CVE-2019-14868

In ksh version 20120801, a flaw was found in the way it evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those environment variables could allow them to exploit this issue remotely.
Configurations

Configuration 1 (hide)

cpe:2.3:a:ksh_project:ksh:20120801:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*

History

12 Feb 2023, 23:36

Type Values Removed Values Added
Summary A flaw was found in the way ksh evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those environment variables could allow them to exploit this issue remotely. In ksh version 20120801, a flaw was found in the way it evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those environment variables could allow them to exploit this issue remotely.
References
  • {'url': 'https://access.redhat.com/security/cve/CVE-2019-14868', 'name': 'https://access.redhat.com/security/cve/CVE-2019-14868', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://access.redhat.com/errata/RHSA-2020:5351', 'name': 'https://access.redhat.com/errata/RHSA-2020:5351', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://access.redhat.com/errata/RHSA-2020:0515', 'name': 'https://access.redhat.com/errata/RHSA-2020:0515', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://access.redhat.com/errata/RHSA-2020:2210', 'name': 'https://access.redhat.com/errata/RHSA-2020:2210', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://access.redhat.com/errata/RHSA-2020:1332', 'name': 'https://access.redhat.com/errata/RHSA-2020:1332', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://access.redhat.com/errata/RHSA-2020:1333', 'name': 'https://access.redhat.com/errata/RHSA-2020:1333', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://access.redhat.com/errata/RHSA-2020:0431', 'name': 'https://access.redhat.com/errata/RHSA-2020:0431', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://bugzilla.redhat.com/show_bug.cgi?id=1757324', 'name': 'https://bugzilla.redhat.com/show_bug.cgi?id=1757324', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://access.redhat.com/errata/RHSA-2020:5352', 'name': 'https://access.redhat.com/errata/RHSA-2020:5352', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://access.redhat.com/errata/RHSA-2020:0559', 'name': 'https://access.redhat.com/errata/RHSA-2020:0559', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://access.redhat.com/errata/RHSA-2020:0568', 'name': 'https://access.redhat.com/errata/RHSA-2020:0568', 'tags': [], 'refsource': 'MISC'}

02 Feb 2023, 15:17

Type Values Removed Values Added
Summary In ksh version 20120801, a flaw was found in the way it evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those environment variables could allow them to exploit this issue remotely. A flaw was found in the way ksh evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those environment variables could allow them to exploit this issue remotely.
References
  • (MISC) https://access.redhat.com/security/cve/CVE-2019-14868 -
  • (MISC) https://access.redhat.com/errata/RHSA-2020:5351 -
  • (MISC) https://access.redhat.com/errata/RHSA-2020:0515 -
  • (MISC) https://access.redhat.com/errata/RHSA-2020:2210 -
  • (MISC) https://access.redhat.com/errata/RHSA-2020:1332 -
  • (MISC) https://access.redhat.com/errata/RHSA-2020:1333 -
  • (MISC) https://access.redhat.com/errata/RHSA-2020:0431 -
  • (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1757324 -
  • (MISC) https://access.redhat.com/errata/RHSA-2020:5352 -
  • (MISC) https://access.redhat.com/errata/RHSA-2020:0559 -
  • (MISC) https://access.redhat.com/errata/RHSA-2020:0568 -

Information

Published : 2020-04-02 17:15

Updated : 2023-12-10 13:27


NVD link : CVE-2019-14868

Mitre link : CVE-2019-14868

CVE.ORG link : CVE-2019-14868


JSON object : View

Products Affected

debian

  • debian_linux

ksh_project

  • ksh

apple

  • mac_os_x
CWE
CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')