Sign-up

ID

VAR-202004-0812


CVE

CVE-2019-14868


TITLE

ksh Injection vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2019-015261

DESCRIPTION

In ksh version 20120801, a flaw was found in the way it evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those environment variables could allow them to exploit this issue remotely. ksh There is an injection vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. 8) - aarch64, ppc64le, s390x, x86_64 3. 7) - aarch64, ppc64le, s390x 3. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: ksh security update Advisory ID: RHSA-2020:0515-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:0515 Issue date: 2020-02-17 CVE Names: CVE-2019-14868 ===================================================================== 1. Summary: An update for ksh is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: KornShell (ksh) is a Unix shell developed by AT&T Bell Laboratories, which is backward-compatible with the Bourne shell (sh) and includes many features of the C shell. The most recent version is KSH-93. KornShell complies with the POSIX.2 standard (IEEE Std 1003.2-1992). Security Fix(es): * ksh: certain environment variables interpreted as arithmetic expressions on startup, leading to code injection (CVE-2019-14868) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ksh-20120801-38.el6_10.src.rpm i386: ksh-20120801-38.el6_10.i686.rpm ksh-debuginfo-20120801-38.el6_10.i686.rpm x86_64: ksh-20120801-38.el6_10.x86_64.rpm ksh-debuginfo-20120801-38.el6_10.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ksh-20120801-38.el6_10.src.rpm x86_64: ksh-20120801-38.el6_10.x86_64.rpm ksh-debuginfo-20120801-38.el6_10.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ksh-20120801-38.el6_10.src.rpm i386: ksh-20120801-38.el6_10.i686.rpm ksh-debuginfo-20120801-38.el6_10.i686.rpm ppc64: ksh-20120801-38.el6_10.ppc64.rpm ksh-debuginfo-20120801-38.el6_10.ppc64.rpm s390x: ksh-20120801-38.el6_10.s390x.rpm ksh-debuginfo-20120801-38.el6_10.s390x.rpm x86_64: ksh-20120801-38.el6_10.x86_64.rpm ksh-debuginfo-20120801-38.el6_10.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ksh-20120801-38.el6_10.src.rpm i386: ksh-20120801-38.el6_10.i686.rpm ksh-debuginfo-20120801-38.el6_10.i686.rpm x86_64: ksh-20120801-38.el6_10.x86_64.rpm ksh-debuginfo-20120801-38.el6_10.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-14868 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXkpR39zjgjWX9erEAQgOuA//VVykbqa3Z1flEfzz4+aWXxhfmuF3sEn/ RPoENKb82LLn2BYPkke06fzpU0GynEwgq3AsqezB0GhcU30ErhaEMKb7UggFgjNL /6rbQu/3I9wEbZ9BsiYieuhNY/B77RuaOWYt96M9xthj8naEW4IEf7614ayiFBgu Kcm0g1/4SLiU6jayisb7dlO1yjDSdlM5NUDsYeZu4axMmkGzsxoA1uC8SNe7exee RV03H0TGeg4nXdSrGu6dhpbt8MAT7KM7wtIVpfSzqmepyhCeuqi5yitUeVFtWr3M rcgNRSgG0/IqZJTuccqtpVBWncQisewSfr/AUPpo6LSQOF4UI+PlH0iVJQsitVHi CIjBvlY/AAN2t3efd80nC9sOIOT0AnEyI1NkfRgdybsivarwkT9VYjkdKah7lBQC QBNPXB8elyxjtoB1suhlQPqmSkd4VQ/AP0P2AeB+01fBzV4I1rS+sgcDmiWyOyl4 Xqc4G8Q3eX+Z2N3kGaWtlW92rRF1hhvDeT3VOdHnRD9dofuYQAEVnJGgUOpWQOmA jkMCS4GipUrfyOZVR8iXjYqGoIo4JF2kM5trBYCo5gXW+tiKbZ9dTCQCmqtgVYwK QkH3XQR967JVz1uK1sDB0Ngd5HPqFlvZg+vGcl/xJPr3s8elpOM6AI6vJRgFAArd 1EP8ndPtKmA= =UPpY -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . 7) - x86_64 3

Trust: 2.43

sources: NVD: CVE-2019-14868 // JVNDB: JVNDB-2019-015261 // VULHUB: VHN-146857 // PACKETSTORM: 156454 // PACKETSTORM: 157123 // PACKETSTORM: 157769 // PACKETSTORM: 160382 // PACKETSTORM: 156381 // PACKETSTORM: 156502 // PACKETSTORM: 160376 // PACKETSTORM: 157121

AFFECTED PRODUCTS

vendor:kshmodel:kshscope:eqversion:20120801

Trust: 1.8

vendor:debianmodel:linuxscope:eqversion:9.0

Trust: 1.0

vendor:applemodel:mac os xscope:ltversion:10.15.5

Trust: 1.0

sources: JVNDB: JVNDB-2019-015261 // NVD: CVE-2019-14868

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-14868
value: HIGH

Trust: 1.0

secalert@redhat.com: CVE-2019-14868
value: HIGH

Trust: 1.0

NVD: JVNDB-2019-015261
value: HIGH

Trust: 0.8

VULHUB: VHN-146857
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-14868
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2019-015261
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-146857
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-14868
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

secalert@redhat.com: CVE-2019-14868
baseSeverity: HIGH
baseScore: 7.4
vectorString: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.4
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2019-015261
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-146857 // JVNDB: JVNDB-2019-015261 // NVD: CVE-2019-14868 // NVD: CVE-2019-14868

PROBLEMTYPE DATA

problemtype:CWE-77

Trust: 1.1

problemtype:CWE-74

Trust: 0.9

sources: VULHUB: VHN-146857 // JVNDB: JVNDB-2019-015261 // NVD: CVE-2019-14868

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-015261

PATCH
title:Harden env var importsurl:https://github.com/att/ast/commit/c7de8b641266bac7c77942239ac659edfee9ecd2
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-015261

EXTERNAL IDS
db:NVDid:CVE-2019-14868
Trust: 2.7
db:JVNDBid:JVNDB-2019-015261
Trust: 0.8
db:PACKETSTORMid:156502
Trust: 0.2
db:PACKETSTORMid:157769
Trust: 0.2
db:PACKETSTORMid:160382
Trust: 0.2
db:PACKETSTORMid:157123
Trust: 0.2
db:PACKETSTORMid:157121
Trust: 0.2
db:PACKETSTORMid:160376
Trust: 0.2
db:PACKETSTORMid:156454
Trust: 0.2
db:PACKETSTORMid:156381
Trust: 0.2
db:PACKETSTORMid:157877
Trust: 0.1
db:PACKETSTORMid:156218
Trust: 0.1
db:CNNVDid:CNNVD-202002-300
Trust: 0.1
db:VULHUBid:VHN-146857
Trust: 0.1
sources:
            
            
            VULHUB: VHN-146857 // 
            
            
            
            JVNDB: JVNDB-2019-015261 // 
            
            
            
            PACKETSTORM: 156454 // 
            
            
            
            PACKETSTORM: 157123 // 
            
            
            
            PACKETSTORM: 157769 // 
            
            
            
            PACKETSTORM: 160382 // 
            
            
            
            PACKETSTORM: 156381 // 
            
            
            
            PACKETSTORM: 156502 // 
            
            
            
            PACKETSTORM: 160376 // 
            
            
            
            PACKETSTORM: 157121 // 
            
            
            
