[3.5] bash: Specially crafted SHELLOPTS+PS4 variables allows command substitution (CVE-2016-7543)ID: oval:org.secpod.oval:def:1800197 | Date: (C)2018-03-28 (M)2023-11-10 |
Class: PATCH | Family: unix |
Shells running as root inherited PS4 from the environment, allowing PS4 expansion performing command substitution. Local attacker could gain arbitrary code execution via bogus setuid binaries using system/popen by specially crafting SHELLOPTS+PS4 environment variables. Fixed In Version bash 4.4
Platform: |
Alpine Linux 3.5 |