Details of VAR-202004-0812

ID

VAR-202004-0812

CVE

CVE-2019-14868

TITLE

ksh Command injection vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202002-300

DESCRIPTION

In ksh version 20120801, a flaw was found in the way it evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those environment variables could allow them to exploit this issue remotely. 8) - aarch64, ppc64le, s390x, x86_64 3. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2020-05-26-3 macOS Catalina 10.15.5, Security Update 2020-003 Mojave, Security Update 2020-003 High Sierra macOS Catalina 10.15.5, Security Update 2020-003 Mojave, Security Update 2020-003 High Sierra are now available and address the following: Accounts Available for: macOS Catalina 10.15.4 Impact: A remote attacker may be able to cause a denial of service Description: A denial of service issue was addressed with improved input validation. CVE-2020-9827: Jannik Lorenz of SEEMOO @ TU Darmstadt AirDrop Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4 Impact: A remote attacker may be able to cause a denial of service Description: A denial of service issue was addressed with improved input validation. CVE-2020-9826: Dor Hadad of Palo Alto Networks AppleMobileFileIntegrity Available for: macOS High Sierra 10.13.6, macOS Catalina 10.15.4 Impact: An application may be able to use arbitrary entitlements Description: This issue was addressed with improved checks. CVE-2020-9842: Linus Henze (pinauten.de) AppleUSBNetworking Available for: macOS Catalina 10.15.4 Impact: Inserting a USB device that sends invalid messages may cause a kernel panic Description: A logic issue was addressed with improved restrictions. CVE-2020-9804: Andy Davis of NCC Group Audio Available for: macOS Catalina 10.15.4 Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2020-9815: Yu Zhou (@yuzhou6666) working with Trend Micro Zero Day Initiative Audio Available for: macOS Catalina 10.15.4 Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2020-9791: Yu Zhou (@yuzhou6666) working with Trend Micro Zero Day Initiative Bluetooth Available for: macOS Catalina 10.15.4 Impact: A malicious application may be able to determine kernel memory layout Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2020-9831: Yu Wang of Didi Research America Calendar Available for: macOS Catalina 10.15.4 Impact: Importing a maliciously crafted calendar invitation may exfiltrate user information Description: This issue was addressed with improved checks. CVE-2020-3882: Andy Grant of NCC Group CVMS Available for: macOS Catalina 10.15.4 Impact: An application may be able to gain elevated privileges Description: This issue was addressed with improved checks. CVE-2020-9856: @jinmo123, @setuid0x0_, and @insu_yun_en of @SSLab_Gatech working with Trend Micro’s Zero Day Initiative DiskArbitration Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4 Impact: A malicious application may be able to break out of its sandbox Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2020-9847: Zhuo Liang of Qihoo 360 Vulcan Team Find My Available for: macOS Catalina 10.15.4 Impact: A local attacker may be able to elevate their privileges Description: A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. CVE-2020-9855: Zhongcheng Li(CK01) of Topsec Alpha Team FontParser Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4 Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2020-9816: Peter Nguyen Vu Hoang of STAR Labs working with Trend Micro Zero Day Initiative ImageIO Available for: macOS Catalina 10.15.4 Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2020-3878: Samuel Groß of Google Project Zero ImageIO Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4 Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2020-9789: Wenchao Li of VARAS@IIE CVE-2020-9790: Xingwei Lin of Ant-financial Light-Year Security Lab Intel Graphics Driver Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4 Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2020-9822: ABC Research s.r.o IPSec Available for: macOS High Sierra 10.13.6, macOS Catalina 10.15.4 Impact: A remote attacker may be able to leak memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2020-9837: Thijs Alkemade of Computest Kernel Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4 Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2020-9821: Xinru Chi and Tielei Wang of Pangu Lab Kernel Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4 Impact: A malicious application may be able to determine another application's memory layout Description: An information disclosure issue was addressed by removing the vulnerable code. CVE-2020-9797: an anonymous researcher Kernel Available for: macOS Catalina 10.15.4 Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: An integer overflow was addressed through improved input validation. CVE-2020-9852: Tao Huang and Tielei Wang of Pangu Lab Kernel Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2020-9795: Zhuo Liang of Qihoo 360 Vulcan Team Kernel Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4 Impact: An application may be able to cause unexpected system termination or write kernel memory Description: A memory corruption issue was addressed with improved state management. CVE-2020-9808: Xinru Chi and Tielei Wang of Pangu Lab Kernel Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4 Impact: A local user may be able to read kernel memory Description: An information disclosure issue was addressed with improved state management. CVE-2020-9811: Tielei Wang of Pangu Lab CVE-2020-9812: Derrek (@derrekr6) Kernel Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4 Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A logic issue existed resulting in memory corruption. This was addressed with improved state management. CVE-2020-9813: Xinru Chi of Pangu Lab CVE-2020-9814: Xinru Chi and Tielei Wang of Pangu Lab Kernel Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4 Impact: A malicious application may be able to determine kernel memory layout Description: An information disclosure issue was addressed with improved state management. CVE-2020-9809: Benjamin Randazzo (@____benjamin) ksh Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4 Impact: A local user may be able to execute arbitrary shell commands Description: An issue existed in the handling of environment variables. This issue was addressed with improved validation. CVE-2019-14868 NSURL Available for: macOS Mojave 10.14.6 Impact: A malicious website may be able to exfiltrate autofilled data in Safari Description: An issue existed in the parsing of URLs. This issue was addressed with improved input validation. CVE-2020-9857: Dlive of Tencent Security Xuanwu Lab PackageKit Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4 Impact: A malicious application may be able to gain root privileges Description: A permissions issue existed. This issue was addressed with improved permission validation. CVE-2020-9817: Andy Grant of NCC Group PackageKit Available for: macOS Catalina 10.15.4 Impact: A malicious application may be able to modify protected parts of the file system Description: An access issue was addressed with improved access restrictions. CVE-2020-9851: Linus Henze (pinauten.de) Python Available for: macOS Catalina 10.15.4 Impact: A remote attacker may be able to cause arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2020-9793 Sandbox Available for: macOS Catalina 10.15.4 Impact: A malicious application may be able to bypass Privacy preferences Description: An access issue was