BASH_CMDS is writable in restricted bash shells (fixed upstream, need to backport patch)
Bug #1803441 reported by
Andrew Zonenberg
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| bash (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
| Trusty |
Fix Released
|
Undecided
|
Leonidas S. Barbosa | ||
Bug Description
In 14.04 LTS, the BASH_CMDS variable is writable in rbash. This allows a trivial escape from rbash to run arbitrary shell commands.
This issue is fixed upstream: http://
CVE References
| information type: | Private Security → Public Security |
| Changed in bash (Ubuntu Trusty): | |
| status: | New → In Progress |
| assignee: | nobody → Leonidas S. Barbosa (leosilvab) |
To post a comment you must log in.

Hi Andrew, thanks for reporting this. Do you know if a CVE was assigned for this issue?