Fluid Attacks Database

Description

rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the user to execute any command with the permissions of the shell.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 14	bash	>=0 <4.4-1	4.4-1
debian 11	bash	>=0 <4.4-1	4.4-1
debian 12	bash	>=0 <4.4-1	4.4-1
debian 13	bash	>=0 <4.4-1	4.4-1
rpm rhel6	bash	-	-
rpm rhel7	bash	<0:4.2.46-34.el7	0:4.2.46-34.el7
rpm rhel7.6	bash	<0:4.2.46-32.el7_6	0:4.2.46-32.el7_6
rpm rhel7.7	bash	<0:4.2.46-34.el7_7	0:4.2.46-34.el7_7

Aliases

1. CVE-2019-99242. NVD-2019-99243. OSV-DEBIAN-2019-99244. OSV-2019-99245. SECURITY-TRACKER-CVE-2019-9924

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.