Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2019-14868

In ksh version 20120801, a flaw was found in the way it evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those environment variables could allow them to exploit this issue remotely.

Related bugs and status

CVE-2019-14868 (Candidate) is related to these bugs:

Bug #1918017: ksh93 problems (ksh 2020)

Summary				In	Importance	Status
	1918017	ksh93 problems (ksh 2020)		ksh (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: https://github.com/att...
MISC: http://seclists.org/fu...
MISC: https://lists.debian.o...
MISC: https://bugzilla.redha...
MISC: https://support.apple....