CVE-2019-18276

Published: Nov 28, 2019 Last Modified: Giu 09, 2025
ExploitDB:
Other exploit source:
Google Dorks:
HIGH 7,8
Source: [email protected]
Attack Vector: local
Attack Complexity: low
Privileges Required: low
User Interaction: none
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high
HIGH 7,2
Source: [email protected]
Access Vector: local
Access Complexity: low
Authentication: none
Confidentiality: complete
Integrity: complete
Availability: complete

Description

AI Translation Available

An issue was discovered in disable_priv_mode in shell.c in GNU Bash through 5.0 patch 11. By default, if Bash is run with its effective UID not equal to its real UID, it will drop privileges by setting its effective UID to its real UID. However, it does so incorrectly. On Linux and other systems that support 'saved UID' functionality, the saved UID is not dropped. An attacker with command execution in the shell can use 'enable -f' for runtime loading of a new builtin, which can be a shared object that calls setuid() and therefore regains privileges. However, binaries running with an effective UID of 0 are unaffected.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,4961
Percentile
1,0th
Updated

EPSS Score Trend (Last 90 Days)

273

Improper Check for Dropped Privileges

Incomplete
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Access Control Non-Repudiation
Potential Impacts:
Gain Privileges Or Assume Identity Hide Activities
Applicable Platforms
All platforms may be affected
Likelihood of Exploit: Medium
View CWE Details
Application

Bash by Gnu

Product Information
Vendor Gnu
Product Bash
Version 5.0
cpe:2.3:a:gnu:bash:5.0:patch1:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Oncommand Unified Manager by Netapp

Product Information
Vendor Netapp
Product Oncommand Unified Manager
Version Range Affected
From 9.5 (inclusive)
cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vmware_vsphere:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Communications Cloud Native Core Policy by Oracle

Product Information
Vendor Oracle
Product Communications Cloud Native Core Policy
Version 1.14.0
cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Bash by Gnu

Product Information
Vendor Gnu
Product Bash
Version 5.0
cpe:2.3:a:gnu:bash:5.0:patch6:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Bash by Gnu

Product Information
Vendor Gnu
Product Bash
Version 5.0
cpe:2.3:a:gnu:bash:5.0:patch4:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Bash by Gnu

Product Information
Vendor Gnu
Product Bash
Version 5.0
cpe:2.3:a:gnu:bash:5.0:patch8:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Bash by Gnu

Product Information
Vendor Gnu
Product Bash
Version 5.0
cpe:2.3:a:gnu:bash:5.0:patch2:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Bash by Gnu

Product Information
Vendor Gnu
Product Bash
Version 5.0
cpe:2.3:a:gnu:bash:5.0:patch3:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Bash by Gnu

Product Information
Vendor Gnu
Product Bash
Version 5.0
cpe:2.3:a:gnu:bash:5.0:patch11:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Bash by Gnu

Product Information
Vendor Gnu
Product Bash
Version Range Affected
To 5.0 (inclusive)
cpe:2.3:a:gnu:bash:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Hci Management Node by Netapp

Product Information
Vendor Netapp
Product Hci Management Node
Version -
cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Solidfire by Netapp

Product Information
Vendor Netapp
Product Solidfire
Version -
cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Bash by Gnu

Product Information
Vendor Gnu
Product Bash
Version 5.0
cpe:2.3:a:gnu:bash:5.0:patch10:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Bash by Gnu

Product Information
Vendor Gnu
Product Bash
Version 5.0
cpe:2.3:a:gnu:bash:5.0:patch7:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Bash by Gnu

Product Information
Vendor Gnu
Product Bash
Version 5.0
cpe:2.3:a:gnu:bash:5.0:beta2:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Bash by Gnu

Product Information
Vendor Gnu
Product Bash
Version 5.0
cpe:2.3:a:gnu:bash:5.0:rc1:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Bash by Gnu

Product Information
Vendor Gnu
Product Bash
Version 5.0
cpe:2.3:a:gnu:bash:5.0:patch9:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Bash by Gnu

Product Information
Vendor Gnu
Product Bash
Version 5.0
cpe:2.3:a:gnu:bash:5.0:patch5:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Bash by Gnu

Product Information
Vendor Gnu
Product Bash
Version 5.0
cpe:2.3:a:gnu:bash:5.0:beta1:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-…
Exploit Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalat…
https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036…
Patch Third Party Advisory
https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb412…
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff043…
https://security.gentoo.org/glsa/202105-34
Third Party Advisory
https://security.gentoo.org/glsa/202105-34
https://security.netapp.com/advisory/ntap-20200430-0003/
Third Party Advisory
https://security.netapp.com/advisory/ntap-20200430-0003/
https://www.oracle.com/security-alerts/cpuapr2022.html
Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.youtube.com/watch?v=-wGtxJ8opa8
Exploit Third Party Advisory
https://www.youtube.com/watch?v=-wGtxJ8opa8
http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-…
Exploit Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalat…
https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036…
Patch Third Party Advisory
https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb412…
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff043…
https://security.gentoo.org/glsa/202105-34
Third Party Advisory
https://security.gentoo.org/glsa/202105-34
https://security.netapp.com/advisory/ntap-20200430-0003/
Third Party Advisory
https://security.netapp.com/advisory/ntap-20200430-0003/
https://www.oracle.com/security-alerts/cpuapr2022.html
Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.youtube.com/watch?v=-wGtxJ8opa8
Exploit Third Party Advisory
https://www.youtube.com/watch?v=-wGtxJ8opa8