Информационная безопасность
[RU] switch to English


CVECVE-2014-7187
СтатусCandidate
ОписаниеOff-by-one error in the read_token_word function in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via deeply nested for loops, aka the "word_lineno" issue.
Важность
High
CVSS score10
CVSS vector(AV:N/AC:L/Au:N/C:C/I:C/A:C)
PhaseAssigned (09.10.2015)
NVD:http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7187
ReferencesCISCO : 20140926 GNU Bash Environment Variable Command Injection Vulnerability
 FULLDISC : 20141001 FW: NEW VMSA-2014-0010 - VMware product updates address critical Bash security vulnerabilities
 BUGTRAQ : 20141001 NEW VMSA-2014-0010 - VMware product updates address critical Bash security vulnerabilities
 SECUNIA : 58200
 SECUNIA : 59907
 SECUNIA : 60024
 SECUNIA : 60034
 SECUNIA : 60044
 SECUNIA : 60055
 SECUNIA : 60063
 SECUNIA : 60193
 SECUNIA : 60433
 SECUNIA : 61065
 SECUNIA : 61128
 SECUNIA : 61129
 SECUNIA : 61188
 SECUNIA : 61283
 SECUNIA : 61287
 SECUNIA : 61291
 SECUNIA : 61312
 SECUNIA : 61313
 SECUNIA : 61328
 SECUNIA : 61442
 SECUNIA : 61479
 SECUNIA : 61485
 SECUNIA : 61503
 SECUNIA : 61550
 SECUNIA : 61552
 SECUNIA : 61565
 SECUNIA : 61603
 SECUNIA : 61618
 SECUNIA : 61622
 SECUNIA : 61633
 SECUNIA : 61636
 SECUNIA : 61641
 SECUNIA : 61643
 SECUNIA : 61654
 SECUNIA : 61703
 SECUNIA : 61816
 SECUNIA : 61855
 SECUNIA : 61857
 SECUNIA : 61873
 SECUNIA : 62312
 SECUNIA : 62343
 APPLE : APPLE-SA-2015-01-27-4
 HP : HPSBGN03138
 HP : HPSBGN03141
 HP : HPSBGN03142
 HP : HPSBGN03233
 HP : HPSBHF03125
 HP : HPSBMU03143
 HP : HPSBMU03144
 HP : HPSBMU03165
 HP : HPSBMU03182
 HP : HPSBMU03217
 HP : HPSBMU03220
 HP : HPSBMU03236
 HP : HPSBMU03245
 HP : HPSBMU03246
 HP : HPSBST03129
 HP : HPSBST03131
 HP : HPSBST03148
 HP : HPSBST03154
 HP : HPSBST03155
 HP : HPSBST03157
 HP : HPSBST03181
 MISC : http://packetstormsecurity.com/files/128517/VMware...
 MISC : http://packetstormsecurity.com/files/128567/CA-Tec...
 CONFIRM : http://support.apple.com/HT204244
 CONFIRM : http://support.novell.com/security/cve/CVE-2014-71...
 CONFIRM : http://www-01.ibm.com/support/docview.wss?uid=isg3...
 CONFIRM : http://www-01.ibm.com/support/docview.wss?uid=isg3...
 CONFIRM : http://www-01.ibm.com/support/docview.wss?uid=isg3...
 CONFIRM : http://www-01.ibm.com/support/docview.wss?uid=ssg1...
 CONFIRM : http://www-01.ibm.com/support/docview.wss?uid=ssg1...
 CONFIRM : http://www-01.ibm.com/support/docview.wss?uid=ssg1...
 CONFIRM : http://www-01.ibm.com/support/docview.wss?uid=ssg1...
 CONFIRM : http://www-01.ibm.com/support/docview.wss?uid=swg2...
 CONFIRM : http://www-01.ibm.com/support/docview.wss?uid=swg2...
 CONFIRM : http://www-01.ibm.com/support/docview.wss?uid=swg2...
 CONFIRM : http://www-01.ibm.com/support/docview.wss?uid=swg2...
 CONFIRM : http://www-01.ibm.com/support/docview.wss?uid=swg2...
 CONFIRM : http://www-01.ibm.com/support/docview.wss?uid=swg2...
 CONFIRM : http://www-01.ibm.com/support/docview.wss?uid=swg2...
 CONFIRM : http://www-01.ibm.com/support/docview.wss?uid=swg2...
 CONFIRM : http://www-01.ibm.com/support/docview.wss?uid=swg2...
 CONFIRM : http://www-01.ibm.com/support/docview.wss?uid=swg2...
 CONFIRM : http://www-01.ibm.com/support/docview.wss?uid=swg2...
 CONFIRM : http://www-01.ibm.com/support/docview.wss?uid=swg2...
 CONFIRM : http://www-947.ibm.com/support/entry/portal/docdis...
 CONFIRM : http://www.novell.com/support/kb/doc.php?id=7015721
 CONFIRM : http://www.oracle.com/technetwork/topics/security/...
 CONFIRM : http://www.qnap.com/i/en/support/con_show.php?cid=61
 CONFIRM : http://www.vmware.com/security/advisories/VMSA-201...
 CONFIRM : https://kb.bluecoat.com/index?page=content&id=...
 CONFIRM : https://kb.juniper.net/InfoCenter/index?page=conte...
 CONFIRM : https://support.citrix.com/article/CTX200217
 CONFIRM : https://support.citrix.com/article/CTX200223
 CONFIRM : https://support.f5.com/kb/en-us/solutions/public/1...
 CONFIRM : https://supportcenter.checkpoint.com/supportcenter...
 CONFIRM : https://www.suse.com/support/shellshock/
 JVN : JVN#55667175
 JVNDB : JVNDB-2014-000126
 SUSE : openSUSE-SU-2014:1229
 SUSE : openSUSE-SU-2014:1242
 SUSE : openSUSE-SU-2014:1254
 SUSE : openSUSE-SU-2014:1308
 SUSE : openSUSE-SU-2014:1310
 REDHAT : RHSA-2014:1311
 REDHAT : RHSA-2014:1312
 REDHAT : RHSA-2014:1354
 HP : SSRT101739
 HP : SSRT101742
 HP : SSRT101819
 HP : SSRT101827
 HP : SSRT101830
 HP : SSRT101868
 SUSE : SUSE-SU-2014:1247
 SUSE : SUSE-SU-2014:1259
 UBUNTU : USN-2364-1
 MLIST : [oss-security] 20140925 Fwd: Non-upstream patches for bash
 MLIST : [oss-security] 20140926 Re: Fwd: Non-upstream patches for bash
 MLIST : [oss-security] 20140928 Re: CVE-2014-6271: remote code execution through bash
SecurityVulns:Выполнение кода в bash
 Многочисленные уязвимости безопасности в Apple Mac OS X
 Многочисленные уязвимости безопасности в Apple Mac OS X / Mac EFI / OS X Server
О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород