bug-bash
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

GNU Bash profile code execution vulnerability enquiry


From: Rachel Alderman
Subject: GNU Bash profile code execution vulnerability enquiry
Date: Wed, 28 Oct 2020 17:11:42 +0000

Hi Bash Maintainers,

I've been made aware of a GNU Bash profile code execution vulnerability 
https://exchange.xforce.ibmcloud.com/vulnerabilities/173116 reported last 
December (2019-12-16)
Description: GNU Bash could allow a remote attacker to execute arbitrary 
code on the system, caused by improper access control by the Bash profile. 
By persuading a victim to open the Bash terminal, an attacker could 
exploit this vulnerability to execute arbitrary code on the system. 
https://packetstormsecurity.com/files/155687
CVSS Base Score: 8.8
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
There is no CVE identifier associated with the vulnerability and I've been 
unable to determine whether there is a remediation available. Is anyone 
aware of this vulnerability and where it may be tracked in Gnu Bash?

Many Thanks
Rachel

Rachel Alderman
IBM Cloud Kubernetes Security Compliance 
IBM United Kingdom Limited,
Mailpoint 211, Hursley,
Winchester, SO21 2JN.
Email: rachel_alderman@uk.ibm.com

I work part-time and my working days are Wednesday, Thursday and Friday.

IBM United Kingdom Limited 
Registered in England and Wales with number 741598 
Registered office: PO Box 41, North Harbour, Portsmouth, Hants. PO6 3AU 
Unless stated otherwise above:
IBM United Kingdom Limited - Registered in England and Wales with number 
741598. 
Registered office: PO Box 41, North Harbour, Portsmouth, Hampshire PO6 3AU

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature


reply via email to

[Prev in Thread] Current Thread [Next in Thread]