GNU Bash SUID Priviledge Drop Vulnerability

Recently, a security researcher disclosed a 0-day vulnerability in /bin/bash, tracked as CVE-2019-18276. The vulnerability exists due to a bug in the privilege dropping feature of Bash. Affected Versions: Bash 5.0 Patch 11 and prior versions Vulnerability: An issue was discovered in disable_priv_mode() in shell.c of GNU Bash, which doesn’t handle setuid bit correctly. If … Continue reading “GNU Bash SUID Priviledge Drop Vulnerability”