Hi Bash Maintainers, I've been made aware of a GNU Bash profile code execution vulnerability https://exchange.xforce.ibmcloud.com/vulnerabilities/173116 reported last December (2019-12-16) Description: GNU Bash could allow a remote attacker to execute arbitrary code on the system, caused by improper access control by the Bash profile. By persuading a victim to open the Bash terminal, an attacker could exploit this vulnerability to execute arbitrary code on the system. https://packetstormsecurity.com/files/155687 CVSS Base Score: 8.8 CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) There is no CVE identifier associated with the vulnerability and I've been unable to determine whether there is a remediation available. Is anyone aware of this vulnerability and where it may be tracked in Gnu Bash?
Many Thanks Rachel Rachel Alderman IBM Cloud Kubernetes Security Compliance IBM United Kingdom Limited, Mailpoint 211, Hursley, Winchester, SO21 2JN. Email: rachel_alder...@uk.ibm.com I work part-time and my working days are Wednesday, Thursday and Friday. IBM United Kingdom Limited Registered in England and Wales with number 741598 Registered office: PO Box 41, North Harbour, Portsmouth, Hants. PO6 3AU Unless stated otherwise above: IBM United Kingdom Limited - Registered in England and Wales with number 741598. Registered office: PO Box 41, North Harbour, Portsmouth, Hampshire PO6 3AU
smime.p7s
Description: S/MIME Cryptographic Signature