addressed with additional sandbox restrictions. CVE-2020-9825: Sreejith Krishnan R (@skr0x1C0) Security Available for: macOS Catalina 10.15.4 Impact: A file may be incorrectly rendered to execute JavaScript Description: A validation issue was addressed with improved input sanitization. CVE-2020-9788: Wojciech Reguła of SecuRing (https://wojciechregula.blog) SIP Available for: macOS Catalina 10.15.4 Impact: A non-privileged user may be able to modify restricted network settings Description: A logic issue was addressed with improved restrictions. CVE-2020-9824: Csaba Fitzl (@theevilbit) of Offensive Security SQLite Available for: macOS Catalina 10.15.4 Impact: A malicious application may cause a denial of service or potentially disclose memory contents Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2020-9794 System Preferences Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4 Impact: An application may be able to gain elevated privileges Description: A race condition was addressed with improved state handling. CVE-2020-9839: @jinmo123, @setuid0x0_, and @insu_yun_en of @SSLab_Gatech working with Trend Micro’s Zero Day Initiative USB Audio Available for: macOS Catalina 10.15.4 Impact: A USB device may be able to cause a denial of service Description: A validation issue was addressed with improved input sanitization. CVE-2020-9792: Andy Davis of NCC Group Wi-Fi Available for: macOS Catalina 10.15.4 Impact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory Description: A double free issue was addressed with improved memory management. CVE-2020-9844: Ian Beer of Google Project Zero Wi-Fi Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2020-9830: Tielei Wang of Pangu Lab Wi-Fi Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2020-9834: Yu Wang of Didi Research America Wi-Fi Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4 Impact: A local user may be able to read kernel memory Description: A memory initialization issue was addressed with improved memory handling. CVE-2020-9833: Yu Wang of Didi Research America Wi-Fi Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4 Impact: A malicious application may be able to determine kernel memory layout Description: An out-of-bounds read was addressed with improved input validation. CVE-2020-9832: Yu Wang of Didi Research America WindowServer Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4 Impact: An application may be able to execute arbitrary code with kernel privileges Description: An integer overflow was addressed through improved input validation. CVE-2020-9841: ABC Research s.r.o. working with Trend Micro Zero Day Initiative zsh Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4 Impact: A local attacker may be able to elevate their privileges Description: An authorization issue was addressed with improved state management. CVE-2019-20044: Sam Foxman Additional recognition CoreBluetooth We would like to acknowledge Maximilian von Tschitschnitz of Technical University Munich and Ludwig Peuckert of Technical University Munich for their assistance. CoreText We would like to acknowledge Jiska Classen (@naehrdine) and Dennis Heinze (@ttdennis) of Secure Mobile Networking Lab for their assistance. Endpoint Security We would like to acknowledge an anonymous researcher for their assistance. ImageIO We would like to acknowledge Lei Sun for their assistance. IOHIDFamily We would like to acknowledge Andy Davis of NCC Group for their assistance. IPSec We would like to acknowledge Thijs Alkemade of Computest for their assistance. Login Window We would like to acknowledge Jon Morby and an anonymous researcher for their assistance. Sandbox We would like to acknowledge Jason L Lang of Optum for their assistance. Spotlight We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance. Installation