Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2016-0634

The expansion of '\h' in the prompt string in bash 4.3 allows remote authenticated users to execute arbitrary code via shell metacharacters placed in 'hostname' of a machine.

Related bugs and status

CVE-2016-0634 (Candidate) is related to these bugs:

Bug #1507025: Shell Command Injection with the hostname

Summary				In	Importance	Status
	1507025	Shell Command Injection with the hostname		bash (Ubuntu)	Undecided	Fix Released

Bug #1689304: Unfixed Code Execution Vulnerability CVE-2016-7543

Summary				In	Importance	Status
	1689304	Unfixed Code Execution Vulnerability CVE-2016-7543		bash (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

MLIST: [oss-security] 2016091...
MLIST: [oss-security] 2016091...
MLIST: [oss-security] 2016091...
MLIST: [oss-security] 2016091...
MLIST: [oss-security] 2016092...
MLIST: [oss-security] 2016092...
MLIST: [oss-security] 2016092...
MLIST: [oss-security] 2016100...
MLIST: [oss-security] 2016101...
MLIST: [oss-security] 2016101...
CONFIRM: https://bugzilla.redha...
BID: 92999
GENTOO: GLSA-201612-39
REDHAT: RHSA-2017:0725
REDHAT: RHSA-2017:1931