GLSA-201210-05 : Bash: Multiple vulnerabilities

This script is Copyright (C) 2012-2015 Tenable Network Security, Inc.

Synopsis :

The remote Gentoo host is missing one or more security-related

Description :

The remote host is affected by the vulnerability described in GLSA-201210-05
(Bash: Multiple vulnerabilities)

Two vulnerabilities have been found in Bash:
Bash example scripts do not handle temporary files securely
Improper bounds checking in Bash could cause a stack-based buffer
overflow (CVE-2012-3410).

Impact :

A remote attacker could entice a user to open a specially crafted Bash
script, possibly resulting in execution of arbitrary code with the
privileges of the process, or a Denial of Service condition of the Bash
A local attacker may be able to perform symlink attacks to overwrite
arbitrary files with the privileges of the user running the application
or bypass shell access restrictions.

Workaround :

There is no known workaround at this time.

See also :

Solution :

All Bash users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=app-shells/bash-4.2_p37'

Risk factor :

Medium / CVSS Base Score : 6.9
CVSS Temporal Score : 6.0
Public Exploit Available : true

Family: Gentoo Local Security Checks

Nessus Plugin ID: 62650 ()

Bugtraq ID: 32733

CVE ID: CVE-2008-5374