            NVD: CVE-2019-14868

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2019-14868
Trust: 1.6
url:http://seclists.org/fulldisclosure/2020/may/53
Trust: 1.1
url:https://lists.debian.org/debian-lts-announce/2020/07/msg00015.html
Trust: 1.1
url:https://bugzilla.redhat.com/show_bug.cgi?id=cve-2019-14868
Trust: 1.1
url:https://github.com/att/ast/commit/c7de8b641266bac7c77942239ac659edfee9ecd2
Trust: 1.1
url:https://support.apple.com/kb/ht211170
Trust: 1.1
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-14868
Trust: 0.8
url:https://www.redhat.com/mailman/listinfo/rhsa-announce
Trust: 0.8
url:https://access.redhat.com/security/cve/cve-2019-14868
Trust: 0.8
url:https://bugzilla.redhat.com/):
Trust: 0.8
url:https://access.redhat.com/security/team/key/
Trust: 0.8
url:https://access.redhat.com/articles/11258
Trust: 0.8
url:https://access.redhat.com/security/team/contact/
Trust: 0.8
url:https://access.redhat.com/security/updates/classification/#important
Trust: 0.8
url:https://access.redhat.com/errata/rhsa-2020:0559
Trust: 0.1
url:https://access.redhat.com/errata/rhsa-2020:1333
Trust: 0.1
url:https://access.redhat.com/errata/rhsa-2020:2210
Trust: 0.1
url:https://access.redhat.com/errata/rhsa-2020:5351
Trust: 0.1
url:https://access.redhat.com/errata/rhsa-2020:0515
Trust: 0.1
url:https://access.redhat.com/errata/rhsa-2020:0568
Trust: 0.1
url:https://access.redhat.com/errata/rhsa-2020:5352
Trust: 0.1
url:https://access.redhat.com/errata/rhsa-2020:1332
Trust: 0.1
sources:
            
            
            VULHUB: VHN-146857 // 
            
            
            
            JVNDB: JVNDB-2019-015261 // 
            
            
            
            PACKETSTORM: 156454 // 
            
            
            
            PACKETSTORM: 157123 // 
            
            
            
            PACKETSTORM: 157769 // 
            
            
            
            PACKETSTORM: 160382 // 
            
            
            
            PACKETSTORM: 156381 // 
            
            
            
            PACKETSTORM: 156502 // 
            
            
            
            PACKETSTORM: 160376 // 
            
            
            
            PACKETSTORM: 157121 // 
            
            
            
            NVD: CVE-2019-14868

CREDITS
Red Hat
Trust: 0.8
sources:
            
            
            PACKETSTORM: 156454 // 
            
            
            
            PACKETSTORM: 157123 // 
            
            
            
            PACKETSTORM: 157769 // 
            
            
            
            PACKETSTORM: 160382 // 
            
            
            
            PACKETSTORM: 156381 // 
            
            
            
            PACKETSTORM: 156502 // 
            
            
            
            PACKETSTORM: 160376 // 
            
            
            
            PACKETSTORM: 157121

SOURCES
db:VULHUBid:VHN-146857
db:JVNDBid:JVNDB-2019-015261
db:PACKETSTORMid:156454
db:PACKETSTORMid:157123
db:PACKETSTORMid:157769
db:PACKETSTORMid:160382
db:PACKETSTORMid:156381
db:PACKETSTORMid:156502
db:PACKETSTORMid:160376
db:PACKETSTORMid:157121
db:NVDid:CVE-2019-14868

LAST UPDATE DATE
2024-11-27T22:30:10.154000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-146857date:2023-02-12T00:00:00
db:JVNDBid:JVNDB-2019-015261date:2020-04-21T00:00:00
db:NVDid:CVE-2019-14868date:2024-11-21T04:27:32.553

SOURCES RELEASE DATE
db:VULHUBid:VHN-146857date:2020-04-02T00:00:00
db:JVNDBid:JVNDB-2019-015261date:2020-04-21T00:00:00
db:PACKETSTORMid:156454date:2020-02-20T21:13:20
db:PACKETSTORMid:157123date:2020-04-06T19:18:52
db:PACKETSTORMid:157769date:2020-05-19T20:25:55
db:PACKETSTORMid:160382date:2020-12-07T14:26:16
db:PACKETSTORMid:156381date:2020-02-17T17:26:14
db:PACKETSTORMid:156502date:2020-02-25T15:06:40
db:PACKETSTORMid:160376date:2020-12-07T14:00:31
db:PACKETSTORMid:157121date:2020-04-06T19:18:02
db:NVDid:CVE-2019-14868date:2020-04-02T17:15:13.990