|
|
Log in / Subscribe / Register

bash: code execution

Package(s):bash CVE #(s):CVE-2016-0634
Created:September 26, 2016 Updated:December 13, 2016
Description: From the Red Hat bugzilla:

A vulnerability was found in a way bash expands the $HOSTNAME. Injecting the hostname with malicious code would cause it to run each time bash expanded \h in the prompt string.

Alerts:
openSUSE openSUSE-SU-2016:2715-1 bash 2016-11-03
Fedora FEDORA-2016-62e6c462ef bash 2016-09-25
Fedora FEDORA-2016-a822b472c4 bash 2016-09-23
Gentoo 201612-39 bash 2016-12-13
openSUSE openSUSE-SU-2016:2961-1 bash 2016-12-01
Mageia MGASA-2016-0393 bash 2016-11-21
to post comments

bash: code execution

Posted Oct 5, 2016 13:30 UTC (Wed) by nix (subscriber, #2304) [Link] (2 responses)

Note: Chet pointed out that this is not $HOSTNAME; it is the result of gethostname(). An attacker who can set the HOSTNAME environment variable cannot exploit this, only someone who can force the system to set its hostname to $(bad stuff) can do so.

bash: code execution

Posted Oct 5, 2016 17:58 UTC (Wed) by flussence (guest, #85566) [Link] (1 responses)

Could a rogue DHCP server and common client be used to turn this into remote code execution?

bash: code execution

Posted Oct 5, 2016 22:52 UTC (Wed) by nix (subscriber, #2304) [Link]

Yes, only I'd not be surprised to find that a rogue DHCP server can do this *anyway*. dhclient is not the most secure piece of software ever written, alas.


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds