{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-09-16T00:00:00", "descriptions": [{"lang": "en", "value": "Bash before 4.4 allows local users to execute arbitrary commands with root privileges via crafted SHELLOPTS and PS4 environment variables."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-01-04T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "RHSA-2017:0725", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0725.html"}, {"name": "FEDORA-2016-5a54fb4784", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OU3C756YPHDAAPFX76UGZBAQQQ5UMHS5/"}, {"name": "RHSA-2017:1931", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2017:1931"}, {"name": "FEDORA-2016-2c4b5ad64e", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7XOQSHU63Y357NHU5FPTFBM6I3YOCQB/"}, {"name": "[oss-security] 20160926 CVE-2016-7543 -- bash SHELLOPTS+PS4", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2016/09/26/9"}, {"name": "[bug-bash] 20160916 Bash-4.4 Release available", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.gnu.org/archive/html/bug-bash/2016-09/msg00018.html"}, {"name": "93183", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/93183"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05388115"}, {"name": "FEDORA-2016-f84391516d", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z2VRBSIPZDZ75ZQ2DLITHUIDW4W26KVR/"}, {"name": "1037812", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1037812"}, {"name": "GLSA-201701-02", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201701-02"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-7543", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Bash before 4.4 allows local users to execute arbitrary commands with root privileges via crafted SHELLOPTS and PS4 environment variables."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "RHSA-2017:0725", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2017-0725.html"}, {"name": "FEDORA-2016-5a54fb4784", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OU3C756YPHDAAPFX76UGZBAQQQ5UMHS5/"}, {"name": "RHSA-2017:1931", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1931"}, {"name": "FEDORA-2016-2c4b5ad64e", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F7XOQSHU63Y357NHU5FPTFBM6I3YOCQB/"}, {"name": "[oss-security] 20160926 CVE-2016-7543 -- bash SHELLOPTS+PS4", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2016/09/26/9"}, {"name": "[bug-bash] 20160916 Bash-4.4 Release available", "refsource": "MLIST", "url": "https://lists.gnu.org/archive/html/bug-bash/2016-09/msg00018.html"}, {"name": "93183", "refsource": "BID", "url": "http://www.securityfocus.com/bid/93183"}, {"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05388115", "refsource": "CONFIRM", "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05388115"}, {"name": "FEDORA-2016-f84391516d", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z2VRBSIPZDZ75ZQ2DLITHUIDW4W26KVR/"}, {"name": "1037812", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037812"}, {"name": "GLSA-201701-02", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201701-02"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T02:04:54.955Z"}, "title": "CVE Program Container", "references": [{"name": "RHSA-2017:0725", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0725.html"}, {"name": "FEDORA-2016-5a54fb4784", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OU3C756YPHDAAPFX76UGZBAQQQ5UMHS5/"}, {"name": "RHSA-2017:1931", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2017:1931"}, {"name": "FEDORA-2016-2c4b5ad64e", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7XOQSHU63Y357NHU5FPTFBM6I3YOCQB/"}, {"name": "[oss-security] 20160926 CVE-2016-7543 -- bash SHELLOPTS+PS4", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2016/09/26/9"}, {"name": "[bug-bash] 20160916 Bash-4.4 Release available", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.gnu.org/archive/html/bug-bash/2016-09/msg00018.html"}, {"name": "93183", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/93183"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05388115"}, {"name": "FEDORA-2016-f84391516d", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z2VRBSIPZDZ75ZQ2DLITHUIDW4W26KVR/"}, {"name": "1037812", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1037812"}, {"name": "GLSA-201701-02", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201701-02"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-7543", "datePublished": "2017-01-19T20:00:00", "dateReserved": "2016-09-09T00:00:00", "dateUpdated": "2024-08-06T02:04:54.955Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gnu:bash:*:*:*:*:*:*:*:*", "matchCriteriaId": "F4DBE402-1B0A-4854-ABE5-891321454C25", "versionEndIncluding": "4.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*", "matchCriteriaId": "E79AB8DD-C907-4038-A931-1A5A4CFB6A5B", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*", "matchCriteriaId": "C729D5D1-ED95-443A-9F53-5D7C2FD9B80C", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:25:*:*:*:*:*:*:*", "matchCriteriaId": "772E9557-A371-4664-AE2D-4135AAEB89AA", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Bash before 4.4 allows local users to execute arbitrary commands with root privileges via crafted SHELLOPTS and PS4 environment variables."}, {"lang": "es", "value": "Bash en versiones anteriores a 4.4 permite a usuarios locales ejecutar comandos arbitrarios con privilegios root a trav\u00e9s de variables de entorno SHELLOPTS y PS4 manipuladas."}], "id": "CVE-2016-7543", "lastModified": "2023-11-07T02:34:43.130", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.5, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-01-19T20:59:00.470", "references": [{"source": "cve@mitre.org", "url": "http://rhn.redhat.com/errata/RHSA-2017-0725.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2016/09/26/9"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/93183"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id/1037812"}, {"source": "cve@mitre.org", "url": "https://access.redhat.com/errata/RHSA-2017:1931"}, {"source": "cve@mitre.org", "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05388115"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7XOQSHU63Y357NHU5FPTFBM6I3YOCQB/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OU3C756YPHDAAPFX76UGZBAQQQ5UMHS5/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z2VRBSIPZDZ75ZQ2DLITHUIDW4W26KVR/"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://lists.gnu.org/archive/html/bug-bash/2016-09/msg00018.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201701-02"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2017:0725", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "bash-0:4.1.2-48.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2017-03-21T00:00:00Z"}, {"advisory": "RHSA-2017:1931", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "bash-0:4.2.46-28.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2017-08-01T00:00:00Z"}], "bugzilla": {"description": "bash: Specially crafted SHELLOPTS+PS4 variables allows command substitution", "id": "1379630", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1379630"}, "csaw": false, "cvss": {"cvss_base_score": "6.9", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "status": "verified"}, "cvss3": {"cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-77", "details": ["Bash before 4.4 allows local users to execute arbitrary commands with root privileges via crafted SHELLOPTS and PS4 environment variables.", "An arbitrary command injection flaw was found in the way bash processed the SHELLOPTS and PS4 environment variables. A local, authenticated attacker could use this flaw to exploit poorly written setuid programs to elevate their privileges under certain circumstances."], "name": "CVE-2016-7543", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "bash", "product_name": "Red Hat Enterprise Linux 5"}], "public_date": "2016-09-16T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2016-7543\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-7543"], "threat_severity": "Moderate", "upstream_fix": "bash 4.4"}