Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности в apt
дополнено с 21 сентября 2014 г.
Опубликовано:25 сентября 2014 г.
Источник:
SecurityVulns ID:13975
Тип:m-i-t-m
Уровень опасности:
5/10
Описание:Обход защиты, обход ограничений.
Затронутые продукты:APT : apt 1.0
CVE:CVE-2014-6273 (Buffer overflow in the HTTP transport code in apt-get in APT 1.0.1 and earlier allows man-in-the-middle attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted URL.)
 CVE-2014-0490 (The apt-get download command in APT before 1.0.9 does not properly validate signatures for packages, which allows remote attackers to execute arbitrary code via a crafted package.)
 CVE-2014-0489 (APT before 1.0.9, when the Acquire::GzipIndexes option is enabled, does not validate checksums, which allows remote attackers to execute arbitrary code via a crafted package.)
 CVE-2014-0488 (APT before 1.0.9 does not "invalidate repository data" when moving from an unauthenticated to authenticated state, which allows remote attackers to have unspecified impact via crafted repository data.)
 CVE-2014-0487 (APT before 1.0.9 does not verify downloaded files if they have been modified as indicated using the If-Modified-Since header, which has unspecified impact and attack vectors.)
Оригинальный текстdocumentUBUNTU, [USN-2353-1] APT vulnerability (25.09.2014)
 documentUBUNTU, [USN-2348-1] APT vulnerabilities (21.09.2014)

Выполнение кода в bash
дополнено с 25 сентября 2014 г.
Опубликовано:13 октября 2014 г.
Источник:
SecurityVulns ID:13977
Тип:библиотека
Уровень опасности:
10/10
Описание:Можно поместить функцию в содержание любой переменной окруждения.
Затронутые продукты:GNU : bash 4.3
CVE:CVE-2014-7187 (Off-by-one error in the read_token_word function in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via deeply nested for loops, aka the "word_lineno" issue.)
 CVE-2014-7186 (The redirection implementation in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted use of here documents, aka the "redir_stack" issue.)
 CVE-2014-7169 (GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271.)
 CVE-2014-6278 (GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary commands via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271, CVE-2014-7169, and CVE-2014-6277.)
 CVE-2014-6277 (GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access, and untrusted-pointer read and write operations) via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271 and CVE-2014-7169.)
 CVE-2014-6271 (GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.)
 CVE-2014-3659 (** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-7169. Reason: This candidate is a reservation duplicate of CVE-2014-7169 because the CNA for this ID did not follow multiple procedures that are intended to minimize duplicate CVE assignments. Notes: All CVE users should reference CVE-2014-7169 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.)
Оригинальный текстdocumentHP, [security bulletin] HPSBST03122 rev.1 - HP StoreAll Operating System Software running Bash Shell, Remote Code Execution (13.10.2014)
 documentCA, CA20141001-01: Security Notice for Bash Shellshock Vulnerability (13.10.2014)
 documentHP, [security bulletin] HPSBGN03117 rev.1 - HP Remote Device Access: Virtual Customer Access System (vCAS) running Bash Shell, Remote Code Execution (05.10.2014)
 documentVMWARE, NEW VMSA-2014-0010 - VMware product updates address critical Bash security vulnerabilities (05.10.2014)
 documentHP, [security bulletin] HPSBHF03119 rev.2 - HP DreamColor Professional Display running Bash Shell, Remote Code Execution (05.10.2014)
 documentMichal Zalewski, the other bash RCEs (CVE-2014-6277 and CVE-2014-6278) (05.10.2014)
 documentHP, [security bulletin] HPSBHF03124 rev.1 - HP Thin Clients running Bash, Remote Execution of Code (05.10.2014)
 documentcve-assign_(at)_mitre.org, [oss-security] Re: CVE-2014-6271: remote code execution through bash (25.09.2014)
 documentHanno Bock, Re: [oss-security] CVE-2014-6271: remote code execution through bash (25.09.2014)
 documentmancha, Re: [oss-security] CVE-2014-6271: remote code execution through bash (25.09.2014)
 documentSolar Designer, Re: [oss-security] CVE-2014-6271: remote code execution through bash (25.09.2014)
 documentFlorian Weimer, Re: [oss-security] CVE-2014-6271: remote code execution through bash (25.09.2014)
 documentUBUNTU, [USN-2362-1] Bash vulnerability (25.09.2014)
Файлы:Bash specially-crafted environment variables code injection attack
  Cisco Security Advisory GNU Bash Environment Variable Command Injection Vulnerability
 Bash bug: apply Florian's patch now (CVE-2014-6277 and CVE-2014-6278)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород