csaf_redhat - rhsa-2021

rhsa-2021_1679

Vulnerability from csaf_redhat

Published

2021-05-18 13:25

Modified

2024-09-16 05:11

Summary

Red Hat Security Advisory: bash security and bug fix update

Notes

Topic

An update for bash is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details

The bash packages provide Bash (Bourne-again shell), which is the default shell for Red Hat Enterprise Linux. Security Fix(es): * bash: when effective UID is not equal to its real UID the saved UID is not dropped (CVE-2019-18276) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Low"
    },
    "category": "csaf_vex",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for bash is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The bash packages provide Bash (Bourne-again shell), which is the default shell for Red Hat Enterprise Linux.\n\nSecurity Fix(es):\n\n* bash: when effective UID is not equal to its real UID the saved UID is not dropped (CVE-2019-18276)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2021:1679",
        "url": "https://access.redhat.com/errata/RHSA-2021:1679"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#low",
        "url": "https://access.redhat.com/security/updates/classification/#low"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.4_release_notes/",
        "url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.4_release_notes/"
      },
      {
        "category": "external",
        "summary": "1778309",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1778309"
      },
      {
        "category": "external",
        "summary": "1890888",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890888"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2021/rhsa-2021_1679.json"
      }
    ],
    "title": "Red Hat Security Advisory: bash security and bug fix update",
    "tracking": {
      "current_release_date": "2024-09-16T05:11:42+00:00",
      "generator": {
        "date": "2024-09-16T05:11:42+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "3.33.3"
        }
      },
      "id": "RHSA-2021:1679",
      "initial_release_date": "2021-05-18T13:25:55+00:00",
      "revision_history": [
        {
          "date": "2021-05-18T13:25:55+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2021-05-18T13:25:55+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-09-16T05:11:42+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux BaseOS (v. 8)",
                "product": {
                  "name": "Red Hat Enterprise Linux BaseOS (v. 8)",
                  "product_id": "BaseOS-8.4.0.GA",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:8::baseos"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "bash-0:4.4.19-14.el8.s390x",
                "product": {
                  "name": "bash-0:4.4.19-14.el8.s390x",
                  "product_id": "bash-0:4.4.19-14.el8.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/bash@4.4.19-14.el8?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "bash-doc-0:4.4.19-14.el8.s390x",
                "product": {
                  "name": "bash-doc-0:4.4.19-14.el8.s390x",
                  "product_id": "bash-doc-0:4.4.19-14.el8.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/bash-doc@4.4.19-14.el8?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "bash-debugsource-0:4.4.19-14.el8.s390x",
                "product": {
                  "name": "bash-debugsource-0:4.4.19-14.el8.s390x",
                  "product_id": "bash-debugsource-0:4.4.19-14.el8.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/bash-debugsource@4.4.19-14.el8?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "bash-debuginfo-0:4.4.19-14.el8.s390x",
                "product": {
                  "name": "bash-debuginfo-0:4.4.19-14.el8.s390x",
                  "product_id": "bash-debuginfo-0:4.4.19-14.el8.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/bash-debuginfo@4.4.19-14.el8?arch=s390x"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "bash-0:4.4.19-14.el8.x86_64",
                "product": {
                  "name": "bash-0:4.4.19-14.el8.x86_64",
                  "product_id": "bash-0:4.4.19-14.el8.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/bash@4.4.19-14.el8?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "bash-doc-0:4.4.19-14.el8.x86_64",
                "product": {
                  "name": "bash-doc-0:4.4.19-14.el8.x86_64",
                  "product_id": "bash-doc-0:4.4.19-14.el8.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/bash-doc@4.4.19-14.el8?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "bash-debugsource-0:4.4.19-14.el8.x86_64",
                "product": {
                  "name": "bash-debugsource-0:4.4.19-14.el8.x86_64",
                  "product_id": "bash-debugsource-0:4.4.19-14.el8.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/bash-debugsource@4.4.19-14.el8?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "bash-debuginfo-0:4.4.19-14.el8.x86_64",
                "product": {
                  "name": "bash-debuginfo-0:4.4.19-14.el8.x86_64",
                  "product_id": "bash-debuginfo-0:4.4.19-14.el8.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/bash-debuginfo@4.4.19-14.el8?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "bash-0:4.4.19-14.el8.ppc64le",
                "product": {
                  "name": "bash-0:4.4.19-14.el8.ppc64le",
                  "product_id": "bash-0:4.4.19-14.el8.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/bash@4.4.19-14.el8?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "bash-doc-0:4.4.19-14.el8.ppc64le",
                "product": {
                  "name": "bash-doc-0:4.4.19-14.el8.ppc64le",
                  "product_id": "bash-doc-0:4.4.19-14.el8.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/bash-doc@4.4.19-14.el8?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "bash-debugsource-0:4.4.19-14.el8.ppc64le",
                "product": {
                  "name": "bash-debugsource-0:4.4.19-14.el8.ppc64le",
                  "product_id": "bash-debugsource-0:4.4.19-14.el8.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/bash-debugsource@4.4.19-14.el8?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "bash-debuginfo-0:4.4.19-14.el8.ppc64le",
                "product": {
                  "name": "bash-debuginfo-0:4.4.19-14.el8.ppc64le",
                  "product_id": "bash-debuginfo-0:4.4.19-14.el8.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/bash-debuginfo@4.4.19-14.el8?arch=ppc64le"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "bash-0:4.4.19-14.el8.aarch64",
                "product": {
                  "name": "bash-0:4.4.19-14.el8.aarch64",
                  "product_id": "bash-0:4.4.19-14.el8.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/bash@4.4.19-14.el8?arch=aarch64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "bash-doc-0:4.4.19-14.el8.aarch64",
                "product": {
                  "name": "bash-doc-0:4.4.19-14.el8.aarch64",
                  "product_id": "bash-doc-0:4.4.19-14.el8.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/bash-doc@4.4.19-14.el8?arch=aarch64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "bash-debugsource-0:4.4.19-14.el8.aarch64",
                "product": {
                  "name": "bash-debugsource-0:4.4.19-14.el8.aarch64",
                  "product_id": "bash-debugsource-0:4.4.19-14.el8.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/bash-debugsource@4.4.19-14.el8?arch=aarch64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "bash-debuginfo-0:4.4.19-14.el8.aarch64",
                "product": {
                  "name": "bash-debuginfo-0:4.4.19-14.el8.aarch64",
                  "product_id": "bash-debuginfo-0:4.4.19-14.el8.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/bash-debuginfo@4.4.19-14.el8?arch=aarch64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "bash-0:4.4.19-14.el8.src",
                "product": {
                  "name": "bash-0:4.4.19-14.el8.src",
                  "product_id": "bash-0:4.4.19-14.el8.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/bash@4.4.19-14.el8?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bash-0:4.4.19-14.el8.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
          "product_id": "BaseOS-8.4.0.GA:bash-0:4.4.19-14.el8.aarch64"
        },
        "product_reference": "bash-0:4.4.19-14.el8.aarch64",
        "relates_to_product_reference": "BaseOS-8.4.0.GA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bash-0:4.4.19-14.el8.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
          "product_id": "BaseOS-8.4.0.GA:bash-0:4.4.19-14.el8.ppc64le"
        },
        "product_reference": "bash-0:4.4.19-14.el8.ppc64le",
        "relates_to_product_reference": "BaseOS-8.4.0.GA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bash-0:4.4.19-14.el8.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
          "product_id": "BaseOS-8.4.0.GA:bash-0:4.4.19-14.el8.s390x"
        },
        "product_reference": "bash-0:4.4.19-14.el8.s390x",
        "relates_to_product_reference": "BaseOS-8.4.0.GA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bash-0:4.4.19-14.el8.src as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
          "product_id": "BaseOS-8.4.0.GA:bash-0:4.4.19-14.el8.src"
        },
        "product_reference": "bash-0:4.4.19-14.el8.src",
        "relates_to_product_reference": "BaseOS-8.4.0.GA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bash-0:4.4.19-14.el8.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
          "product_id": "BaseOS-8.4.0.GA:bash-0:4.4.19-14.el8.x86_64"
        },
        "product_reference": "bash-0:4.4.19-14.el8.x86_64",
        "relates_to_product_reference": "BaseOS-8.4.0.GA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bash-debuginfo-0:4.4.19-14.el8.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
          "product_id": "BaseOS-8.4.0.GA:bash-debuginfo-0:4.4.19-14.el8.aarch64"
        },
        "product_reference": "bash-debuginfo-0:4.4.19-14.el8.aarch64",
        "relates_to_product_reference": "BaseOS-8.4.0.GA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bash-debuginfo-0:4.4.19-14.el8.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
          "product_id": "BaseOS-8.4.0.GA:bash-debuginfo-0:4.4.19-14.el8.ppc64le"
        },
        "product_reference": "bash-debuginfo-0:4.4.19-14.el8.ppc64le",
        "relates_to_product_reference": "BaseOS-8.4.0.GA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bash-debuginfo-0:4.4.19-14.el8.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
          "product_id": "BaseOS-8.4.0.GA:bash-debuginfo-0:4.4.19-14.el8.s390x"
        },
        "product_reference": "bash-debuginfo-0:4.4.19-14.el8.s390x",
        "relates_to_product_reference": "BaseOS-8.4.0.GA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bash-debuginfo-0:4.4.19-14.el8.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
          "product_id": "BaseOS-8.4.0.GA:bash-debuginfo-0:4.4.19-14.el8.x86_64"
        },
        "product_reference": "bash-debuginfo-0:4.4.19-14.el8.x86_64",
        "relates_to_product_reference": "BaseOS-8.4.0.GA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bash-debugsource-0:4.4.19-14.el8.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
          "product_id": "BaseOS-8.4.0.GA:bash-debugsource-0:4.4.19-14.el8.aarch64"
        },
        "product_reference": "bash-debugsource-0:4.4.19-14.el8.aarch64",
        "relates_to_product_reference": "BaseOS-8.4.0.GA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bash-debugsource-0:4.4.19-14.el8.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
          "product_id": "BaseOS-8.4.0.GA:bash-debugsource-0:4.4.19-14.el8.ppc64le"
        },
        "product_reference": "bash-debugsource-0:4.4.19-14.el8.ppc64le",
        "relates_to_product_reference": "BaseOS-8.4.0.GA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bash-debugsource-0:4.4.19-14.el8.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
          "product_id": "BaseOS-8.4.0.GA:bash-debugsource-0:4.4.19-14.el8.s390x"
        },
