Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 708618 (CVE-2019-14868) - app-shells/ksh certain environment variables interpreted as arithmetic expressions on startup, leading to code injection
Summary: app-shells/ksh certain environment variables interpreted as arithmetic expres...
Status: CONFIRMED
Alias: CVE-2019-14868
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2020-02-07 15:56 UTC by Mike Gilbert
Modified: 2020-02-07 16:08 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Mike Gilbert gentoo-dev 2020-02-07 15:56:08 UTC
From the Red Hat bug report:

A flaw was found in the way ksh evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those environment variables could allow them to exploit this issue remotely.
Comment 1 Larry the Git Cow gentoo-dev 2020-02-07 16:08:12 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=17c85a06ac2f352567348a04c4f682c950105417

commit 17c85a06ac2f352567348a04c4f682c950105417
Author:     Mike Gilbert <floppym@gentoo.org>
AuthorDate: 2020-02-07 16:07:03 +0000
Commit:     Mike Gilbert <floppym@gentoo.org>
CommitDate: 2020-02-07 16:07:24 +0000

    app-shells/ksh: add fix for CVE-2019-14868
    
    Bug: https://bugs.gentoo.org/708618
    Package-Manager: Portage-2.3.86_p1, Repoman-2.3.20_p43
    Signed-off-by: Mike Gilbert <floppym@gentoo.org>

 app-shells/ksh/files/CVE-2019-14868.patch          | 89 ++++++++++++++++++++++
 ...{ksh-2020.0.0.ebuild => ksh-2020.0.0-r1.ebuild} |  3 +-
 2 files changed, 91 insertions(+), 1 deletion(-)