note: macOS Catalina 10.15.5, Security Update 2020-003 Mojave, Security Update 2020-003 High Sierra may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ -----BEGIN PGP SIGNATURE----- Version: BCPG v1.64 iQIcBAEDCAAGBQJezZcfAAoJEAc+Lhnt8tDNIQYP/0YN+/T85WC7RJjAlRrUDduD ZO0e76d2C1jNgZWsYmXnrEPwfRYAEPLcKgb/SxAlwlRNFqex9CNu2sD1aA3GZBIO MaektARuncqh06rl8BjbakS4HQs675vUEjoJS9H2d0pq2dSEIjOtH1agJwtGIeNS wHBFlUnQzI42hurYeq7fxRdiByf+Z3mKEBt6wlVtaWjqcMfG9sroj9H58RLiqSNm VNfU4eZNPrG49kbTf4IC2JvvKg18hrUZqIcjbV/56+kPBl4+USIxh/5ECJHV/cDD BEe64M2I1LiY0lq6neoOeHvBiiIvUq9EUW2PBnfcbo3V1D35mm6td+WnO3Buqo6f EEkjfIwtq7fI10ZPYYjiUayrQyfqmM3x14JcxDsHzlerT6NNRTg3g2ls0seQK9Lt 8IDbkrseOR0JFukR1njC+cAk4RbDFue5cUJK6Js1nGvFwLN0kHFIhh9jFKgccgH7 bKSLDAdB+kSxBOshDDmYyNS+KRzXEWIsBU8ZbNAbRDANWqm4lcPffKWcG7zIdiMQ JLUclRURf35AoFmJ0F1BZSRzFuHr1Dvh23SjNK7H9i/mD05+rY6esh5ZKco+6Yqe pW/EOXEAs/J06xUytABH3SkFmQSzlIPuFrXa8qAskHhFp/E8yLehyefoY+AZJjal sLrLBIOxQCTskSFoExP8 =2eah -----END PGP SIGNATURE----- . 7) - aarch64, ppc64le, s390x 3. 7.4) - x86_64 3. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: ksh security update Advisory ID: RHSA-2020:0515-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:0515 Issue date: 2020-02-17 CVE Names: CVE-2019-14868 ===================================================================== 1. Summary: An update for ksh is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: KornShell (ksh) is a Unix shell developed by AT&T Bell Laboratories, which is backward-compatible with the Bourne shell (sh) and includes many features of the C shell. The most recent version is KSH-93. KornShell complies with the POSIX.2 standard (IEEE Std 1003.2-1992). Security Fix(es): * ksh: certain environment variables interpreted as arithmetic expressions on startup, leading to code injection (CVE-2019-14868) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ksh-20120801-38.el6_10.src.rpm i386: ksh-20120801-38.el6_10.i686.rpm ksh-debuginfo-20120801-38.el6_10.i686.rpm x86_64: ksh-20120801-38.el6_10.x86_64.rpm ksh-debuginfo-20120801-38.el6_10.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ksh-20120801-38.el6_10.src.rpm x86_64: ksh-20120801-38.el6_10.x86_64.rpm ksh-debuginfo-20120801-38.el6_10.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ksh-20120801-38.el6_10.src.rpm i386: ksh-20120801-38.el6_10.i686.rpm ksh-debuginfo-20120801-38.el6_10.i686.rpm ppc64: ksh-20120801-38.el6_10.ppc64.rpm ksh-debuginfo-20120801-38.el6_10.ppc64.rpm s390x: ksh-20120801-38.el6_10.s390x.rpm ksh-debuginfo-20120801-38.el6_10.s390x.rpm x86_64: ksh-20120801-38.el6_10.x86_64.rpm ksh-debuginfo-20120801-38.el6_10.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ksh-20120801-38.el6_10.src.rpm i386: ksh-20120801-38.el6_10.i686.rpm ksh-debuginfo-20120801-38.el6_10.i686.rpm x86_64: ksh-20120801-38.el6_10.x86_64.rpm ksh-debuginfo-20120801-38.el6_10.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-14868 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXkpR39zjgjWX9erEAQgOuA//VVykbqa3Z1flEfzz4+aWXxhfmuF3sEn/ RPoENKb82LLn2BYPkke06fzpU0GynEwgq3AsqezB0GhcU30ErhaEMKb7UggFgjNL /6rbQu/3I9wEbZ9BsiYieuhNY/B77RuaOWYt96M9xthj8naEW4IEf7614ayiFBgu Kcm0g1/4SLiU6jayisb7dlO1yjDSdlM5NUDsYeZu4axMmkGzsxoA1uC8SNe7exee RV03H0TGeg4nXdSrGu6dhpbt8MAT7KM7wtIVpfSzqmepyhCeuqi5yitUeVFtWr3M rcgNRSgG0/IqZJTuccqtpVBWncQisewSfr/AUPpo6LSQOF4UI+PlH0iVJQsitVHi CIjBvlY/AAN2t3efd80nC9sOIOT0AnEyI1NkfRgdybsivarwkT9VYjkdKah7lBQC QBNPXB8elyxjtoB1suhlQPqmSkd4VQ/AP0P2AeB+01fBzV4I1rS+sgcDmiWyOyl4 Xqc4G8Q3eX+Z2N3kGaWtlW92rRF1hhvDeT3VOdHnRD9dofuYQAEVnJGgUOpWQOmA jkMCS4GipUrfyOZVR8iXjYqGoIo4JF2kM5trBYCo5gXW+tiKbZ9dTCQCmqtgVYwK QkH3XQR967JVz1uK1sDB0Ngd5HPqFlvZg+vGcl/xJPr3s8elpOM6AI6vJRgFAArd 1EP8ndPtKmA= =UPpY -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 1.71

