#VU25547 OS Command Injection in KornShell - CVE-2019-14868

Cybersecurity Help s.r.o.

Published: 2020-02-24

Vulnerability identifier: #VU25547

Vulnerability risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2019-14868

CWE-ID: CWE-78

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
KornShell
Client/Desktop applications / Software for system administration

Vendor: David Korn

Description

The vulnerability allows a local user to execute arbitrary shell commands on the target system.

The vulnerability exists in the way ksh evaluates certain environment variables . A local user can set a specially crafted environment variable and execute arbitrary OS commands on the target system.

Mitigation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

KornShell: 2020.0.0

External links
https://github.com/att/ast/commit/c7de8b641266bac7c77942239ac659edfee9ecd2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

SUSE update for ksh

Red Hat Enterprise Linux 7.2 Advanced Update Support update for ksh

Red Hat Enterprise Linux 7.3 Advanced Update Support update for ksh

openEuler 20.03 LTS update for ksh-2020.0.0-3

Red Hat Enterprise Linux 7 update for ksh

CentOS 7 update for ksh

Red Hat update for ksh

Command injectin in KornShell (ksh)