Bug 4526 - CVE-2014-6277, CVE-2014-6278 - bash: incorrect parsing of function definitions with nested command
: CVE-2014-6277, CVE-2014-6278 - bash: incorrect parsing of function definition...
Status: RESOLVED FIXED
Product: Desktop Bugs
Classification: ROSA Desktop
Component: Main Packages
: Fresh
: All Linux
: Normal normal
: ---
Assigned To: Private ROSA Bugs
: Private ROSA Bugs
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2014-10-14 17:14 MSD by kuzma kazygashev
Modified: 2014-10-14 17:33 MSD (History)
1 user (show)

See Also:
RPM Package: bash
ISO-related:
Bad POT generating:
Upstream:
kuzma.kazygashev: secteam_verified+
denis.silakov: published+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description kuzma kazygashev 2014-10-14 17:14:33 MSD
Description of problem:


Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.
Comment 1 kuzma kazygashev 2014-10-14 17:16:09 MSD
Advisory:
GNU Bash through 4.3 bash43-026 does not properly parse function
definitions in the values of environment variables, which allows
remote attackers to execute arbitrary code or cause a denial of
service (uninitialized memory access, and untrusted-pointer read and
write operations) via a crafted environment, as demonstrated by
vectors involving the ForceCommand feature in OpenSSH sshd, the
mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts
executed by unspecified DHCP clients, and other situations in which
setting the environment occurs across a privilege boundary from Bash
execution.  NOTE: this vulnerability exists because of an incomplete
fix for CVE-2014-6271 and CVE-2014-7169.

Buildlists:
i586
https://abf.io/build_lists/2300709
x86_64
https://abf.io/build_lists/2300710

References:
[1] https://ftp.gnu.org/gnu/bash/bash-4.2-patches/bash42-051
[2] https://ftp.gnu.org/gnu/bash/bash-4.2-patches/bash42-052
[3] https://ftp.gnu.org/gnu/bash/bash-4.2-patches/bash42-053
Comment 2 kuzma kazygashev 2014-10-14 17:20:45 MSD
Advisory:
GNU Bash through 4.3 bash43-026 does not properly parse function
definitions in the values of environment variables, which allows
remote attackers to execute arbitrary code or cause a denial of
service (uninitialized memory access, and untrusted-pointer read and
write operations) via a crafted environment, as demonstrated by
vectors involving the ForceCommand feature in OpenSSH sshd, the
mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts
executed by unspecified DHCP clients, and other situations in which
setting the environment occurs across a privilege boundary from Bash
execution.  NOTE: this vulnerability exists because of an incomplete
fix for CVE-2014-6271 and CVE-2014-7169.

Buildlists:
i586
https://abf.io/build_lists/2300709
x86_64
https://abf.io/build_lists/2300710

References:
[1] https://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-028
[2] https://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-029
[3] https://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-030