First published: Fri Mar 22 2019(Updated: )
Bash could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by the failure to prevent the shell user from modifying BASH_CMDS in the rbash. By modifying BASH_CMDS, an attacker could exploit this vulnerability to execute arbitrary commands on the system with the permissions of the shell.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
GNU Bash | <4.4 | |
GNU Bash | =4.4-beta1 | |
Debian Debian Linux | =8.0 | |
openSUSE Leap | =42.3 | |
Netapp Hci Management Node | ||
Netapp Solidfire | ||
Canonical Ubuntu Linux | =12.04 | |
Canonical Ubuntu Linux | =14.04 | |
Canonical Ubuntu Linux | =16.04 | |
IBM Data Risk Manager | <=2.0.6 | |
ubuntu/bash | <4.3-7ubuntu1.8+ | 4.3-7ubuntu1.8+ |
ubuntu/bash | <4.4-1 | 4.4-1 |
ubuntu/bash | <4.3-14ubuntu1.4 | 4.3-14ubuntu1.4 |
debian/bash | 5.1-2+deb11u1 5.2.15-2 5.2.32-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this vulnerability is CVE-2019-9924.
The severity level of CVE-2019-9924 is high.
The affected software for CVE-2019-9924 includes Debian/bash, IBM Data Risk Manager, Ubuntu/bash, GNU Bash, openSUSE Leap, Netapp Hci Management Node, Netapp Solidfire, Canonical Ubuntu Linux.
To fix CVE-2019-9924 on Debian/bash, you can apply the recommended patches provided by the Debian security team.
You can find more information about CVE-2019-9924 on the following references: [link1], [link2], [link3].