VDB

GCVE-110-MAGEIA-2016-393

GCVE-110-MAGEIA-2016-393
Advisory Published
Vulnetix · Advisory published November 21, 2016
A vulnerability was found in a way bash expands the $HOSTNAME. Injecting the hostname with malicious code would cause it to run each time bash expanded \h in the prompt string (CVE-2016-0634). Shells running as root inherited PS4 from the environment, allowing PS4 expansion performing command substitution. Local attacker could gain arbitrary code execution via bogus setuid binaries using system()/popen() by specially crafting SHELLOPTS+PS4 environment variables (CVE-2016-7543)

Affected Products

VendorProductVersionsPlatforms
Mageiabash0 (affected), 4.3-48.2.mga5 (unaffected)

Browse GCVE Records

73,053 records in the GCVE database · Updated July 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›