Test ID:	1.3.6.1.4.1.25623.1.1.10.2021.0141
Category:	Mageia Linux Local Security Checks
Title:	Mageia: Security Advisory (MGASA-2021-0141)
Summary:	The remote host is missing an update for the 'ksh' package(s) announced via the MGASA-2021-0141 advisory.
Description:	Summary: The remote host is missing an update for the 'ksh' package(s) announced via the MGASA-2021-0141 advisory. Vulnerability Insight: A flaw was found in the way ksh evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those environment variables could allow them to exploit this issue remotely (CVE-2019-14868). Affected Software/OS: 'ksh' package(s) on Mageia 7. Solution: Please install the updated package(s). CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2019-14868 20200529 APPLE-SA-2020-05-26-3 macOS Catalina 10.15.5, Security Update 2020-003 Mojave, Security Update 2020-003 High Sierra http://seclists.org/fulldisclosure/2020/May/53 [debian-lts-announce] 20200720 [SECURITY] [DLA 2284-1] ksh security update https://lists.debian.org/debian-lts-announce/2020/07/msg00015.html https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14868 https://github.com/att/ast/commit/c7de8b641266bac7c77942239ac659edfee9ecd2 https://support.apple.com/kb/HT211170
Copyright	Copyright (C) 2022 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.