sources: NVD: CVE-2019-14868 // VULHUB: VHN-146857 // PACKETSTORM: 156454 // PACKETSTORM: 157877 // PACKETSTORM: 157123 // PACKETSTORM: 157769 // PACKETSTORM: 160382 // PACKETSTORM: 156381 // PACKETSTORM: 160376 // PACKETSTORM: 157121

AFFECTED PRODUCTS

vendor:	debian	model:	linux	scope:	eq	version:	9.0	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	lt	version:	10.15.5	Trust: 1.0
vendor:	ksh	model:	ksh	scope:	eq	version:	20120801	Trust: 1.0

sources: NVD: CVE-2019-14868

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-14868
value:	HIGH
Trust: 1.0
secalert@redhat.com:	CVE-2019-14868
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-202002-300
value:	HIGH
Trust: 0.6
VULHUB:	VHN-146857
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2019-14868
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-146857
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-14868
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
secalert@redhat.com:	CVE-2019-14868
baseSeverity:	HIGH
baseScore:	7.4
vectorString:	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.4
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-146857 // CNNVD: CNNVD-202002-300 // NVD: CVE-2019-14868 // NVD: CVE-2019-14868

PROBLEMTYPE DATA

problemtype:	CWE-77	Trust: 1.1
problemtype:	CWE-74	Trust: 0.1

sources: VULHUB: VHN-146857 // NVD: CVE-2019-14868

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202002-300

TYPE

command injection

Trust: 0.6

sources: CNNVD: CNNVD-202002-300

PATCH

title:

Red Hat Enterprise Linux KornShell Security vulnerabilities

url:

http://123.124.177.30/web/xxk/bdxqById.tag?id=109905

Trust: 0.6

sources: CNNVD: CNNVD-202002-300

EXTERNAL IDS

db:	NVD	id:	CVE-2019-14868	Trust: 2.5
db:	PACKETSTORM	id:	157877	Trust: 0.8
db:	PACKETSTORM	id:	157769	Trust: 0.8
db:	PACKETSTORM	id:	157123	Trust: 0.8
db:	PACKETSTORM	id:	160376	Trust: 0.8
db:	PACKETSTORM	id:	156454	Trust: 0.8
db:	PACKETSTORM	id:	156381	Trust: 0.8
db:	PACKETSTORM	id:	156502	Trust: 0.7
db:	PACKETSTORM	id:	156218	Trust: 0.7
db:	CNNVD	id:	CNNVD-202002-300	Trust: 0.7
db:	AUSCERT	id:	ESB-2020.1859	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.1223	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.4313	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.2463	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.0539	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.1772	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.0663	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.0630	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.0426	Trust: 0.6
db:	PACKETSTORM	id:	160382	Trust: 0.2
db:	PACKETSTORM	id:	157121	Trust: 0.2
db:	VULHUB	id:	VHN-146857	Trust: 0.1

sources: VULHUB: VHN-146857 // PACKETSTORM: 156454 // PACKETSTORM: 157877 // PACKETSTORM: 157123 // PACKETSTORM: 157769 // PACKETSTORM: 160382 // PACKETSTORM: 156381 // PACKETSTORM: 160376 // PACKETSTORM: 157121 // CNNVD: CNNVD-202002-300 // NVD: CVE-2019-14868

