Vulnerability CVE-2016-7543: Information

Description

Bash before 4.4 allows local users to execute arbitrary commands with root privileges via crafted SHELLOPTS and PS4 environment variables.

Severity: HIGH (8.4) Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2016-7543
Published: Jan. 19, 2017
Modified: Nov. 7, 2023
Error type identifier: CWE-20

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
bashc73.2.54-alt0.M70P.1.M70C.13.2.54-alt0.M70P.1.M70C.1ALT-PU-2017-2205-1188133Fixed
bash4sisyphus4.4.23-alt14.4.23-alt1ALT-PU-2018-2880-1218094Fixed
bash4p104.4.23-alt14.4.23-alt1ALT-PU-2018-2880-1218094Fixed
bash4p94.4.23-alt14.4.23-alt1ALT-PU-2018-2880-1218094Fixed
bash4c10f14.4.23-alt14.4.23-alt1ALT-PU-2018-2880-1218094Fixed
bash4c9f24.4.23-alt14.4.23-alt1ALT-PU-2018-2880-1218094Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
GLSA-201701-02
  • Third Party Advisory
[bug-bash] 20160916 Bash-4.4 Release available
  • Patch
  • Vendor Advisory
93183
  • Third Party Advisory
  • VDB Entry
[oss-security] 20160926 CVE-2016-7543 -- bash SHELLOPTS+PS4
  • Mailing List
  • Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05388115
    1037812
      RHSA-2017:1931
        RHSA-2017:0725
          FEDORA-2016-5a54fb4784
            FEDORA-2016-2c4b5ad64e
              FEDORA-2016-f84391516d

                  1. Configuration 1

                    cpe:2.3:a:gnu:bash:*:*:*:*:*:*:*:*
                    End including
                    4.3

                    Configuration 2

                    cpe:2.3:o:fedoraproject:fedora:25:*:*:*:*:*:*:*
                    cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*
                    cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*
                VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
                Version: v24.4.2
                Back to top