Vulnerabilities > CVE-2019-14868

047910
CVSS 7.8 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
local
low complexity
ksh-project
debian
apple
nessus

Summary

In ksh version 20120801, a flaw was found in the way it evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those environment variables could allow them to exploit this issue remotely.

Vulnerable Configurations

Part Description Count
Application
Ksh_Project
1
OS
Debian
1
OS
Apple
187

Nessus

  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-2210.NASL
    descriptionThe remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:2210 advisory. - ksh: certain environment variables interpreted as arithmetic expressions on startup, leading to code injection (CVE-2019-14868) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-05-31
    modified2020-05-20
    plugin id136713
    published2020-05-20
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/136713
    titleRHEL 7 : ksh (RHSA-2020:2210)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2020:2210. The text
    # itself is copyright (C) Red Hat, Inc.
    #
    
    
    include('compat.inc');
    
    if (description)
    {
      script_id(136713);
      script_version("1.2");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/27");
    
      script_cve_id("CVE-2019-14868");
      script_xref(name:"RHSA", value:"2020:2210");
    
      script_name(english:"RHEL 7 : ksh (RHSA-2020:2210)");
      script_summary(english:"Checks the rpm output for the updated package");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote Red Hat host is missing a security update.");
      script_set_attribute(attribute:"description", value:
    "The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in
    the RHSA-2020:2210 advisory.
    
      - ksh: certain environment variables interpreted as
        arithmetic expressions on startup, leading to code
        injection (CVE-2019-14868)
    
    Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
    number.");
      script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/77.html");
      script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2020:2210");
      script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2019-14868");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1757324");
      script_set_attribute(attribute:"solution", value:
    "Update the affected ksh package.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-14868");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_cwe_id(77);
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2020/04/02");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/05/19");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/05/20");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.4");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:rhel_aus:7.4");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:rhel_aus:7.4::server");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:rhel_e4s:7.4");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:rhel_e4s:7.4::server");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:rhel_tus:7.4");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:rhel_tus:7.4::server");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ksh");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Red Hat Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include('audit.inc');
    include('global_settings.inc');
    include('misc_func.inc');
    include('rpm.inc');
    
    if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item('Host/RedHat/release');
    if (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');
    os_ver = os_ver[1];
    if (! preg(pattern:"^7\.4([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Red Hat 7.4', 'Red Hat ' + os_ver);
    
    if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item('Host/cpu');
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);
    
    pkgs = [
        {'reference':'ksh-20120801-36.el7_4', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'el_string':'el7_4', 'rpm_spec_vers_cmp':TRUE}
    ];
    
    flag = 0;
    foreach package_array ( pkgs ) {
      reference = NULL;
      release = NULL;
      sp = NULL;
      cpu = NULL;
      el_string = NULL;
      rpm_spec_vers_cmp = NULL;
      epoch = NULL;
      if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
      if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];
      if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
      if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];
      if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
      if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
      if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
      if (reference && release) {
        if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;
      }
    }
    
    if (flag)
    {
      security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'ksh');
    }
    
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2020-0568.NASL
    descriptionAn update for ksh is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. KornShell (ksh) is a Unix shell developed by AT&T Bell Laboratories, which is backward-compatible with the Bourne shell (sh) and includes many features of the C shell. The most recent version is KSH-93. KornShell complies with the POSIX.2 standard (IEEE Std 1003.2-1992). Security Fix(es) : * ksh: certain environment variables interpreted as arithmetic expressions on startup, leading to code injection (CVE-2019-14868) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-04-09
    modified2020-02-27
    plugin id134088
    published2020-02-27
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134088
    titleCentOS 7 : ksh (CESA-2020:0568)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2020:0568 and 
    # CentOS Errata and Security Advisory 2020:0568 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(134088);
      script_version("1.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/04/08");
    
      script_cve_id("CVE-2019-14868");
      script_xref(name:"RHSA", value:"2020:0568");
    
      script_name(english:"CentOS 7 : ksh (CESA-2020:0568)");
      script_summary(english:"Checks rpm output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote CentOS host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "An update for ksh is now available for Red Hat Enterprise Linux 7.
    
    Red Hat Product Security has rated this update as having a security
    impact of Important. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available for each
    vulnerability from the CVE link(s) in the References section.
    
    KornShell (ksh) is a Unix shell developed by AT&T Bell Laboratories,
    which is backward-compatible with the Bourne shell (sh) and includes
    many features of the C shell. The most recent version is KSH-93.
    KornShell complies with the POSIX.2 standard (IEEE Std 1003.2-1992).
    
    Security Fix(es) :
    
    * ksh: certain environment variables interpreted as arithmetic
    expressions on startup, leading to code injection (CVE-2019-14868)
    
    For more details about the security issue(s), including the impact, a
    CVSS score, acknowledgments, and other related information, refer to
    the CVE page(s) listed in the References section."
      );
      # https://lists.centos.org/pipermail/centos-announce/2020-February/035647.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?fcda7f48"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected ksh package.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-14868");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:ksh");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:7");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2020/04/02");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/02/26");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/02/27");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"CentOS Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/CentOS/release");
    if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
    os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
    os_ver = os_ver[1];
    if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 7.x", "CentOS " + os_ver);
    
    if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"ksh-20120801-140.el7_7")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ksh");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-0431.NASL
    descriptionAn update for ksh is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. KornShell (ksh) is a Unix shell developed by AT&T Bell Laboratories, which is backward-compatible with the Bourne shell (sh) and includes many features of the C shell. The most recent version is KSH-93. KornShell complies with the POSIX.2 standard (IEEE Std 1003.2-1992). Security Fix(es) : * ksh: certain environment variables interpreted as arithmetic expressions on startup, leading to code injection (CVE-2019-14868) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id133516
    published2020-02-06
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133516
    titleRHEL 8 : ksh (RHSA-2020:0431)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2020:0431. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(133516);
      script_version("1.1");
      script_cvs_date("Date: 2020/02/06");
    
      script_cve_id("CVE-2019-14868");
      script_xref(name:"RHSA", value:"2020:0431");
    
      script_name(english:"RHEL 8 : ksh (RHSA-2020:0431)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "An update for ksh is now available for Red Hat Enterprise Linux 8.0
    Update Services for SAP Solutions.
    
    Red Hat Product Security has rated this update as having a security
    impact of Important. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available for each
    vulnerability from the CVE link(s) in the References section.
    
    KornShell (ksh) is a Unix shell developed by AT&T Bell Laboratories,
    which is backward-compatible with the Bourne shell (sh) and includes
    many features of the C shell. The most recent version is KSH-93.
    KornShell complies with the POSIX.2 standard (IEEE Std 1003.2-1992).
    
    Security Fix(es) :
    
    * ksh: certain environment variables interpreted as arithmetic
    expressions on startup, leading to code injection (CVE-2019-14868)
    
    For more details about the security issue(s), including the impact, a
    CVSS score, acknowledgments, and other related information, refer to
    the CVE page(s) listed in the References section."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2020:0431"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2019-14868"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Update the affected ksh, ksh-debuginfo and / or ksh-debugsource
    packages."
      );
      script_set_attribute(attribute:"risk_factor", value:"High");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ksh");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ksh-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ksh-debugsource");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:8.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2020/02/05");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/02/06");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^8\.0([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 8.0", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2020:0431";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL8", sp:"0", cpu:"x86_64", reference:"ksh-20120801-253.el8_0")) flag++;
      if (rpm_check(release:"RHEL8", sp:"0", cpu:"x86_64", reference:"ksh-debuginfo-20120801-253.el8_0")) flag++;
      if (rpm_check(release:"RHEL8", sp:"0", cpu:"x86_64", reference:"ksh-debugsource-20120801-253.el8_0")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ksh / ksh-debuginfo / ksh-debugsource");
      }
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-1332.NASL
    descriptionThe remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:1332 advisory. - ksh: certain environment variables interpreted as arithmetic expressions on startup, leading to code injection (CVE-2019-14868) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-04-23
    modified2020-04-06
    plugin id135234
    published2020-04-06
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135234
    titleRHEL 7 : ksh (RHSA-2020:1332)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2020:1332. The text
    # itself is copyright (C) Red Hat, Inc.
    #
    
    
    include('compat.inc');
    
    if (description)
    {
      script_id(135234);
      script_version("1.2");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/04/21");
    
      script_cve_id("CVE-2019-14868");
      script_xref(name:"RHSA", value:"2020:1332");
    
      script_name(english:"RHEL 7 : ksh (RHSA-2020:1332)");
      script_summary(english:"Checks the rpm output for the updated package");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote Red Hat host is missing a security update.");
      script_set_attribute(attribute:"description", value:
    "The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in
    the RHSA-2020:1332 advisory.
    
      - ksh: certain environment variables interpreted as
        arithmetic expressions on startup, leading to code
        injection (CVE-2019-14868)
    
    Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
    number.");
      script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/77.html");
      script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2020:1332");
      script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2019-14868");
      script_set_attribute(attribute:"solution", value:
    "Update the affected ksh package.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-14868");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_cwe_id(77);
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2020/04/02");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/04/06");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/04/06");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.5");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:rhel_eus:7.5");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:rhel_eus:7.5::computenode");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:rhel_eus:7.5::server");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ksh");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Red Hat Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include('audit.inc');
    include('global_settings.inc');
    include('misc_func.inc');
    include('rpm.inc');
    
    if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item('Host/RedHat/release');
    if (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');
    os_ver = os_ver[1];
    if (! preg(pattern:"^7\.5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Red Hat 7.5', 'Red Hat ' + os_ver);
    
    if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item('Host/cpu');
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);
    
    pkgs = [
        {'reference':'ksh-20120801-138.el7_5', 'sp':'5', 'cpu':'s390x', 'release':'7'},
        {'reference':'ksh-20120801-138.el7_5', 'sp':'5', 'cpu':'x86_64', 'release':'7'}
    ];
    
    flag = 0;
    foreach package_array ( pkgs ) {
      reference = NULL;
      release = NULL;
      sp = NULL;
      cpu = NULL;
      el_string = NULL;
      rpm_spec_vers_cmp = NULL;
      epoch = NULL;
      if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
      if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];
      if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
      if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];
      if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
      if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
      if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
      if (reference && release) {
        if (rpm_spec_vers_cmp) {
          if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:TRUE)) flag++;
        }
        else
        {
          if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch)) flag++;
        }
      }
    }
    
    if (flag)
    {
      security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'ksh');
    }
    
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2020-0515.NASL
    descriptionFrom Red Hat Security Advisory 2020:0515 : An update for ksh is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. KornShell (ksh) is a Unix shell developed by AT&T Bell Laboratories, which is backward-compatible with the Bourne shell (sh) and includes many features of the C shell. The most recent version is KSH-93. KornShell complies with the POSIX.2 standard (IEEE Std 1003.2-1992). Security Fix(es) : * ksh: certain environment variables interpreted as arithmetic expressions on startup, leading to code injection (CVE-2019-14868) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-04-10
    modified2020-02-19
    plugin id133780
    published2020-02-19
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133780
    titleOracle Linux 6 : ksh (ELSA-2020-0515)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2020-0515.NASL
    descriptionAn update for ksh is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. KornShell (ksh) is a Unix shell developed by AT&T Bell Laboratories, which is backward-compatible with the Bourne shell (sh) and includes many features of the C shell. The most recent version is KSH-93. KornShell complies with the POSIX.2 standard (IEEE Std 1003.2-1992). Security Fix(es) : * ksh: certain environment variables interpreted as arithmetic expressions on startup, leading to code injection (CVE-2019-14868) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-04-09
    modified2020-02-19
    plugin id133767
    published2020-02-19
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133767
    titleCentOS 6 : ksh (CESA-2020:0515)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2020-0568.NASL
    descriptionFrom Red Hat Security Advisory 2020:0568 : An update for ksh is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. KornShell (ksh) is a Unix shell developed by AT&T Bell Laboratories, which is backward-compatible with the Bourne shell (sh) and includes many features of the C shell. The most recent version is KSH-93. KornShell complies with the POSIX.2 standard (IEEE Std 1003.2-1992). Security Fix(es) : * ksh: certain environment variables interpreted as arithmetic expressions on startup, leading to code injection (CVE-2019-14868) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-04-10
    modified2020-02-25
    plugin id134020
    published2020-02-25
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134020
    titleOracle Linux 7 : ksh (ELSA-2020-0568)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2020-D940ACA772.NASL
    descriptionDo not evaluate arithmetic expressions from environment variables at startup Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-04-10
    modified2020-02-18
    plugin id133740
    published2020-02-18
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133740
    titleFedora 31 : 1:ksh (2020-d940aca772)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2020-0024_KSH.NASL
    descriptionThe remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has ksh packages installed that are affected by a vulnerability: - In ksh version 20120801, a flaw was found in the way it evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those environment variables could allow them to exploit this issue remotely. (CVE-2019-14868) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-05
    modified2020-05-27
    plugin id136902
    published2020-05-27
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/136902
    titleNewStart CGSL CORE 5.04 / MAIN 5.04 : ksh Vulnerability (NS-SA-2020-0024)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20200217_KSH_ON_SL6_X.NASL
    descriptionSecurity Fix(es) : - ksh: certain environment variables interpreted as arithmetic expressions on startup, leading to code injection (CVE-2019-14868)
    last seen2020-04-10
    modified2020-02-18
    plugin id133756
    published2020-02-18
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133756
    titleScientific Linux Security Update : ksh on SL6.x i386/x86_64 (20200217)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2020-1583.NASL
    descriptionAccording to the version of the ksh package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - In ksh version 20120801, a flaw was found in the way it evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those environment variables could allow them to exploit this issue remotely.(CVE-2019-14868) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-31
    modified2020-05-26
    plugin id136861
    published2020-05-26
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/136861
    titleEulerOS 2.0 SP8 : ksh (EulerOS-SA-2020-1583)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20200224_KSH_ON_SL7_X.NASL
    descriptionSecurity Fix(es) : ksh: certain environment variables interpreted as arithmetic expressions on startup, leading to code injection (CVE-2019-14868)
    last seen2020-04-10
    modified2020-02-26
    plugin id134069
    published2020-02-26
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134069
    titleScientific Linux Security Update : ksh on SL7.x x86_64 (20200224)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOS_HT211170.NASL
    descriptionThe remote host is running a version of macOS / Mac OS X that is 10.15.x prior to 10.15.5, 10.13.x prior to 10.13.6 Security Update 2020-003, 10.14.x prior to 10.14.6 Security Update 2020-003. It is, therefore, affected by multiple vulnerabilities: - In ksh version 20120801, a flaw was found in the way it evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those environment variables could allow them to exploit this issue remotely. (CVE-2019-14868) - In Zsh before 5.8, attackers able to execute commands can regain privileges dropped by the --no-PRIVILEGED option. Zsh fails to overwrite the saved uid, so the original privileges can be restored by executing MODULE_PATH=/dir/with/module zmodload with a module that calls setuid(). (CVE-2019-20044) - An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2. Processing a maliciously crafted image may lead to arbitrary code execution. (CVE-2020-3878) Note that Nessus has not tested for this issue but has instead relied only on the operating system
    last seen2020-06-12
    modified2020-05-28
    plugin id136930
    published2020-05-28
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/136930
    titlemacOS 10.15.x < 10.15.5 / 10.14.x < 10.14.6 Security Update 2020-003 / 10.13.x < 10.13.6 Security Update 2020-003
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-0568.NASL
    descriptionAn update for ksh is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. KornShell (ksh) is a Unix shell developed by AT&T Bell Laboratories, which is backward-compatible with the Bourne shell (sh) and includes many features of the C shell. The most recent version is KSH-93. KornShell complies with the POSIX.2 standard (IEEE Std 1003.2-1992). Security Fix(es) : * ksh: certain environment variables interpreted as arithmetic expressions on startup, leading to code injection (CVE-2019-14868) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id134025
    published2020-02-25
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134025
    titleRHEL 7 : ksh (RHSA-2020:0568)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_8B20D71649DF11EA9F7B206A8A720317.NASL
    descriptionUpstream ksh93 maintainer Siteshwar Vashisht reports : A flaw was found in the way ksh evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those environment variables could allow them to exploit this issue remotely.
    last seen2020-04-04
    modified2020-02-10
    plugin id133588
    published2020-02-10
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133588
    titleFreeBSD : ksh93 -- certain environment variables interpreted as arithmetic expressions on startup, leading to code injection (8b20d716-49df-11ea-9f7b-206a8a720317)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-0515.NASL
    descriptionAn update for ksh is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. KornShell (ksh) is a Unix shell developed by AT&T Bell Laboratories, which is backward-compatible with the Bourne shell (sh) and includes many features of the C shell. The most recent version is KSH-93. KornShell complies with the POSIX.2 standard (IEEE Std 1003.2-1992). Security Fix(es) : * ksh: certain environment variables interpreted as arithmetic expressions on startup, leading to code injection (CVE-2019-14868) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id133750
    published2020-02-18
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133750
    titleRHEL 6 : ksh (RHSA-2020:0515)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-0559.NASL
    descriptionAn update for ksh is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. KornShell (ksh) is a Unix shell developed by AT&T Bell Laboratories, which is backward-compatible with the Bourne shell (sh) and includes many features of the C shell. The most recent version is KSH-93. KornShell complies with the POSIX.2 standard (IEEE Std 1003.2-1992). Security Fix(es) : * ksh: certain environment variables interpreted as arithmetic expressions on startup, leading to code injection (CVE-2019-14868) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id133941
    published2020-02-24
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133941
    titleRHEL 8 : ksh (RHSA-2020:0559)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-1333.NASL
    descriptionThe remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:1333 advisory. - ksh: certain environment variables interpreted as arithmetic expressions on startup, leading to code injection (CVE-2019-14868) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-04-23
    modified2020-04-06
    plugin id135232
    published2020-04-06
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135232
    titleRHEL 7 : ksh (RHSA-2020:1333)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2020-A0F0EB8500.NASL
    descriptionDo not evaluate arithmetic expressions from environment variables at startup Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-04-10
    modified2020-02-18
    plugin id133739
    published2020-02-18
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133739
    titleFedora 30 : 1:ksh (2020-a0f0eb8500)

