[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2014-7187Date: (C)2014-09-29   (M)2024-02-22


Off-by-one error in the read_token_word function in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via deeply nested for loops, aka the "word_lineno" issue.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 10.0
Exploit Score: 10.0
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash
http://seclists.org/fulldisclosure/2014/Oct/0
http://www.securityfocus.com/archive/1/533593/100/0/threaded
SECUNIA-58200
SECUNIA-59907
SECUNIA-60024
SECUNIA-60034
SECUNIA-60044
SECUNIA-60055
SECUNIA-60063
SECUNIA-60193
SECUNIA-60433
SECUNIA-61065
SECUNIA-61128
SECUNIA-61129
SECUNIA-61188
SECUNIA-61283
SECUNIA-61287
SECUNIA-61291
SECUNIA-61312
SECUNIA-61313
SECUNIA-61328
SECUNIA-61442
SECUNIA-61479
SECUNIA-61485
SECUNIA-61503
SECUNIA-61550
SECUNIA-61552
SECUNIA-61565
SECUNIA-61603
SECUNIA-61618
SECUNIA-61622
SECUNIA-61633
SECUNIA-61636
SECUNIA-61641
SECUNIA-61643
SECUNIA-61654
SECUNIA-61703
SECUNIA-61816
SECUNIA-61855
SECUNIA-61857
SECUNIA-61873
SECUNIA-62312
SECUNIA-62343
APPLE-SA-2015-01-27-4
APPLE-SA-2015-09-30-3
HPSBGN03138
HPSBGN03141
HPSBGN03142
HPSBHF03125
HPSBMU03143
HPSBMU03144
HPSBMU03165
HPSBMU03182
HPSBMU03217
HPSBMU03245
HPSBMU03246
HPSBST03129
HPSBST03131
HPSBST03148
HPSBST03154
HPSBST03155
HPSBST03157
HPSBST03181
JVN#55667175
JVNDB-2014-000126
MDVSA-2015:164
RHSA-2014:1311
RHSA-2014:1312
RHSA-2014:1354
SSRT101819
SSRT101830
SSRT101868
SUSE-SU-2014:1247
SUSE-SU-2014:1259
USN-2364-1
http://openwall.com/lists/oss-security/2014/09/25/32
http://openwall.com/lists/oss-security/2014/09/26/2
http://openwall.com/lists/oss-security/2014/09/28/10
http://packetstormsecurity.com/files/128517/VMware-Security-Advisory-2014-0010.html
http://packetstormsecurity.com/files/128567/CA-Technologies-GNU-Bash-Shellshock.html
http://support.apple.com/HT204244
http://support.novell.com/security/cve/CVE-2014-7187.html
http://www-01.ibm.com/support/docview.wss?uid=isg3T1021272
http://www-01.ibm.com/support/docview.wss?uid=isg3T1021279
http://www-01.ibm.com/support/docview.wss?uid=isg3T1021361
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004879
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004897
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004898
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004915
http://www-01.ibm.com/support/docview.wss?uid=swg21685604
http://www-01.ibm.com/support/docview.wss?uid=swg21685733
http://www-01.ibm.com/support/docview.wss?uid=swg21685749
http://www-01.ibm.com/support/docview.wss?uid=swg21685914
http://www-01.ibm.com/support/docview.wss?uid=swg21686084
http://www-01.ibm.com/support/docview.wss?uid=swg21686131
http://www-01.ibm.com/support/docview.wss?uid=swg21686246
http://www-01.ibm.com/support/docview.wss?uid=swg21686445
http://www-01.ibm.com/support/docview.wss?uid=swg21686447
http://www-01.ibm.com/support/docview.wss?uid=swg21686479
http://www-01.ibm.com/support/docview.wss?uid=swg21686494
http://www-01.ibm.com/support/docview.wss?uid=swg21687079
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096315
http://www.novell.com/support/kb/doc.php?id=7015721
http://www.oracle.com/technetwork/topics/security/bashcve-2014-7169-2317675.html
http://www.qnap.com/i/en/support/con_show.php?cid=61
http://www.vmware.com/security/advisories/VMSA-2014-0010.html
https://kb.bluecoat.com/index?page=content&id=SA82
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10648
https://kc.mcafee.com/corporate/index?page=content&id=SB10085
https://support.apple.com/HT205267
https://support.citrix.com/article/CTX200217
https://support.citrix.com/article/CTX200223
https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15629.html
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04497075
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04518183
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk102673&src=securityAlerts
https://www.suse.com/support/shellshock/
openSUSE-SU-2014:1229
openSUSE-SU-2014:1242
openSUSE-SU-2014:1254
openSUSE-SU-2014:1308
openSUSE-SU-2014:1310

CPE    28
cpe:/a:gnu:bash:3.2.48
cpe:/a:gnu:bash:2.05:a
cpe:/a:gnu:bash:2.05:b
cpe:/a:gnu:bash:1.14.6
...
CWE    1
CWE-119
OVAL    15
oval:org.secpod.oval:def:702241
oval:org.secpod.oval:def:203442
oval:org.secpod.oval:def:1500741
oval:org.secpod.oval:def:1500743
...

© SecPod Technologies