فا

‫ GNU Bash Environment Variables Function Parsing Two Vulnerabilities

ID: IRCAD2014103549
Release Date: 2014-10-02
Criticality level: Highly critical
Software:
GNU Bash 3.x
GNU bash 4.x
Description:
Michal Zalewski has reported two vulnerabilities in GNU Bash, which can be exploited by malicious people to compromise a vulnerable system.
1) An error in the parser when handling certain script code within environment variables can be exploited to trigger usage of uninitialized data and subsequently e.g. execute arbitrary code via a specially crafted variable value.
2) Another error in the parser when handling certain script code within environment variables can be exploited to inject and execute arbitrary OS shell commands via a specially crafted variable value.
The vulnerabilities are reported in versions 4.3 and prior.
Solution
Apply mitigation patches available from the vendor, which eliminate the remote vector.
References:
GNU Bash:
Michal Zalewski:
Secunia:

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 16 مهر 1393

امتیاز

امتیاز شما
تعداد امتیازها: 0