REFERENCES

url:	https://support.apple.com/kb/ht211170	Trust: 2.3
url:	http://seclists.org/fulldisclosure/2020/may/53	Trust: 1.7
url:	https://lists.debian.org/debian-lts-announce/2020/07/msg00015.html	Trust: 1.7
url:	https://bugzilla.redhat.com/show_bug.cgi?id=cve-2019-14868	Trust: 1.7
url:	https://github.com/att/ast/commit/c7de8b641266bac7c77942239ac659edfee9ecd2	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-14868	Trust: 1.4
url:	https://access.redhat.com/security/cve/cve-2019-14868	Trust: 1.3
url:	https://access.redhat.com/errata/rhsa-2020:0431	Trust: 1.2
url:	https://www.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.7
url:	https://bugzilla.redhat.com/):	Trust: 0.7
url:	https://access.redhat.com/security/team/key/	Trust: 0.7
url:	https://access.redhat.com/articles/11258	Trust: 0.7
url:	https://access.redhat.com/errata/rhsa-2020:0559	Trust: 0.7
url:	https://access.redhat.com/security/team/contact/	Trust: 0.7
url:	https://access.redhat.com/security/updates/classification/#important	Trust: 0.7
url:	https://access.redhat.com/errata/rhsa-2020:1333	Trust: 0.7
url:	https://access.redhat.com/errata/rhsa-2020:2210	Trust: 0.7
url:	https://access.redhat.com/errata/rhsa-2020:5351	Trust: 0.7
url:	https://access.redhat.com/errata/rhsa-2020:0515	Trust: 0.7
url:	https://access.redhat.com/errata/rhsa-2020:5352	Trust: 0.7
url:	https://access.redhat.com/errata/rhsa-2020:1332	Trust: 0.7
url:	https://access.redhat.com/errata/rhsa-2020:0568	Trust: 0.6
url:	https://bugzilla.redhat.com/show_bug.cgi?id=1757324	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1772/	Trust: 0.6
url:	https://packetstormsecurity.com/files/157123/red-hat-security-advisory-2020-1333-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.0539/	Trust: 0.6
url:	https://packetstormsecurity.com/files/156218/red-hat-security-advisory-2020-0431-01.html	Trust: 0.6
url:	https://vigilance.fr/vulnerability/ksh-code-execution-via-environment-variables-arithmetic-expressions-31521	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.4313/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.0426/	Trust: 0.6
url:	https://packetstormsecurity.com/files/160376/red-hat-security-advisory-2020-5352-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.0630/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.0663/	Trust: 0.6
url:	https://packetstormsecurity.com/files/156381/red-hat-security-advisory-2020-0515-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.2463/	Trust: 0.6
url:	https://packetstormsecurity.com/files/157877/apple-security-advisory-2020-05-26-3.html	Trust: 0.6
url:	https://support.apple.com/en-us/ht211170	Trust: 0.6
url:	https://packetstormsecurity.com/files/156502/red-hat-security-advisory-2020-0568-01.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/157769/red-hat-security-advisory-2020-2210-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1859/	Trust: 0.6
url:	https://packetstormsecurity.com/files/156454/red-hat-security-advisory-2020-0559-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1223/	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9809	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9813	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9795	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9822	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9804	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9826	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9814	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9811	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9792	Trust: 0.1
url:	https://support.apple.com/downloads/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-3882	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9824	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9817	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9797	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9791	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9808	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9788	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9790	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9825	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9821	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9816	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9789	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-20044	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-3878	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9815	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9793	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9794	Trust: 0.1
url:	https://wojciechregula.blog)	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9812	Trust: 0.1

CREDITS

Red Hat

Trust: 0.7

sources: PACKETSTORM: 156454 // PACKETSTORM: 157123 // PACKETSTORM: 157769 // PACKETSTORM: 160382 // PACKETSTORM: 156381 // PACKETSTORM: 160376 // PACKETSTORM: 157121

SOURCES

db:	VULHUB	id:	VHN-146857
db:	PACKETSTORM	id:	156454
db:	PACKETSTORM	id:	157877
db:	PACKETSTORM	id:	157123
db:	PACKETSTORM	id:	157769
db:	PACKETSTORM	id:	160382
db:	PACKETSTORM	id:	156381
db:	PACKETSTORM	id:	160376
db:	PACKETSTORM	id:	157121
db:	CNNVD	id:	CNNVD-202002-300
db:	NVD	id:	CVE-2019-14868

LAST UPDATE DATE

2025-04-01T22:44:15.139000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-146857	date:	2023-02-12T00:00:00
db:	CNNVD	id:	CNNVD-202002-300	date:	2023-03-21T00:00:00
db:	NVD	id:	CVE-2019-14868	date:	2024-11-21T04:27:32.553

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-146857	date:	2020-04-02T00:00:00
db:	PACKETSTORM	id:	156454	date:	2020-02-20T21:13:20
db:	PACKETSTORM	id:	157877	date:	2020-05-29T19:04:22
db:	PACKETSTORM	id:	157123	date:	2020-04-06T19:18:52
db:	PACKETSTORM	id:	157769	date:	2020-05-19T20:25:55
db:	PACKETSTORM	id:	160382	date:	2020-12-07T14:26:16
db:	PACKETSTORM	id:	156381	date:	2020-02-17T17:26:14
db:	PACKETSTORM	id:	160376	date:	2020-12-07T14:00:31
db:	PACKETSTORM	id:	157121	date:	2020-04-06T19:18:02
db:	CNNVD	id:	CNNVD-202002-300	date:	2020-02-06T00:00:00
db:	NVD	id:	CVE-2019-14868	date:	2020-04-02T17:15:13.990