Описание
Off-by-one error in the read_token_word function in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via deeply nested for loops, aka the "word_lineno" issue.
An off-by-one error was discovered in the way Bash was handling deeply nested flow control constructs. Depending on the layout of the .bss segment, this could allow arbitrary execution of code that would not otherwise be executed by Bash.
Отчет
Red Hat Product Security does not consider this bug to have any security impact on the bash packages shipped in Red Hat Enterprise Linux. A fix for this issue was applied as a hardening in RHSA-2014:1306, RHSA-2014:1311, and RHSA-2014:1312.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 3 | bash | Not affected | ||
| Red Hat Enterprise Linux Extended Update Support 5.6 | bash | Affected | ||
| Red Hat Enterprise Linux 4 Extended Lifecycle Support | bash | Fixed | RHSA-2014:1311 | 26.09.2014 |
| Red Hat Enterprise Linux 5 | bash | Fixed | RHSA-2014:1306 | 26.09.2014 |
| Red Hat Enterprise Linux 5.6 Long Life | bash | Fixed | RHSA-2014:1311 | 26.09.2014 |
| Red Hat Enterprise Linux 5.9 Extended Update Support | bash | Fixed | RHSA-2014:1311 | 26.09.2014 |
| Red Hat Enterprise Linux 6 | bash | Fixed | RHSA-2014:1306 | 26.09.2014 |
| Red Hat Enterprise Linux 6.2 Advanced Update Support | bash | Fixed | RHSA-2014:1311 | 26.09.2014 |
| Red Hat Enterprise Linux 6.4 Extended Update Support | bash | Fixed | RHSA-2014:1311 | 26.09.2014 |
| Red Hat Enterprise Linux 7 | bash | Fixed | RHSA-2014:1306 | 26.09.2014 |
Показывать по
Дополнительная информация
Статус:
4.6 Medium
CVSS2
Связанные уязвимости
Off-by-one error in the read_token_word function in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via deeply nested for loops, aka the "word_lineno" issue.
Off-by-one error in the read_token_word function in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via deeply nested for loops, aka the "word_lineno" issue.
Off-by-one error in the read_token_word function in parse.y in GNU Bas ...
Off-by-one error in the read_token_word function in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via deeply nested for loops, aka the "word_lineno" issue.
Уязвимость интерпретатора командной строки GNU Bash, позволяющая злоумышленнику вызвать отказ в обслуживании или выполнить произвольный код
4.6 Medium
CVSS2