Описание
Stack-based buffer overflow in lib/sh/eaccess.c in GNU Bash before 4.2 patch 33 might allow local users to bypass intended restricted shell access via a long filename in /dev/fd, which is not properly handled when expanding the /dev/fd prefix.
Отчет
Red Hat does not consider this do be a security issue. The affected code is present in Red Hat Enterprise Linux 5 and 6, but due to use of FORTIFY_SOURCE protections the impact would be limited to a crash. Therefore, there are no plans to correct this issue in Red Hat Enterprise Linux 5 and 6.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | bash | Not affected | ||
| Red Hat Enterprise Linux 6 | bash | Not affected |
Показывать по
Дополнительная информация
Статус:
4.3 Medium
CVSS2
Связанные уязвимости
Stack-based buffer overflow in lib/sh/eaccess.c in GNU Bash before 4.2 patch 33 might allow local users to bypass intended restricted shell access via a long filename in /dev/fd, which is not properly handled when expanding the /dev/fd prefix.
Stack-based buffer overflow in lib/sh/eaccess.c in GNU Bash before 4.2 patch 33 might allow local users to bypass intended restricted shell access via a long filename in /dev/fd, which is not properly handled when expanding the /dev/fd prefix.
Stack-based buffer overflow in lib/sh/eaccess.c in GNU Bash before 4.2 ...
Stack-based buffer overflow in lib/sh/eaccess.c in GNU Bash before 4.2 patch 33 might allow local users to bypass intended restricted shell access via a long filename in /dev/fd, which is not properly handled when expanding the /dev/fd prefix.
Уязвимости операционной системы Gentoo Linux, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
4.3 Medium
CVSS2