ID CVE-2016-9401
Summary popd in bash might allow local users to bypass the restricted shell and cause a use-after-free via a crafted address.
References
Vulnerable Configurations
  • cpe:2.3:a:gnu:bash:-:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:bash:-:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:bash:1.14.0:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:bash:1.14.0:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:bash:1.14.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:bash:1.14.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:bash:1.14.2:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:bash:1.14.2:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:bash:1.14.3:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:bash:1.14.3:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:bash:1.14.4:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:bash:1.14.4:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:bash:1.14.5:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:bash:1.14.5:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:bash:1.14.6:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:bash:1.14.6:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:bash:1.14.7:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:bash:1.14.7:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:bash:2.0:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:bash:2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:bash:2.01:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:bash:2.01:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:bash:2.01.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:bash:2.01.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:bash:2.02:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:bash:2.02:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:bash:2.02.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:bash:2.02.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:bash:2.03:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:bash:2.03:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:bash:2.04:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:bash:2.04:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:bash:2.05:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:bash:2.05:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:bash:2.05:a:*:*:*:*:*:*
    cpe:2.3:a:gnu:bash:2.05:a:*:*:*:*:*:*
  • cpe:2.3:a:gnu:bash:2.05:b:*:*:*:*:*:*
    cpe:2.3:a:gnu:bash:2.05:b:*:*:*:*:*:*
  • cpe:2.3:a:gnu:bash:3.0:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:bash:3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:bash:3.0.16:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:bash:3.0.16:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:bash:3.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:bash:3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:bash:3.2:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:bash:3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:bash:3.2.48:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:bash:3.2.48:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:bash:3.2.57:beta1:*:*:*:*:*:*
    cpe:2.3:a:gnu:bash:3.2.57:beta1:*:*:*:*:*:*
  • cpe:2.3:a:gnu:bash:4.0:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:bash:4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:bash:4.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:gnu:bash:4.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:gnu:bash:4.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:bash:4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:bash:4.2:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:bash:4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:bash:4.2.53:beta1:*:*:*:*:*:*
    cpe:2.3:a:gnu:bash:4.2.53:beta1:*:*:*:*:*:*
  • cpe:2.3:a:gnu:bash:4.3:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:bash:4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:bash:4.3.30:beta1:*:*:*:*:*:*
    cpe:2.3:a:gnu:bash:4.3.30:beta1:*:*:*:*:*:*
  • cpe:2.3:a:gnu:bash:4.4:patch1:*:*:*:*:*:*
    cpe:2.3:a:gnu:bash:4.4:patch1:*:*:*:*:*:*
  • cpe:2.3:a:gnu:bash:4.4:patch2:*:*:*:*:*:*
    cpe:2.3:a:gnu:bash:4.4:patch2:*:*:*:*:*:*
  • cpe:2.3:a:gnu:bash:4.4:patch3:*:*:*:*:*:*
    cpe:2.3:a:gnu:bash:4.4:patch3:*:*:*:*:*:*
  • cpe:2.3:a:gnu:bash:4.4:patch4:*:*:*:*:*:*
    cpe:2.3:a:gnu:bash:4.4:patch4:*:*:*:*:*:*
  • cpe:2.3:a:gnu:bash:4.4:patch5:*:*:*:*:*:*
    cpe:2.3:a:gnu:bash:4.4:patch5:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
CVSS
Base: 2.1 (as of 14-09-2020 - 18:32)
Impact:
Exploitability:
CWE CWE-416
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:L/AC:L/Au:N/C:N/I:N/A:P
redhat via4
advisories
  • bugzilla
    id 1396383
    title CVE-2016-9401 bash: popd controlled free
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 6 is installed
        oval oval:com.redhat.rhba:tst:20111656003
      • OR
        • AND
          • comment bash is earlier than 0:4.1.2-48.el6
            oval oval:com.redhat.rhsa:tst:20170725001
          • comment bash is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20141293002
        • AND
          • comment bash-doc is earlier than 0:4.1.2-48.el6
            oval oval:com.redhat.rhsa:tst:20170725003
          • comment bash-doc is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20141293004
    rhsa
    id RHSA-2017:0725
    released 2017-03-21
    severity Moderate
    title RHSA-2017:0725: bash security and bug fix update (Moderate)
  • bugzilla
    id 1396383
    title CVE-2016-9401 bash: popd controlled free
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 7 is installed
        oval oval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • comment bash is earlier than 0:4.2.46-28.el7
            oval oval:com.redhat.rhsa:tst:20171931001
          • comment bash is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20141293002
        • AND
          • comment bash-doc is earlier than 0:4.2.46-28.el7
            oval oval:com.redhat.rhsa:tst:20171931003
          • comment bash-doc is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20141293004
    rhsa
    id RHSA-2017:1931
    released 2017-08-01
    severity Moderate
    title RHSA-2017:1931: bash security and bug fix update (Moderate)
rpms
  • bash-0:4.1.2-48.el6
  • bash-debuginfo-0:4.1.2-48.el6
  • bash-doc-0:4.1.2-48.el6
  • bash-0:4.2.46-28.el7
  • bash-debuginfo-0:4.2.46-28.el7
  • bash-doc-0:4.2.46-28.el7
refmap via4
bid 94398
gentoo GLSA-201701-02
mlist
  • [debian-lts-announce] 20190325 [SECURITY] [DLA 1726-1] bash security update
  • [oss-security] 20161117 Re: bash - popd controlled free
  • [oss-security] 20161117 bash - popd controlled free
Last major update 14-09-2020 - 18:32
Published 23-01-2017 - 21:59
Last modified 14-09-2020 - 18:32
Back to Top