        "product_reference": "bash-debugsource-0:4.4.19-14.el8.s390x",
        "relates_to_product_reference": "BaseOS-8.4.0.GA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bash-debugsource-0:4.4.19-14.el8.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
          "product_id": "BaseOS-8.4.0.GA:bash-debugsource-0:4.4.19-14.el8.x86_64"
        },
        "product_reference": "bash-debugsource-0:4.4.19-14.el8.x86_64",
        "relates_to_product_reference": "BaseOS-8.4.0.GA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bash-doc-0:4.4.19-14.el8.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
          "product_id": "BaseOS-8.4.0.GA:bash-doc-0:4.4.19-14.el8.aarch64"
        },
        "product_reference": "bash-doc-0:4.4.19-14.el8.aarch64",
        "relates_to_product_reference": "BaseOS-8.4.0.GA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bash-doc-0:4.4.19-14.el8.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
          "product_id": "BaseOS-8.4.0.GA:bash-doc-0:4.4.19-14.el8.ppc64le"
        },
        "product_reference": "bash-doc-0:4.4.19-14.el8.ppc64le",
        "relates_to_product_reference": "BaseOS-8.4.0.GA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bash-doc-0:4.4.19-14.el8.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
          "product_id": "BaseOS-8.4.0.GA:bash-doc-0:4.4.19-14.el8.s390x"
        },
        "product_reference": "bash-doc-0:4.4.19-14.el8.s390x",
        "relates_to_product_reference": "BaseOS-8.4.0.GA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bash-doc-0:4.4.19-14.el8.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
          "product_id": "BaseOS-8.4.0.GA:bash-doc-0:4.4.19-14.el8.x86_64"
        },
        "product_reference": "bash-doc-0:4.4.19-14.el8.x86_64",
        "relates_to_product_reference": "BaseOS-8.4.0.GA"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2019-18276",
      "cwe": {
        "id": "CWE-271",
        "name": "Privilege Dropping / Lowering Errors"
      },
      "discovery_date": "2019-11-29T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1778309"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A privilege escalation vulnerability was found in bash in the way it dropped privileges when started with an effective user id not equal to the real user id. Bash may be vulnerable to this flaw if the setuid permission is set and the owner of the bash program itself is a non-root user. A local attacker could exploit this flaw to escalate their privileges on the system.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "bash: when effective UID is not equal to its real UID the saved UID is not dropped",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "BaseOS-8.4.0.GA:bash-0:4.4.19-14.el8.aarch64",
          "BaseOS-8.4.0.GA:bash-0:4.4.19-14.el8.ppc64le",
          "BaseOS-8.4.0.GA:bash-0:4.4.19-14.el8.s390x",
          "BaseOS-8.4.0.GA:bash-0:4.4.19-14.el8.src",
          "BaseOS-8.4.0.GA:bash-0:4.4.19-14.el8.x86_64",
          "BaseOS-8.4.0.GA:bash-debuginfo-0:4.4.19-14.el8.aarch64",
          "BaseOS-8.4.0.GA:bash-debuginfo-0:4.4.19-14.el8.ppc64le",
          "BaseOS-8.4.0.GA:bash-debuginfo-0:4.4.19-14.el8.s390x",
          "BaseOS-8.4.0.GA:bash-debuginfo-0:4.4.19-14.el8.x86_64",
          "BaseOS-8.4.0.GA:bash-debugsource-0:4.4.19-14.el8.aarch64",
          "BaseOS-8.4.0.GA:bash-debugsource-0:4.4.19-14.el8.ppc64le",
          "BaseOS-8.4.0.GA:bash-debugsource-0:4.4.19-14.el8.s390x",
          "BaseOS-8.4.0.GA:bash-debugsource-0:4.4.19-14.el8.x86_64",
          "BaseOS-8.4.0.GA:bash-doc-0:4.4.19-14.el8.aarch64",
          "BaseOS-8.4.0.GA:bash-doc-0:4.4.19-14.el8.ppc64le",
          "BaseOS-8.4.0.GA:bash-doc-0:4.4.19-14.el8.s390x",
          "BaseOS-8.4.0.GA:bash-doc-0:4.4.19-14.el8.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2019-18276"
        },
        {
          "category": "external",
          "summary": "RHBZ#1778309",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1778309"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2019-18276",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-18276"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-18276",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-18276"
