[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
GNU Bash profile code execution vulnerability enquiry
|
From: |
Rachel Alderman |
|
Subject: |
GNU Bash profile code execution vulnerability enquiry |
|
Date: |
Wed, 28 Oct 2020 17:11:42 +0000 |
Hi Bash Maintainers,
I've been made aware of a GNU Bash profile code execution vulnerability
https://exchange.xforce.ibmcloud.com/vulnerabilities/173116 reported last
December (2019-12-16)
Description: GNU Bash could allow a remote attacker to execute arbitrary
code on the system, caused by improper access control by the Bash profile.
By persuading a victim to open the Bash terminal, an attacker could
exploit this vulnerability to execute arbitrary code on the system.
https://packetstormsecurity.com/files/155687
CVSS Base Score: 8.8
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
There is no CVE identifier associated with the vulnerability and I've been
unable to determine whether there is a remediation available. Is anyone
aware of this vulnerability and where it may be tracked in Gnu Bash?
Many Thanks
Rachel
Rachel Alderman
IBM Cloud Kubernetes Security Compliance
IBM United Kingdom Limited,
Mailpoint 211, Hursley,
Winchester, SO21 2JN.
Email: rachel_alderman@uk.ibm.com
I work part-time and my working days are Wednesday, Thursday and Friday.
IBM United Kingdom Limited
Registered in England and Wales with number 741598
Registered office: PO Box 41, North Harbour, Portsmouth, Hants. PO6 3AU
Unless stated otherwise above:
IBM United Kingdom Limited - Registered in England and Wales with number
741598.
Registered office: PO Box 41, North Harbour, Portsmouth, Hampshire PO6 3AU
smime.p7s
Description: S/MIME Cryptographic Signature
- GNU Bash profile code execution vulnerability enquiry,
Rachel Alderman <=