CVE-2016-9401 - popd in bash might allow local users to bypass the restricted shell and cause a use-after-free via a

CVE-2016-9401

Summary

popd in bash might allow local users to bypass the restricted shell and cause a use-after-free via a crafted address.

References

Vulnerable Configurations

cpe:2.3:a:gnu:bash:-:*:*:*:*:*:*:*
cpe:2.3:a:gnu:bash:-:*:*:*:*:*:*:*
cpe:2.3:a:gnu:bash:1.14.0:*:*:*:*:*:*:*
cpe:2.3:a:gnu:bash:1.14.0:*:*:*:*:*:*:*
cpe:2.3:a:gnu:bash:1.14.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:bash:1.14.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:bash:1.14.2:*:*:*:*:*:*:*
cpe:2.3:a:gnu:bash:1.14.2:*:*:*:*:*:*:*
cpe:2.3:a:gnu:bash:1.14.3:*:*:*:*:*:*:*
cpe:2.3:a:gnu:bash:1.14.3:*:*:*:*:*:*:*
cpe:2.3:a:gnu:bash:1.14.4:*:*:*:*:*:*:*
cpe:2.3:a:gnu:bash:1.14.4:*:*:*:*:*:*:*
cpe:2.3:a:gnu:bash:1.14.5:*:*:*:*:*:*:*
cpe:2.3:a:gnu:bash:1.14.5:*:*:*:*:*:*:*
cpe:2.3:a:gnu:bash:1.14.6:*:*:*:*:*:*:*
cpe:2.3:a:gnu:bash:1.14.6:*:*:*:*:*:*:*
cpe:2.3:a:gnu:bash:1.14.7:*:*:*:*:*:*:*
cpe:2.3:a:gnu:bash:1.14.7:*:*:*:*:*:*:*
cpe:2.3:a:gnu:bash:2.0:*:*:*:*:*:*:*
cpe:2.3:a:gnu:bash:2.0:*:*:*:*:*:*:*
cpe:2.3:a:gnu:bash:2.01:*:*:*:*:*:*:*
cpe:2.3:a:gnu:bash:2.01:*:*:*:*:*:*:*
cpe:2.3:a:gnu:bash:2.01.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:bash:2.01.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:bash:2.02:*:*:*:*:*:*:*
cpe:2.3:a:gnu:bash:2.02:*:*:*:*:*:*:*
cpe:2.3:a:gnu:bash:2.02.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:bash:2.02.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:bash:2.03:*:*:*:*:*:*:*
cpe:2.3:a:gnu:bash:2.03:*:*:*:*:*:*:*
cpe:2.3:a:gnu:bash:2.04:*:*:*:*:*:*:*
cpe:2.3:a:gnu:bash:2.04:*:*:*:*:*:*:*
cpe:2.3:a:gnu:bash:2.05:*:*:*:*:*:*:*
cpe:2.3:a:gnu:bash:2.05:*:*:*:*:*:*:*
cpe:2.3:a:gnu:bash:2.05:a:*:*:*:*:*:*
cpe:2.3:a:gnu:bash:2.05:a:*:*:*:*:*:*
cpe:2.3:a:gnu:bash:2.05:b:*:*:*:*:*:*
cpe:2.3:a:gnu:bash:2.05:b:*:*:*:*:*:*
cpe:2.3:a:gnu:bash:3.0:*:*:*:*:*:*:*
cpe:2.3:a:gnu:bash:3.0:*:*:*:*:*:*:*
cpe:2.3:a:gnu:bash:3.0.16:*:*:*:*:*:*:*
cpe:2.3:a:gnu:bash:3.0.16:*:*:*:*:*:*:*
cpe:2.3:a:gnu:bash:3.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:bash:3.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:bash:3.2:*:*:*:*:*:*:*
cpe:2.3:a:gnu:bash:3.2:*:*:*:*:*:*:*
cpe:2.3:a:gnu:bash:3.2.48:*:*:*:*:*:*:*
cpe:2.3:a:gnu:bash:3.2.48:*:*:*:*:*:*:*
cpe:2.3:a:gnu:bash:3.2.57:beta1:*:*:*:*:*:*
cpe:2.3:a:gnu:bash:3.2.57:beta1:*:*:*:*:*:*
cpe:2.3:a:gnu:bash:4.0:*:*:*:*:*:*:*
cpe:2.3:a:gnu:bash:4.0:*:*:*:*:*:*:*
cpe:2.3:a:gnu:bash:4.0:rc1:*:*:*:*:*:*
cpe:2.3:a:gnu:bash:4.0:rc1:*:*:*:*:*:*
cpe:2.3:a:gnu:bash:4.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:bash:4.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:bash:4.2:*:*:*:*:*:*:*
cpe:2.3:a:gnu:bash:4.2:*:*:*:*:*:*:*
cpe:2.3:a:gnu:bash:4.2.53:beta1:*:*:*:*:*:*
cpe:2.3:a:gnu:bash:4.2.53:beta1:*:*:*:*:*:*
cpe:2.3:a:gnu:bash:4.3:*:*:*:*:*:*:*
cpe:2.3:a:gnu:bash:4.3:*:*:*:*:*:*:*
cpe:2.3:a:gnu:bash:4.3.30:beta1:*:*:*:*:*:*
cpe:2.3:a:gnu:bash:4.3.30:beta1:*:*:*:*:*:*
cpe:2.3:a:gnu:bash:4.4:patch1:*:*:*:*:*:*
cpe:2.3:a:gnu:bash:4.4:patch1:*:*:*:*:*:*
cpe:2.3:a:gnu:bash:4.4:patch2:*:*:*:*:*:*
cpe:2.3:a:gnu:bash:4.4:patch2:*:*:*:*:*:*
cpe:2.3:a:gnu:bash:4.4:patch3:*:*:*:*:*:*
cpe:2.3:a:gnu:bash:4.4:patch3:*:*:*:*:*:*
cpe:2.3:a:gnu:bash:4.4:patch4:*:*:*:*:*:*
cpe:2.3:a:gnu:bash:4.4:patch4:*:*:*:*:*:*
cpe:2.3:a:gnu:bash:4.4:patch5:*:*:*:*:*:*
cpe:2.3:a:gnu:bash:4.4:patch5:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

