Test ID:	1.3.6.1.4.1.25623.1.0.883185
Category:	CentOS Local Security Checks
Title:	CentOS: Security Advisory for ksh (CESA-2020:0515)
Summary:	The remote host is missing an update for the 'ksh'; package(s) announced via the CESA-2020:0515 advisory.
Description:	Summary: The remote host is missing an update for the 'ksh' package(s) announced via the CESA-2020:0515 advisory. Vulnerability Insight: KornShell (ksh) is a Unix shell developed by AT&T Bell Laboratories, which is backward-compatible with the Bourne shell (sh) and includes many features of the C shell. The most recent version is KSH-93. KornShell complies with the POSIX.2 standard (IEEE Std 1003.2-1992). Security Fix(es): * ksh: certain environment variables interpreted as arithmetic expressions on startup, leading to code injection (CVE-2019-14868) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Affected Software/OS: 'ksh' package(s) on CentOS 6. Solution: Please install the updated package(s). CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2019-14868 20200529 APPLE-SA-2020-05-26-3 macOS Catalina 10.15.5, Security Update 2020-003 Mojave, Security Update 2020-003 High Sierra http://seclists.org/fulldisclosure/2020/May/53 [debian-lts-announce] 20200720 [SECURITY] [DLA 2284-1] ksh security update https://lists.debian.org/debian-lts-announce/2020/07/msg00015.html https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14868 https://github.com/att/ast/commit/c7de8b641266bac7c77942239ac659edfee9ecd2 https://support.apple.com/kb/HT211170
Copyright	Copyright (C) 2020 Greenbone Networks GmbH

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.