Redhat

advisories
  • bugzilla
    id1757324
    titleCVE-2019-14868 ksh: certain environment variables interpreted as arithmetic expressions on startup, leading to code injection
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 6 is installed
        ovaloval:com.redhat.rhba:tst:20111656003
      • commentksh is earlier than 0:20120801-38.el6_10
        ovaloval:com.redhat.rhsa:tst:20200515001
      • commentksh is signed with Red Hat redhatrelease2 key
        ovaloval:com.redhat.rhsa:tst:20200515002
    rhsa
    idRHSA-2020:0515
    released2020-02-17
    severityImportant
    titleRHSA-2020:0515: ksh security update (Important)
  • bugzilla
    id1757324
    titleCVE-2019-14868 ksh: certain environment variables interpreted as arithmetic expressions on startup, leading to code injection
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 8 is installed
        ovaloval:com.redhat.rhba:tst:20193384074
      • OR
        • AND
          • commentksh-debugsource is earlier than 0:20120801-253.el8_1
            ovaloval:com.redhat.rhsa:tst:20200559001
          • commentksh-debugsource is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20200559002
        • AND
          • commentksh is earlier than 0:20120801-253.el8_1
            ovaloval:com.redhat.rhsa:tst:20200559003
          • commentksh is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20200515002
    rhsa
    idRHSA-2020:0559
    released2020-02-20
    severityImportant
    titleRHSA-2020:0559: ksh security update (Important)
  • bugzilla
    id1757324
    titleCVE-2019-14868 ksh: certain environment variables interpreted as arithmetic expressions on startup, leading to code injection
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 7 is installed
        ovaloval:com.redhat.rhba:tst:20150364027
      • commentksh is earlier than 0:20120801-140.el7_7
        ovaloval:com.redhat.rhsa:tst:20200568001
      • commentksh is signed with Red Hat redhatrelease2 key
        ovaloval:com.redhat.rhsa:tst:20200515002
    rhsa
    idRHSA-2020:0568
    released2020-02-24
    severityImportant
    titleRHSA-2020:0568: ksh security update (Important)
rpms
  • ksh-0:20120801-253.el8_0
  • ksh-debuginfo-0:20120801-253.el8_0
  • ksh-debugsource-0:20120801-253.el8_0
  • ksh-0:20120801-38.el6_10
  • ksh-debuginfo-0:20120801-38.el6_10
  • ksh-0:20120801-253.el8_1
  • ksh-debuginfo-0:20120801-253.el8_1
  • ksh-debugsource-0:20120801-253.el8_1
  • ksh-0:20120801-140.el7_7
  • ksh-debuginfo-0:20120801-140.el7_7
  • ksh-0:20120801-138.el7_5
  • ksh-debuginfo-0:20120801-138.el7_5
  • ksh-0:20120801-140.el7_6
  • ksh-debuginfo-0:20120801-140.el7_6
  • ksh-0:20120801-36.el7_4
  • ksh-debuginfo-0:20120801-36.el7_4