[3.1] bash: Specially crafted SHELLOPTS+PS4 variables allows command substitution (CVE-2016-7543)
Shells running as root inherited PS4 from the environment, allowing PS4
expansion performing command substitution.
Local attacker could gain arbitrary code execution via bogus setuid
binaries using system()/popen() by specially crafting SHELLOPTS+PS4
environment variables.
Fixed In Version:
bash 4.4
References:
http://seclists.org/oss-sec/2016/q3/617
http://www.openwall.com/lists/oss-security/2016/09/26/9
Patch (for bash-4.3):
http://lists.gnu.org/archive/html/bug-bash/2016-10/msg00009.html
(from redmine: issue id 6413, created on 2016-10-31, closed on 2016-12-15)
- Relations:
- parent #6408 (closed)
- Changesets:
- Revision 5e512d21 by Sergei Lukin on 2016-12-15T08:16:27Z:
main/bash: security upgrade - fixes #6413
CVE-2016-7543