Detections
Analytics
Scientific Linux Security Update : bash on SL7.x x86_64 (20170801)
high Nessus Plugin ID 102638
Language:
Synopsis
The remote Scientific Linux host is missing one or more security updates.Description
Security Fix(es) :- An arbitrary command injection flaw was found in the way bash processed the hostname value. A malicious DHCP server could use this flaw to execute arbitrary commands on the DHCP client machines running bash under specific circumstances. (CVE-2016-0634)
- An arbitrary command injection flaw was found in the way bash processed the SHELLOPTS and PS4 environment variables. A local, authenticated attacker could use this flaw to exploit poorly written setuid programs to elevate their privileges under certain circumstances.
(CVE-2016-7543)
- A denial of service flaw was found in the way bash handled popd commands. A poorly written shell script could cause bash to crash resulting in a local denial of service limited to a specific bash session.
(CVE-2016-9401)
Solution
Update the affected bash, bash-debuginfo and / or bash-doc packages.See Also
Plugin Details
Severity: High
ID: 102638
File Name: sl_20170801_bash_on_SL7_x.nasl
Version: 3.4
Type: local
Agent: unix
Published: 8/22/2017
Updated: 1/14/2021
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: High
Base Score: 7.2
Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS v3
Risk Factor: High
Base Score: 8.4
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Information
CPE: p-cpe:/a:fermilab:scientific_linux:bash, x-cpe:/o:fermilab:scientific_linux, p-cpe:/a:fermilab:scientific_linux:bash-doc, p-cpe:/a:fermilab:scientific_linux:bash-debuginfo
Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu
Patch Publication Date: 8/1/2017
Vulnerability Publication Date: 1/19/2017