| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 7.9 | $0-$5k | 0.18 |
Summary
A vulnerability was found in GNU Bash up to 4.3. It has been classified as critical. This issue affects some unknown processing. This manipulation of the argument SHELLOPTS/PS4 as part of Environment Variable causes input validation. This vulnerability is tracked as CVE-2016-7543. The attack is restricted to local execution. No exploit exists. This vulnerability has a historic impact because of its background and how it was received. Upgrading the affected component is recommended.
Details
A vulnerability has been found in GNU Bash up to 4.3 and classified as critical. Affected by this vulnerability is an unknown code block. The manipulation of the argument SHELLOPTS/PS4 as part of a Environment Variable leads to a input validation vulnerability. The CWE definition for the vulnerability is CWE-20. The product receives input or data, but it does
not validate or incorrectly validates that the input has the
properties that are required to process the data safely and
correctly. As an impact it is known to affect confidentiality, integrity, and availability. The summary by CVE is:
Bash before 4.4 allows local users to execute arbitrary commands with root privileges via crafted SHELLOPTS and PS4 environment variables.
The bug was discovered 09/16/2016. The weakness was disclosed 01/19/2017 (oss-sec). The advisory is shared at openwall.com. This vulnerability is known as CVE-2016-7543 since 09/09/2016. An attack has to be approached locally. The requirement for exploitation is a single authentication. Technical details are known, but no exploit is available. The price for an exploit might be around USD $0-$5k at the moment (estimation calculated on 11/03/2022). Due to its background and reception, this vulnerability has a historic impact.
The vulnerability was handled as a non-public zero-day exploit for at least 107 days. During that time the estimated underground price was around $5k-$25k. The vulnerability scanner Nessus provides a plugin with the ID 96233 (GLSA-201701-02 : Bash: Multiple vulnerabilities), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Gentoo Local Security Checks and running in the context l. The commercial vulnerability scanner Qualys is able to test this issue with plugin 169359 (OpenSuSE Security Update for bash (openSUSE-SU-2016:2715-1)).
Upgrading to version 4.4 eliminates this vulnerability. A possible mitigation has been published before and not just after the disclosure of the vulnerability.
The vulnerability is also documented in the databases at Tenable (96233) and SecurityFocus (BID 93183†). Additional details are provided at seclists.org. The entry VDB-95860 is pretty similar. Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Affected
- HPE NonStop OSS
Product
Vendor
Name
Version
License
Website
- Vendor: https://www.gnu.org/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 8.1VulDB Meta Temp Score: 7.9
VulDB Base Score: 7.8
VulDB Temp Score: 7.5
VulDB Vector: 🔍
VulDB Reliability: 🔍
NVD Base Score: 8.4
NVD Vector: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Input validationCWE: CWE-20
CAPEC: 🔍
ATT&CK: 🔍
Physical: Partially
Local: Yes
Remote: No
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 96233
Nessus Name: GLSA-201701-02 : Bash: Multiple vulnerabilities
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Nessus Context: 🔍
OpenVAS ID: 881926
OpenVAS Name: Fedora Update for bash FEDORA-2016-2c4b5ad64e
OpenVAS File: 🔍
OpenVAS Family: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Upgrade: Bash 4.4
Timeline
09/09/2016 🔍09/16/2016 🔍
09/26/2016 🔍
01/01/2017 🔍
01/03/2017 🔍
01/19/2017 🔍
01/19/2017 🔍
01/20/2017 🔍
11/03/2022 🔍
Sources
Vendor: gnu.orgAdvisory: RHSA-2017:1931
Status: Not defined
Confirmation: 🔍
CVE: CVE-2016-7543 (🔍)
GCVE (CVE): GCVE-0-2016-7543
GCVE (VulDB): GCVE-100-95737
SecurityFocus: 93183 - GNU Bash CVE-2016-7543 Local Command Execution Vulnerability
OSVDB: - CVE-2016-7543 - Bash - Command Execution Issue
SecurityTracker: 1037812
Misc.: 🔍
See also: 🔍
Entry
Created: 01/20/2017 15:12Updated: 11/03/2022 06:53
Changes: 01/20/2017 15:12 (79), 08/13/2020 21:19 (7), 11/03/2022 06:42 (5), 11/03/2022 06:53 (1)
Complete: 🔍
Cache ID: 216:2BF:103
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
No comments yet. Languages: en.
Please log in to comment.