GNU Bash CVE-2016-0634 Local Code Execution Vulnerability

GNU Bash is prone to a local code-execution vulnerability.

A local attacker can exploit these issues to execute arbitrary code in the context of the user running the affected application.

Information

Bugtraq ID: 92999
Class: Unknown
CVE: CVE-2016-0634

Remote: No
Local: Yes
Published: Sep 16 2016 12:00AM
Updated: May 25 2017 12:00PM
Credit: John Haxby.
Vulnerable: Ubuntu Ubuntu Linux 17.04
Ubuntu Ubuntu Linux 16.10
Ubuntu Ubuntu Linux 16.04 LTS
Ubuntu Ubuntu Linux 14.04 LTS
Redhat Enterprise Linux Workstation Optional 6
Redhat Enterprise Linux Workstation 6
Redhat Enterprise Linux Server Optional 6
Redhat Enterprise Linux Server 6
Redhat Enterprise Linux HPC Node Optional 6
Redhat Enterprise Linux HPC Node 6
Redhat Enterprise Linux Desktop Optional 6
Redhat Enterprise Linux Desktop 6
GNU GNU bash 3.1.4
GNU GNU bash 2.3
GNU GNU bash 2.2
GNU GNU bash 2.1
GNU GNU bash 2.0
GNU GNU bash 1.14.5
GNU GNU bash 1.14.3
GNU GNU bash 1.14.2
GNU GNU bash 1.14.1
GNU GNU bash 1.14
GNU GNU bash 4.3
GNU GNU bash 4.2
GNU GNU bash 4.1
GNU GNU bash 4.0
GNU GNU bash 3.2
GNU GNU bash 2.05
GNU GNU bash 2.04
GNU GNU bash 2.03
GNU GNU bash 2.01
GNU GNU bash 1.14.7
GNU GNU bash 1.14.6
GNU GNU bash 1.14.4

Not Vulnerable: GNU GNU bash 4.4

Exploit

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: http://.

References:

• GNU Bash (GNU)
  
• CVE-2016-0634 -- bash prompt expanding $HOSTNAME (Seclists.org)
  

Source: www.securityfocus.com