{ "threat_severity" : "Moderate", "public_date" : "2019-03-07T00:00:00Z", "bugzilla" : { "description" : "bash: BASH_CMD is writable in restricted bash shells", "id" : "1691774", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1691774" }, "cvss3" : { "cvss3_base_score" : "7.8", "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status" : "verified" }, "cwe" : "CWE-138", "details" : [ "rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the user to execute any command with the permissions of the shell." ], "statement" : "Impact of the flaw set to Moderate as restricted shell shall not be used as a security feature alone, as it is very hard to configure it properly and several bypasses exist for it.\nThis issue did not affect the versions of bash as shipped with Red Hat Enterprise Linux 5 as they did not include support for BASH_CMDS environment variable.\nRed Hat Virtualization Hypervisor and Management Appliance were affected by this issue, but do not use the restricted bash shell in a way that would be exposed to attackers. Future updates may address this issue.", "affected_release" : [ { "product_name" : "Red Hat Ansible Tower 3.5 for RHEL 7", "release_date" : "2020-04-22T00:00:00Z", "advisory" : "RHBA-2020:1539", "cpe" : "cpe:/a:redhat:ansible_tower:3.5::el7", "package" : "ansible-tower-35/ansible-tower:3.5.6-1" }, { "product_name" : "Red Hat Ansible Tower 3.6 for RHEL 7", "release_date" : "2020-04-22T00:00:00Z", "advisory" : "RHBA-2020:1540", "cpe" : "cpe:/a:redhat:ansible_tower:3.6::el7", "package" : "ansible-tower-36/ansible-tower:3.6.4-1" }, { "product_name" : "Red Hat Enterprise Linux 7", "release_date" : "2020-03-31T00:00:00Z", "advisory" : "RHSA-2020:1113", "cpe" : "cpe:/o:redhat:enterprise_linux:7", "package" : "bash-0:4.2.46-34.el7" }, { "product_name" : "Red Hat Enterprise Linux 7.4 Advanced Update Support", "release_date" : "2020-09-22T00:00:00Z", "advisory" : "RHSA-2020:3803", "cpe" : "cpe:/o:redhat:rhel_aus:7.4", "package" : "bash-0:4.2.46-30.el7_4" }, { "product_name" : "Red Hat Enterprise Linux 7.4 Telco Extended Update Support", "release_date" : "2020-09-22T00:00:00Z", "advisory" : "RHSA-2020:3803", "cpe" : "cpe:/o:redhat:rhel_tus:7.4", "package" : "bash-0:4.2.46-30.el7_4" }, { "product_name" : "Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions", "release_date" : "2020-09-22T00:00:00Z", "advisory" : "RHSA-2020:3803", "cpe" : "cpe:/o:redhat:rhel_e4s:7.4", "package" : "bash-0:4.2.46-30.el7_4" }, { "product_name" : "Red Hat Enterprise Linux 7.6 Extended Update Support", "release_date" : "2020-08-18T00:00:00Z", "advisory" : "RHSA-2020:3474", "cpe" : "cpe:/o:redhat:rhel_eus:7.6", "package" : "bash-0:4.2.46-32.el7_6" }, { "product_name" : "Red Hat Enterprise Linux 7.7 Extended Update Support", "release_date" : "2020-09-01T00:00:00Z", "advisory" : "RHSA-2020:3592", "cpe" : "cpe:/o:redhat:rhel_eus:7.7", "package" : "bash-0:4.2.46-34.el7_7" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 5", "fix_state" : "Not affected", "package_name" : "bash", "cpe" : "cpe:/o:redhat:enterprise_linux:5" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Will not fix", "package_name" : "bash", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "bash", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Virtualization 4", "fix_state" : "Will not fix", "package_name" : "redhat-virtualization-host", "cpe" : "cpe:/o:redhat:rhev_hypervisor:4" }, { "product_name" : "Red Hat Virtualization 4", "fix_state" : "Will not fix", "package_name" : "rhvm-appliance", "cpe" : "cpe:/o:redhat:rhev_hypervisor:4" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2019-9924\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-9924" ], "name" : "CVE-2019-9924", "csaw" : false }