Bug 1691774 (CVE-2019-9924)
Summary: | CVE-2019-9924 bash: BASH_CMD is writable in restricted bash shells | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Dhananjay Arunesh <darunesh> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | admiller, bmcclain, dblechte, dfediuck, eedri, gsuckevi, kasal, kdudka, markdenihan, mgoldboi, michal.skrivanek, sbonazzo, sherold, svashisht, yturgema |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2020-03-31 22:33:46 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1691775, 1693181, 1829558, 1837053, 1837054 | ||
Bug Blocks: | 1691776 |
Description
Dhananjay Arunesh
2019-03-22 13:48:59 UTC
Created bash tracking bugs for this issue: Affects: fedora-all [bug 1691775] An attacker can execute binaries with / in their names even when bash is used as a Restricted Shell, by abusing the environment variable BASH_CMDS. Is there any plan to have this moderate issue patched on RHEL7? If so is there any ETA on that patch's availability? This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:1113 https://access.redhat.com/errata/RHSA-2020:1113 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-9924 Statement: Impact of the flaw set to Moderate as restricted shell shall not be used as a security feature alone, as it is very hard to configure it properly and several bypasses exist for it. This issue did not affect the versions of bash as shipped with Red Hat Enterprise Linux 5 as they did not include support for BASH_CMDS environment variable. Red Hat Virtualization Hypervisor and Management Appliance were affected by this issue, but do not use the restricted bash shell in a way that would be exposed to attackers. Future updates may address this issue. This issue has been addressed in the following products: Red Hat Enterprise Linux 7.6 Extended Update Support Via RHSA-2020:3474 https://access.redhat.com/errata/RHSA-2020:3474 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.7 Extended Update Support Via RHSA-2020:3592 https://access.redhat.com/errata/RHSA-2020:3592 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.4 Advanced Update Support Red Hat Enterprise Linux 7.4 Telco Extended Update Support Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions Via RHSA-2020:3803 https://access.redhat.com/errata/RHSA-2020:3803 |