- Home
- CVEs with nessus.description==Tavis Ormandy reports :
The bash shell uses the value of the PS4 environment variable (after expansion) as a prefix for commands run in execution trace mode.
Execution trace mode (xtrace) is normally set via bash's -x command line option or interactively by running 'set -o xtrace'. However, it may also be enabled by placing the string 'xtrace' in the SHELLOPTS environment variable before bash is started.
A malicious user with sudo access to a shell script that uses bash can use this feature to run arbitrary commands for each line of the script.
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top