specifically.
What is the nature of the vulnerability in CVE-2016-0634?
CVE-2016-0634 is a vulnerability in how Bash expands the $HOSTNAME variable, which allows for code injection.
Can CVE-2016-0634 be exploited remotely?
Yes, CVE-2016-0634 can potentially be exploited remotely by manipulating the hostname.
- agent/type
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2016-0634
- agent/remedy
- agent/softwarecombine
- agent/severity
- agent/author
- agent/references
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/gnu
- canonical/gnu bash
- version/gnu bash/4.3