ID CVE-2016-9401
Summary popd in bash might allow local users to bypass the restricted shell and cause a use-after-free via a crafted address.
References
Vulnerable Configurations
  • cpe:2.3:a:gnu:bash:-:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:bash:-:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:bash:1.14.0:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:bash:1.14.0:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:bash:1.14.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:bash:1.14.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:bash:1.14.2:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:bash:1.14.2:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:bash:1.14.3:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:bash:1.14.3:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:bash:1.14.4:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:bash:1.14.4:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:bash:1.14.5:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:bash:1.14.5:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:bash:1.14.6:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:bash:1.14.6:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:bash:1.14.7:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:bash:1.14.7:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:bash:2.0:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:bash:2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:bash:2.01:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:bash:2.01:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:bash:2.01.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:bash:2.01.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:bash:2.02:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:bash:2.02:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:bash:2.02.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:bash:2.02.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:bash:2.03:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:bash:2.03:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:bash:2.04:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:bash:2.04:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:bash:2.05:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:bash:2.05:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:bash:2.05:a:*:*:*:*:*:*
    cpe:2.3:a:gnu:bash:2.05:a:*:*:*:*:*:*
  • cpe:2.3:a:gnu:bash:2.05:b:*:*:*:*:*:*
    cpe:2.3:a:gnu:bash:2.05:b:*:*:*:*:*:*
  • cpe:2.3:a:gnu:bash:3.0:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:bash:3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:bash:3.0.16:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:bash:3.0.16:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:bash:3.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:bash:3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:bash:3.2:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:bash:3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:bash:3.2.48:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:bash:3.2.48:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:bash:3.2.57:beta1:*:*:*:*:*:*
    cpe:2.3:a:gnu:bash:3.2.57:beta1:*:*:*:*:*:*
  • cpe:2.3:a:gnu:bash:4.0:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:bash:4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:bash:4.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:gnu:bash:4.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:gnu:bash:4.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:bash:4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:bash:4.2:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:bash:4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:bash:4.2.53:beta1:*:*:*:*:*:*
    cpe:2.3:a:gnu:bash:4.2.53:beta1:*:*:*:*:*:*
  • cpe:2.3:a:gnu:bash:4.3:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:bash:4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:bash:4.3.30:beta1:*:*:*:*:*:*
    cpe:2.3:a:gnu:bash:4.3.30:beta1:*:*:*:*:*:*
  • cpe:2.3:a:gnu:bash:4.4:patch1:*:*:*:*:*:*
    cpe:2.3:a:gnu:bash:4.4:patch1:*:*:*:*:*:*
  • cpe:2.3:a:gnu:bash:4.4:patch2:*:*:*:*:*:*
    cpe:2.3:a:gnu:bash:4.4:patch2:*:*:*:*:*:*
  • cpe:2.3:a:gnu:bash:4.4:patch3:*:*:*:*:*:*
    cpe:2.3:a:gnu:bash:4.4:patch3:*:*:*:*:*:*
  • cpe:2.3:a:gnu:bash:4.4:patch4:*:*:*:*:*:*
    cpe:2.3:a:gnu:bash:4.4:patch4:*:*:*:*:*:*
  • cpe:2.3:a:gnu:bash:4.4:patch5:*:*:*:*:*:*
    cpe:2.3:a:gnu:bash:4.4:patch5:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
CVSS
Base: 2.1 (as of 28-03-2019 - 13:59)
Impact:
Exploitability:
CWE CWE-416
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:L/AC:L/Au:N/C:N/I:P/A:N
redhat via4
advisories
  • bugzilla
    id 1396383
    title CVE-2016-9401 bash: popd controlled free
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 6 Client is installed
        oval oval:com.redhat.rhba:tst:20111656001
      • comment Red Hat Enterprise Linux 6 Server is installed
        oval oval:com.redhat.rhba:tst:20111656002
      • comment Red Hat Enterprise Linux 6 Workstation is installed
        oval oval:com.redhat.rhba:tst:20111656003
      • comment Red Hat Enterprise Linux 6 ComputeNode is installed
        oval oval:com.redhat.rhba:tst:20111656004
    • OR
      • AND
        • comment bash is earlier than 0:4.1.2-48.el6
          oval oval:com.redhat.rhsa:tst:20170725005
        • comment bash is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20141293006
      • AND
        • comment bash-doc is earlier than 0:4.1.2-48.el6
          oval oval:com.redhat.rhsa:tst:20170725007
        • comment bash-doc is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20141293008
    rhsa
    id RHSA-2017:0725
    released 2017-03-21
    severity Moderate
    title RHSA-2017:0725: bash security and bug fix update (Moderate)
  • bugzilla
    id 1396383
    title CVE-2016-9401 bash: popd controlled free
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 7 Client is installed
        oval oval:com.redhat.rhba:tst:20150364001
      • comment Red Hat Enterprise Linux 7 Server is installed
        oval oval:com.redhat.rhba:tst:20150364002
      • comment Red Hat Enterprise Linux 7 Workstation is installed
        oval oval:com.redhat.rhba:tst:20150364003
      • comment Red Hat Enterprise Linux 7 ComputeNode is installed
        oval oval:com.redhat.rhba:tst:20150364004
    • OR
      • AND
        • comment bash is earlier than 0:4.2.46-28.el7
          oval oval:com.redhat.rhsa:tst:20171931005
        • comment bash is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20141293006
      • AND
        • comment bash-doc is earlier than 0:4.2.46-28.el7
          oval oval:com.redhat.rhsa:tst:20171931007
        • comment bash-doc is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20141293008
    rhsa
    id RHSA-2017:1931
    released 2017-08-01
    severity Moderate
    title RHSA-2017:1931: bash security and bug fix update (Moderate)
rpms
  • bash-0:4.1.2-48.el6
  • bash-doc-0:4.1.2-48.el6
  • bash-0:4.2.46-28.el7
  • bash-doc-0:4.2.46-28.el7
refmap via4
bid 94398
gentoo GLSA-201701-02
mlist
  • [debian-lts-announce] 20190325 [SECURITY] [DLA 1726-1] bash security update
  • [oss-security] 20161117 Re: bash - popd controlled free
  • [oss-security] 20161117 bash - popd controlled free
Last major update 28-03-2019 - 13:59
Published 23-01-2017 - 21:59
Last modified 14-09-2020 - 18:32
Back to Top