Vulnerabilities > CVE-2019-9924 - Missing Authorization vulnerability in multiple products
Attack vector
LOCAL Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the user to execute any command with the permissions of the shell.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | Gnu
| 33 |
Application | 2 | |
OS | 1 | |
OS | 1 | |
OS | 3 |
Common Weakness Enumeration (CWE)
Nessus
NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1563.NASL description According to the version of the bash package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the user to execute any command with the permissions of the shell.(CVE-2019-9924) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-06 modified 2019-05-29 plugin id 125490 published 2019-05-29 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125490 title EulerOS 2.0 SP2 : bash (EulerOS-SA-2019-1563) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(125490); script_version("1.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/04"); script_cve_id( "CVE-2019-9924" ); script_name(english:"EulerOS 2.0 SP2 : bash (EulerOS-SA-2019-1563)"); script_summary(english:"Checks the rpm output for the updated package."); script_set_attribute(attribute:"synopsis", value: "The remote EulerOS host is missing a security update."); script_set_attribute(attribute:"description", value: "According to the version of the bash package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the user to execute any command with the permissions of the shell.(CVE-2019-9924) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues."); # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1563 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?690cd50f"); script_set_attribute(attribute:"solution", value: "Update the affected bash package."); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"patch_publication_date", value:"2019/05/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/29"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:bash"); script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Huawei Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp"); script_exclude_keys("Host/EulerOS/uvp_version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/EulerOS/release"); if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS"); if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0"); sp = get_kb_item("Host/EulerOS/sp"); if (isnull(sp) || sp !~ "^(2)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP2"); uvp = get_kb_item("Host/EulerOS/uvp_version"); if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP2", "EulerOS UVP " + uvp); if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu); flag = 0; pkgs = ["bash-4.2.46-28.h3"]; foreach (pkg in pkgs) if (rpm_check(release:"EulerOS-2.0", sp:"2", reference:pkg)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "bash"); }
NASL family Scientific Linux Local Security Checks NASL id SL_20200407_BASH_ON_SL7_X.NASL description * bash: BASH_CMD is writable in restricted bash shells last seen 2020-04-30 modified 2020-04-21 plugin id 135800 published 2020-04-21 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/135800 title Scientific Linux Security Update : bash on SL7.x x86_64 (20200407) NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-0838-2.NASL description This update for bash fixes the following issues : Security issue fixed : CVE-2019-9924: Fixed a vulnerability in which shell did not prevent user BASH_CMDS allowing the user to execute any command with the permissions of the shell (bsc#1130324). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 126524 published 2019-07-08 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126524 title SUSE SLES12 Security Update : bash (SUSE-SU-2019:0838-2) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1609.NASL description According to the version of the bash package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the user to execute any command with the permissions of the shell.(CVE-2019-9924) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 125561 published 2019-05-30 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125561 title EulerOS Virtualization 3.0.1.0 : bash (EulerOS-SA-2019-1609) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2020-1113.NASL description The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:1113 advisory. - bash: BASH_CMD is writable in restricted bash shells (CVE-2019-9924) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-04-23 modified 2020-04-01 plugin id 135062 published 2020-04-01 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/135062 title RHEL 7 : bash (RHSA-2020:1113) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-4058-1.NASL description It was discovered that Bash incorrectly handled the restricted shell. An attacker could possibly use this issue to escape restrictions and execute any command. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 126748 published 2019-07-16 reporter Ubuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126748 title Ubuntu 16.04 LTS : bash vulnerability (USN-4058-1) NASL family Debian Local Security Checks NASL id DEBIAN_DLA-1726.NASL description Two issues have been fixed in bash, the GNU Bourne-Again Shell : CVE-2016-9401 The popd builtin segfaulted when called with negative out of range offsets. CVE-2019-9924 Sylvain Beucler discovered that it was possible to call commands that contained a slash when in restricted mode (rbash) by adding them to the BASH_CMDS array. For Debian 8 last seen 2020-06-01 modified 2020-06-02 plugin id 123093 published 2019-03-26 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123093 title Debian DLA-1726-1 : bash security update NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1565.NASL description According to the version of the bash package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the user to execute any command with the permissions of the shell.(CVE-2019-9924) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-06 modified 2019-05-29 plugin id 125492 published 2019-05-29 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125492 title EulerOS 2.0 SP5 : bash (EulerOS-SA-2019-1565) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2020-1113.NASL description The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:1113 advisory. - bash: BASH_CMD is writable in restricted bash shells (CVE-2019-9924) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-06 modified 2020-04-10 plugin id 135339 published 2020-04-10 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/135339 title CentOS 7 : bash (CESA-2020:1113) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1564.NASL description According to the version of the bash package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the user to execute any command with the permissions of the shell.(CVE-2019-9924) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-06 modified 2019-05-29 plugin id 125491 published 2019-05-29 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125491 title EulerOS 2.0 SP3 : bash (EulerOS-SA-2019-1564) NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2019-1_0-0229_BASH.NASL description An update of the bash package has been released. last seen 2020-06-01 modified 2020-06-02 plugin id 124869 published 2019-05-14 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124869 title Photon OS 1.0: Bash PHSA-2019-1.0-0229 NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1621.NASL description According to the version of the bash package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the user to execute any command with the permissions of the shell.(CVE-2019-9924) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 125573 published 2019-05-30 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125573 title EulerOS Virtualization for ARM 64 3.0.2.0 : bash (EulerOS-SA-2019-1621) NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-0898-1.NASL description This update for bash fixes the following issues : Security issue fixed : CVE-2019-9924: Fixed a vulnerability in which shell did not prevent user BASH_CMDS allowing the user to execute any command with the permissions of the shell (bsc#1130324). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 123924 published 2019-04-09 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123924 title SUSE SLES12 Security Update : bash (SUSE-SU-2019:0898-1) NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-0838-1.NASL description This update for bash fixes the following issues : Security issue fixed : CVE-2019-9924: Fixed a vulnerability in which shell did not prevent user BASH_CMDS allowing the user to execute any command with the permissions of the shell (bsc#1130324). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 123671 published 2019-04-03 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123671 title SUSE SLED12 / SLES12 Security Update : bash (SUSE-SU-2019:0838-1) NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-1178.NASL description This update for bash fixes the following issues: 	 Security issue fixed : - CVE-2019-9924: Fixed a vulnerability in which shell did not prevent user BASH_CMDS allowing the user to execute any command with the permissions of the shell (bsc#1130324). This update was imported from the SUSE:SLE-12-SP2:Update update project. last seen 2020-06-01 modified 2020-06-02 plugin id 123922 published 2019-04-09 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123922 title openSUSE Security Update : bash (openSUSE-2019-1178)
Redhat
advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||
rpms |
|
References
- http://git.savannah.gnu.org/cgit/bash.git/tree/CHANGES?h=bash-4.4-testing#n65
- http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00049.html
- https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1803441
- https://lists.debian.org/debian-lts-announce/2019/03/msg00028.html
- https://security.netapp.com/advisory/ntap-20190411-0001/
- https://usn.ubuntu.com/4058-1/
- https://usn.ubuntu.com/4058-2/
- http://git.savannah.gnu.org/cgit/bash.git/tree/CHANGES?h=bash-4.4-testing#n65
- https://usn.ubuntu.com/4058-2/
- https://usn.ubuntu.com/4058-1/
- https://security.netapp.com/advisory/ntap-20190411-0001/
- https://lists.debian.org/debian-lts-announce/2019/03/msg00028.html
- https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1803441
- http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00049.html