[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

ELSA-2014-1306 -- Oracle bash

ID: oval:org.secpod.oval:def:1500743Date: (C)2014-10-14   (M)2024-02-19
Class: PATCHFamily: unix




GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271.

Platform:
Oracle Linux 6
Product:
bash
Reference:
ELSA-2014-1306
CVE-2014-7187
CVE-2014-7169
CVE-2014-7186
CVE    3
CVE-2014-7186
CVE-2014-7187
CVE-2014-7169
CPE    2
cpe:/a:matthias_klose:bash-doc
cpe:/o:oracle:linux:6

© SecPod Technologies