| CNNVD-ID编号 | CNNVD-202002-300 |
| CVE编号 | CVE-2019-14868 |
| 发布时间 | 2020-02-06 |
| 更新时间 | 2020-12-08 |
| 漏洞类型 | 命令注入 |
| 漏洞来源 | N/A |
| 危险等级 | 高危 |
| 威胁类型 | 本地 |
| 厂 商 | N/A |
Red Hat Enterprise Linux(RHEL)是美国红帽(Red Hat)公司的一套面向企业用户的Linux操作系统。
ksh 20120801版本中存在命令注入漏洞,该漏洞源于程序将一些环境变量解析成算数表达式。远程攻击者可借助特制的参数利用该漏洞覆盖或绕过环境限制,在系统上执行Shell命令。
目前厂商已发布升级了ksh 命令注入漏洞的补丁,ksh 命令注入漏洞的补丁获取链接:
https://github.com/att/ast/commit/c7de8b641266bac7c77942239ac659edfee9ecd2
来源:MISC
链接:https://github.com/att/ast/commit/c7de8b641266bac7c77942239ac659edfee9ecd2
来源:FULLDISC
来源:MLIST
链接:https://lists.debian.org/debian-lts-announce/2020/07/msg00015.html
来源:CONFIRM
链接:https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14868
来源:CONFIRM
来源:access.redhat.com
来源:www.auscert.org.au
来源:nvd.nist.gov
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/157123/Red-Hat-Security-Advisory-2020-1333-01.html
来源:www.auscert.org.au
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/156218/Red-Hat-Security-Advisory-2020-0431-01.html
来源:vigilance.fr
来源:www.auscert.org.au
来源:www.auscert.org.au
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/160376/Red-Hat-Security-Advisory-2020-5352-01.html
来源:www.auscert.org.au
来源:www.auscert.org.au
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/156381/Red-Hat-Security-Advisory-2020-0515-01.html
来源:www.auscert.org.au
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/157877/Apple-Security-Advisory-2020-05-26-3.html
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/156502/Red-Hat-Security-Advisory-2020-0568-01.html
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/157769/Red-Hat-Security-Advisory-2020-2210-01.html
来源:www.auscert.org.au
来源:support.apple.com
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/156454/Red-Hat-Security-Advisory-2020-0559-01.html
暂无