CVE-2016-0634

HIGH

bash 4.3 - RCE

Title source: llm

Description

The expansion of '\h' in the prompt string in bash 4.3 allows remote authenticated users to execute arbitrary code via shell metacharacters placed in 'hostname' of a machine.

References (15)

[Vendor Advisory] http://rhn.redhat.com/errata/RHSA-2017-0725.html

[Mailing List, Third Party Advisory] http://www.openwall.com/lists/oss-security/2016/09/16/12

[Mailing List, Patch, Third Party Advisory] http://www.openwall.com/lists/oss-security/2016/09/16/8

[Mailing List, Third Party Advisory] http://www.openwall.com/lists/oss-security/2016/09/18/11

[Mailing List, Third Party Advisory] http://www.openwall.com/lists/oss-security/2016/09/19/7

[Mailing List, Third Party Advisory] http://www.openwall.com/lists/oss-security/2016/09/20/1

[Mailing List, Third Party Advisory] http://www.openwall.com/lists/oss-security/2016/09/27/9

[Mailing List, Third Party Advisory] http://www.openwall.com/lists/oss-security/2016/09/29/27

[Mailing List, Third Party Advisory] http://www.openwall.com/lists/oss-security/2016/10/07/6

[Mailing List, Third Party Advisory] http://www.openwall.com/lists/oss-security/2016/10/10/3

[Mailing List, Third Party Advisory] http://www.openwall.com/lists/oss-security/2016/10/10/4

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/92999

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2017:1931

[Issue Tracking, Patch, Third Party Advisory, VDB Entry] https://bugzilla.redhat.com/show_bug.cgi?id=1377613

[Third Party Advisory] https://security.gentoo.org/glsa/201612-39

Scores

CVSS v3 7.5

EPSS 0.0222

EPSS Percentile 84.2%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-78

Status draft

Affected Products (1)

gnu/bash

Timeline

Published Aug 28, 2017

Tracked Since Feb 18, 2026