        }
      ],
      "release_date": "2019-07-01T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "BaseOS-8.4.0.GA:bash-0:4.4.19-14.el8.aarch64",
            "BaseOS-8.4.0.GA:bash-0:4.4.19-14.el8.ppc64le",
            "BaseOS-8.4.0.GA:bash-0:4.4.19-14.el8.s390x",
            "BaseOS-8.4.0.GA:bash-0:4.4.19-14.el8.src",
            "BaseOS-8.4.0.GA:bash-0:4.4.19-14.el8.x86_64",
            "BaseOS-8.4.0.GA:bash-debuginfo-0:4.4.19-14.el8.aarch64",
            "BaseOS-8.4.0.GA:bash-debuginfo-0:4.4.19-14.el8.ppc64le",
            "BaseOS-8.4.0.GA:bash-debuginfo-0:4.4.19-14.el8.s390x",
            "BaseOS-8.4.0.GA:bash-debuginfo-0:4.4.19-14.el8.x86_64",
            "BaseOS-8.4.0.GA:bash-debugsource-0:4.4.19-14.el8.aarch64",
            "BaseOS-8.4.0.GA:bash-debugsource-0:4.4.19-14.el8.ppc64le",
            "BaseOS-8.4.0.GA:bash-debugsource-0:4.4.19-14.el8.s390x",
            "BaseOS-8.4.0.GA:bash-debugsource-0:4.4.19-14.el8.x86_64",
            "BaseOS-8.4.0.GA:bash-doc-0:4.4.19-14.el8.aarch64",
            "BaseOS-8.4.0.GA:bash-doc-0:4.4.19-14.el8.ppc64le",
            "BaseOS-8.4.0.GA:bash-doc-0:4.4.19-14.el8.s390x",
            "BaseOS-8.4.0.GA:bash-doc-0:4.4.19-14.el8.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:1679"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "BaseOS-8.4.0.GA:bash-0:4.4.19-14.el8.aarch64",
            "BaseOS-8.4.0.GA:bash-0:4.4.19-14.el8.ppc64le",
            "BaseOS-8.4.0.GA:bash-0:4.4.19-14.el8.s390x",
            "BaseOS-8.4.0.GA:bash-0:4.4.19-14.el8.src",
            "BaseOS-8.4.0.GA:bash-0:4.4.19-14.el8.x86_64",
            "BaseOS-8.4.0.GA:bash-debuginfo-0:4.4.19-14.el8.aarch64",
            "BaseOS-8.4.0.GA:bash-debuginfo-0:4.4.19-14.el8.ppc64le",
            "BaseOS-8.4.0.GA:bash-debuginfo-0:4.4.19-14.el8.s390x",
            "BaseOS-8.4.0.GA:bash-debuginfo-0:4.4.19-14.el8.x86_64",
            "BaseOS-8.4.0.GA:bash-debugsource-0:4.4.19-14.el8.aarch64",
            "BaseOS-8.4.0.GA:bash-debugsource-0:4.4.19-14.el8.ppc64le",
            "BaseOS-8.4.0.GA:bash-debugsource-0:4.4.19-14.el8.s390x",
            "BaseOS-8.4.0.GA:bash-debugsource-0:4.4.19-14.el8.x86_64",
            "BaseOS-8.4.0.GA:bash-doc-0:4.4.19-14.el8.aarch64",
            "BaseOS-8.4.0.GA:bash-doc-0:4.4.19-14.el8.ppc64le",
            "BaseOS-8.4.0.GA:bash-doc-0:4.4.19-14.el8.s390x",
            "BaseOS-8.4.0.GA:bash-doc-0:4.4.19-14.el8.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "bash: when effective UID is not equal to its real UID the saved UID is not dropped"
    }
  ]
}

cve-2019-18276

Vulnerability from cvelistv5

Published

2019-11-28 00:27

Modified

2024-08-05 01:47

Severity

Summary

An issue was discovered in disable_priv_mode in shell.c in GNU Bash through 5.0 patch 11. By default, if Bash is run with its effective UID not equal to its real UID, it will drop privileges by setting its effective UID to its real UID. However, it does so incorrectly. On Linux and other systems that support "saved UID" functionality, the saved UID is not dropped. An attacker with command execution in the shell can use "enable -f" for runtime loading of a new builtin, which can be a shared object that calls setuid() and therefore regains privileges. However, binaries running with an effective UID of 0 are unaffected.

References

URL	Tags
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E	mailing-list, x_refsource_MLIST
https://security.gentoo.org/glsa/202105-34	vendor-advisory, x_refsource_GENTOO
https://www.oracle.com/security-alerts/cpuapr2022.html	x_refsource_MISC
https://www.youtube.com/watch?v=-wGtxJ8opa8	x_refsource_MISC
https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff	x_refsource_CONFIRM
http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html	x_refsource_MISC
https://security.netapp.com/advisory/ntap-20200430-0003/	x_refsource_CONFIRM

Impacted products

Vendor	Product
n/a	n/a

Show details on NVD website