CVSS

Base:	2.1 (as of 14-09-2020 - 18:32)
Impact:
Exploitability:

CWE

CWE-416

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:L/AC:L/Au:N/C:N/I:N/A:P

redhat via4

advisories

bugzilla

id	1396383
title	CVE-2016-9401 bash: popd controlled free

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 6 is installed
oval oval:com.redhat.rhba:tst:20111656003

AND
comment bash is earlier than 0:4.1.2-48.el6
oval oval:com.redhat.rhsa:tst:20170725001
comment bash is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20141293002
AND
comment bash-doc is earlier than 0:4.1.2-48.el6
oval oval:com.redhat.rhsa:tst:20170725003
comment bash-doc is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20141293004

rhsa

id	RHSA-2017:0725
released	2017-03-21
severity	Moderate
title	RHSA-2017:0725: bash security and bug fix update (Moderate)

bugzilla

id	1396383
title	CVE-2016-9401 bash: popd controlled free

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 7 is installed
oval oval:com.redhat.rhba:tst:20150364027

AND
comment bash is earlier than 0:4.2.46-28.el7
oval oval:com.redhat.rhsa:tst:20171931001
comment bash is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20141293002
AND
comment bash-doc is earlier than 0:4.2.46-28.el7
oval oval:com.redhat.rhsa:tst:20171931003
comment bash-doc is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20141293004

rhsa

id	RHSA-2017:1931
released	2017-08-01
severity	Moderate
title	RHSA-2017:1931: bash security and bug fix update (Moderate)

rpms

bash-0:4.1.2-48.el6
bash-debuginfo-0:4.1.2-48.el6
bash-doc-0:4.1.2-48.el6
bash-0:4.2.46-28.el7
bash-debuginfo-0:4.2.46-28.el7
bash-doc-0:4.2.46-28.el7

refmap via4

bid	94398
gentoo	GLSA-201701-02
mlist	[debian-lts-announce] 20190325 [SECURITY] [DLA 1726-1] bash security update [oss-security] 20161117 Re: bash - popd controlled free [oss-security] 20161117 bash - popd controlled free

Last major update

14-09-2020 - 18:32

Published

23-01-2017 - 21:59

Last modified

14-09-2020 - 18:32