CVE-2019-14868

Name
CVE-2019-14868
Description
In ksh version 20120801, a flaw was found in the way it evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those environment variables could allow them to exploit this issue remotely.
NVD Severity
medium
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14868
Patch https://github.com/att/ast/commit/c7de8b641266bac7c77942239ac659edfee9ecd2
Third Party Advisory https://support.apple.com/kb/HT211170
Mailing List http://seclists.org/fulldisclosure/2020/May/53
Mailing List https://lists.debian.org/debian-lts-announce/2020/07/msg00015.html

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:ksh_project:ksh:20120801:*:*:*:*:*:*:* ksh == None == 20120801

Vulnerable and fixed packages

Source package Branch Version Maintainer Status