RVD
RVD copied to clipboard
Published
20 hours ago •
aliasrobotics
aliasrobotics
RVD#1488: The expansion of '\h' in the prompt string in bash 4.3 allows arbitrary code execution.
{
"id": 1488,
"title": "RVD#1488: The expansion of '\\h' in the prompt string in bash 4.3 allows arbitrary code execution.",
"type": "vulnerability",
"description": "The expansion of '\\h' in the prompt string in bash 4.3 allows remote authenticated users to execute arbitrary code via shell metacharacters placed in 'hostname' of a machine.",
"cwe": "CWE-78",
"cve": "CVE-2016-0634",
"keywords": [
"Universal Robots",
"manipulation",
"cobot",
"CB 3.x"
],
"system": "Universal Robots Robot Controllers CB 3.x",
"vendor": "Universal Robots",
"severity": {
"rvss-score": 8.4,
"rvss-vector": "RVSS:1.0/AV:RN/AC:H/PR:L/UI:N/Y:M/S:U/C:H/I:H/A:H/H:U",
"severity-description": "High",
"cvss-score": 7.5,
"cvss-vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"
},
"links": [
"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0634",
"https://github.com/aliasrobotics/RVD/issues/1488"
],
"flaw": {
"phase": "runtime-operation",
"specificity": "N/A",
"architectural-location": "internal",
"application": "bash",
"subsystem": "N/A",
"package": "bash 4.2+dfsg-0.1+deb7u3 i386",
"languages": "None",
"date-detected": null,
"detected-by": "Victor Mayoral Vilches and Lander Usategui San Juan (Alias Robotics)",
"detected-by-method": "N/A",
"date-reported": "2020-04-03",
"reported-by": "Alias Robotics S.L.",
"reported-by-relationship": "security researcher",
"issue": "https://github.com/aliasrobotics/RVD/issues/1488",
"reproducibility": "always",
"trace": "N/A",
"reproduction": "N/A",
"reproduction-image": "N/A"
},
"exploitation": {
"description": "N/A",
"exploitation-image": "N/A",
"exploitation-vector": "N/A"
},
"mitigation": {
"description": "sudo apt-get --assume-yes install --only-upgrade bash",
"pull-request": null,
"date-mitigation": null
}
}
