[Bug 1803441] Re: BASH_CMDS is writable in restricted bash shells (fixed upstream, need to backport patch)
Fixed released https://usn.ubuntu.com/4058-2/ ** Changed in: bash (Ubuntu Trusty) Status: In Progress => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1803441 Title: BASH_CMDS is writable in restricted bash shells (fixed upstream, need to backport patch) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1803441/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1803441] Re: BASH_CMDS is writable in restricted bash shells (fixed upstream, need to backport patch)
** Also affects: bash (Ubuntu Trusty) Importance: Undecided Status: New ** Changed in: bash (Ubuntu Trusty) Status: New => In Progress ** Changed in: bash (Ubuntu Trusty) Assignee: (unassigned) => Leonidas S. Barbosa (leosilvab) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1803441 Title: BASH_CMDS is writable in restricted bash shells (fixed upstream, need to backport patch) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1803441/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1803441] Re: BASH_CMDS is writable in restricted bash shells (fixed upstream, need to backport patch)
This bug was fixed in the package bash - 4.3-14ubuntu1.4 --- bash (4.3-14ubuntu1.4) xenial-security; urgency=medium * SECURITY UPDATE: rbash restriction bypass (LP: #1803441) - debian/patches/CVE-2019-9924.patch: if the shell is restricted, reject attempts to add pathnames containing slashes to the hash table in variables.c. - CVE-2019-9924 -- Marc Deslauriers Fri, 12 Jul 2019 14:25:28 -0400 ** Changed in: bash (Ubuntu) Status: New => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1803441 Title: BASH_CMDS is writable in restricted bash shells (fixed upstream, need to backport patch) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1803441/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1803441] Re: BASH_CMDS is writable in restricted bash shells (fixed upstream, need to backport patch)
@Ricardo: Yes, that was my intent with the original report. I didn't even know about the other issue when I submitted this issue. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1803441 Title: BASH_CMDS is writable in restricted bash shells (fixed upstream, need to backport patch) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1803441/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1803441] Re: BASH_CMDS is writable in restricted bash shells (fixed upstream, need to backport patch)
After looking a bit more into this, it seems the issue in https://lists.gnu.org/archive/html/bug-bash/2017-12/msg00065.html is maybe not a real security concern, since rbash was wrongly configured. Having . in PATH is not good with rbash and that makes the whole thing flawed. So, we could say CVE-2019-9924 is just for the issue in https://lists.gnu.org/archive/html/bug-bash/2017-03/msg00077.html . -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1803441 Title: BASH_CMDS is writable in restricted bash shells (fixed upstream, need to backport patch) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1803441/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1803441] Re: BASH_CMDS is writable in restricted bash shells (fixed upstream, need to backport patch)
I don't think they are the same issue. Or, at least, the first issue was only partially fixed. I can see both Fedora 29 and Ubuntu 18.10 being still affected by the issue outlined in https://lists.gnu.org/archive/html/bug-bash/2017-12/msg00065.html, though they are not affected by https://lists.gnu.org/archive/html/bug- bash/2017-03/msg00077.html. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1803441 Title: BASH_CMDS is writable in restricted bash shells (fixed upstream, need to backport patch) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1803441/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1803441] Re: BASH_CMDS is writable in restricted bash shells (fixed upstream, need to backport patch)
I'm sorry Riccardo, I didn't notice the two separate BASH_CMDS issues when I filed the request. The only mention in the changelog is: > This document details the changes between this version, bash-4.4-beta2, > and the previous version, bash-4.4-rc1. >$ > [...] >$ > d. Fixed a bug that allowed assignments to BASH_CMDS when the shell was > in restricted mode. http://git.savannah.gnu.org/cgit/bash.git/tree/CHANGES?h=bash-4.4-testing#n65 I did not find a single well-defined patch or commit for this, so completely overlooked that there are multiple issues. Thanks -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1803441 Title: BASH_CMDS is writable in restricted bash shells (fixed upstream, need to backport patch) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1803441/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1803441] Re: BASH_CMDS is writable in restricted bash shells (fixed upstream, need to backport patch)
Yes, that's basically the same issue. It was patched upstream many years ago (2016 I recall) however as of last fall Ubuntu old-LTS had not backported the fix. I used this bug to escape from rbash during a security audit of a fully patched Ubuntu system in October. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1803441 Title: BASH_CMDS is writable in restricted bash shells (fixed upstream, need to backport patch) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1803441/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1803441] Re: BASH_CMDS is writable in restricted bash shells (fixed upstream, need to backport patch)
Is this about https://lists.gnu.org/archive/html/bug- bash/2017-03/msg00077.html ? Or about https://lists.gnu.org/archive/html /bug-bash/2017-12/msg00065.html ? Apparently, both are very old flaws. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1803441 Title: BASH_CMDS is writable in restricted bash shells (fixed upstream, need to backport patch) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1803441/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1803441] Re: BASH_CMDS is writable in restricted bash shells (fixed upstream, need to backport patch)
CVE-2019-9924 Thanks ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-9924 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1803441 Title: BASH_CMDS is writable in restricted bash shells (fixed upstream, need to backport patch) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1803441/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1803441] Re: BASH_CMDS is writable in restricted bash shells (fixed upstream, need to backport patch)
I have not seen a CVE for the original upstream bug but cannot say with certainty none was assigned. The Ubuntu packaging issue definitely does not have one. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1803441 Title: BASH_CMDS is writable in restricted bash shells (fixed upstream, need to backport patch) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1803441/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1803441] Re: BASH_CMDS is writable in restricted bash shells (fixed upstream, need to backport patch)
Hi Andrew, thanks for reporting this. Do you know if a CVE was assigned for this issue? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1803441 Title: BASH_CMDS is writable in restricted bash shells (fixed upstream, need to backport patch) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1803441/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1803441] Re: BASH_CMDS is writable in restricted bash shells (fixed upstream, need to backport patch)
** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1803441 Title: BASH_CMDS is writable in restricted bash shells (fixed upstream, need to backport patch) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1803441/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs