bash-3.2-33.AXS3.4
エラータID: AXSA:2014-553:01
リリース日:
2014/09/26 Friday - 14:53
題名:
bash-3.2-33.AXS3.4
影響のあるチャネル:
Asianux Server 3 for x86
Asianux Server 3 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- GNU Bash は,環境変数の値の中の不正な関数定義の後で末尾の文字列を処理することで,巧妙に細工された環境によって,リモートの攻撃者がファイルに書き込む,あるいは不明な影響を与える可能性のある脆弱性があります。
注:この脆弱性の本来の修正が誤っていたため,不完全な修正後に存在する脆弱性をカバーするために CVE-2014-7169 が割り当てられました。(CVE-2014-6271)
- GNU Bash は,環境変数の値の中の不正な関数定義の後で末尾の文字列を処理することで,巧妙に細工された環境によって,リモートの攻撃者がファイルに書き込む,あるいは不明な影響を与える可能性のある脆弱性があります。
注:この脆弱性は CVE-2014-6271 の不完全な修正によるものです。(CVE-2014-7169)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2014-7169
GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271.
GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271.
CVE-2014-6271
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.
CVE-2014-7186
The redirection implementation in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted use of here documents, aka the "redir_stack" issue.
The redirection implementation in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted use of here documents, aka the "redir_stack" issue.
CVE-2014-7187
Off-by-one error in the read_token_word function in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via deeply nested for loops, aka the "word_lineno" issue.
Off-by-one error in the read_token_word function in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via deeply nested for loops, aka the "word_lineno" issue.
追加情報:
N/A
ダウンロード:
SRPMS
- bash-3.2-33.AXS3.4.src.rpm
MD5: a904aa3955a9e01779f608f740ed4584
SHA-256: 622b74082526293b9d20de66b895dea578c136f913ffaa95824ea129993d1884
Size: 4.60 MB
Asianux Server 3 for x86
- bash-3.2-33.AXS3.4.i386.rpm
MD5: 6aca90f0eff886daf620dc63dcbe05ef
SHA-256: a2f7447ecc1ec6dc61cef21e8b5e3cd2c4bc46758209056b519ebe6da222645f
Size: 1.79 MB
Asianux Server 3 for x86_64
- bash-3.2-33.AXS3.4.x86_64.rpm
MD5: 703cb37320beee469314770ed7e57fb0
SHA-256: 25a02c53e1169da8b61a8ed99ba6a435b696988e686476e8b0b8b2252f756c68
Size: 1.81 MB