bash: various unresolved security issues (CVE-2014-7186,CVE-2014-7187,CVE-2014-6277,CVE-2014-6278)
The Shellshock vulnerability in Bash command line interpreter shell is likely to require more patches, as security researchers continue to unearth further problems in the code. Google security researcher Michal “lcamtuf” Zalewski has disclosed that over the past two days he has discovered previously unaddressed issues in the Bash function parser, one of which is as bad as the original Shellshock vulnerability.
CVE-2014-7186:
It was discovered that the fixed-sized redir_stack could be forced to
overflow in the Bash parser, resulting in memory corruption, and
possibly leading to arbitrary code execution when evaluating untrusted
input that would not otherwise be run as code.
CVE-2014-7187:
An off-by-one error was discovered in the way Bash was handling deeply
nested flow control constructs. Depending on the layout of the .bss
segment, this could allow arbitrary execution of code that would not
otherwise be executed by Bash.
CVE-2014-6277: bash: untrusted pointer use issue leading to code execution
CVE-2014-6278: bash: code execution via specially crafted environment variables
References:
DETAILED:
http://lcamtuf.blogspot.ro/2014/09/bash-bug-apply-unofficial-patch-now.html
http://www.itnews.com.au/News/396256,further-flaws-render-shellshock-patch-ineffective.aspx
PATCH: http://www.openwall.com/lists/oss-security/2014/09/25/13
PATCH: http://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-027
http://seclists.org/oss-sec/2014/q3/735
https://access.redhat.com/security/cve/CVE-2014-7186
https://access.redhat.com/security/cve/CVE-2014-7187
https://access.redhat.com/security/cve/CVE-2014-6277
https://access.redhat.com/security/cve/CVE-2014-6278
(from redmine: issue id 3407, created on 2014-10-01, closed on 2014-10-02)
- Relations:
- relates #3402 (closed)
- relates #3422 (closed)
- child #3408 (closed)
- child #3409 (closed)
- child #3410 (closed)
- child #3411 (closed)