CVE-2019-9924 (retired)

Priority
Description
rbash in Bash before 4.4-beta2 did not prevent the shell user from
modifying BASH_CMDS, thus allowing the user to execute any command with the
permissions of the shell.
Assigned-to
mdeslaur
Package
Source: bash (LP Ubuntu Debian)
Upstream:released (4.4-1)
Ubuntu 12.04 ESM (Precise Pangolin):released (4.2-2ubuntu2.8)
Ubuntu 14.04 ESM (Trusty Tahr):released (4.3-7ubuntu1.8+esm1)
Ubuntu 16.04 LTS (Xenial Xerus):released (4.3-14ubuntu1.4)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (4.4.18-2ubuntu1)
Ubuntu 19.04 (Disco Dingo):not-affected
Ubuntu 19.10 (Eoan):not-affected
Patches:
Upstream:http://git.savannah.gnu.org/cgit/bash.git/commit/?h=bash-4.4-testing&id=a4eef1991c25c9d1c55f777952cd522c762c6fc3
More Information

Updated: 2019-08-14 14:16:02 UTC (commit b248f28b2baec34efa2d1f7c325411e21dec9937)