CVE-2019-9924
Description
rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the user to execute any command with the permissions of the shell.
Risk Information
Base Score
7.8
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.313
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| SUSE-SU-2019:0838-1(SUSE Linux Enterprise Desktop 12-SP4 ) bash-4.3-83.23.1.x86_64.rpm | Linux |
| SUSE-SU-2019:0838-1(SUSE Linux Enterprise Desktop 12-SP4 ) bash-debuginfo-4.3-83.23.1.x86_64.rpm | Linux |
| SUSE-SU-2019:0838-1(SUSE Linux Enterprise Desktop 12-SP4 ) bash-debugsource-4.3-83.23.1.x86_64.rpm | Linux |
| SUSE-SU-2019:0838-1(SUSE Linux Enterprise Desktop 12-SP4 ) bash-doc-4.3-83.23.1.noarch.rpm | Linux |
| SUSE-SU-2019:0838-1(SUSE Linux Enterprise Desktop 12-SP4 ) bash-lang-4.3-83.23.1.noarch.rpm | Linux |
| SUSE-SU-2019:0838-1(SUSE Linux Enterprise Desktop 12-SP4 ) libreadline6-6.3-83.23.1.x86_64.rpm | Linux |
| SUSE-SU-2019:0838-1(SUSE Linux Enterprise Desktop 12-SP4 ) libreadline6-32bit-6.3-83.23.1.x86_64.rpm | Linux |
| SUSE-SU-2019:0838-1(SUSE Linux Enterprise Desktop 12-SP4 ) libreadline6-debuginfo-6.3-83.23.1.x86_64.rpm | Linux |
| SUSE-SU-2019:0838-1(SUSE Linux Enterprise Desktop 12-SP4 ) libreadline6-debuginfo-32bit-6.3-83.23.1.x86_64.rpm | Linux |
| SUSE-SU-2019:0838-1(SUSE Linux Enterprise Desktop 12-SP3 ) readline-doc-6.3-83.23.1.noarch.rpm | Linux |
| GNU Bourne Again SHell (USN-4058-1) bash_4.3-14ubuntu1.4_i386.deb | Linux |
| GNU Bourne Again SHell (USN-4058-1) bash_4.3-14ubuntu1.4_amd64.deb | Linux |
| (RHSA-2020:1113) bash security update bash-4.2.46-34.el7.x86_64.rpm | Linux |
| (RHSA-2020:1113) bash security update bash-doc-4.2.46-34.el7.x86_64.rpm | Linux |
| (CESA-2020:1113) bash security update bash-4.2.46-34.el7.x86_64.rpm | Linux |
| (CESA-2020:1113) bash security update bash-doc-4.2.46-34.el7.x86_64.rpm | Linux |
| (RHSA-2020:1113)Moderate: security update bash-debuginfo-4.2.46-34.el7.x86_64.rpm | Linux |
| bash Security Update (ALAS-2020-1503) bash-4.2.46-34.amzn2.x86_64.rpm | Linux |
| bash Security Update (ALAS-2020-1503) bash-doc-4.2.46-34.amzn2.x86_64.rpm | Linux |
| Missing Authorization Vulnerability (CVE-2019-9924) | NCM |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234