FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-11-23 17:01:17 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
8b20d716-49df-11ea-9f7b-206a8a720317	ksh93 -- certain environment variables interpreted as arithmetic expressions on startup, leading to code injection Upstream ksh93 maintainer Siteshwar Vashisht reports: A flaw was found in the way ksh evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those environment variables could allow them to exploit this issue remotely. Discovery 2019-10-01 Entry 2020-02-07 ksh93 >= 2020.0.0 lt 2020.0.1_1,1 ksh93-devel < 2020.02.07 https://bugzilla.redhat.com/show_bug.cgi?id=1757324 https://access.redhat.com/security/cve/CVE-2019-14868 https://access.redhat.com/errata/RHSA-2020:0431

VuXML ID

Description

8b20d716-49df-11ea-9f7b-206a8a720317

ksh93 -- certain environment variables interpreted as arithmetic expressions on startup, leading to code injection

Upstream ksh93 maintainer Siteshwar Vashisht reports:

A flaw was found in the way ksh evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those environment variables could allow them to exploit this issue remotely.

Discovery 2019-10-01
Entry 2020-02-07
ksh93

>= 2020.0.0 lt 2020.0.1_1,1

ksh93-devel

< 2020.02.07

https://bugzilla.redhat.com/show_bug.cgi?id=1757324
https://access.redhat.com/security/cve/CVE-2019-14868
https://access.redhat.com/errata/RHSA-2020:0431