SynopsisThe remote EulerOS Virtualization host is missing multiple security updates.
DescriptionAccording to the versions of the bash package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :
- It was found that the fix for CVE-2014-6271 was incomplete, and Bash still allowed certain characters to be injected into other environments via specially crafted environment variables. An attacker could potentially use this flaw to override or bypass environment restrictions to execute shell commands.
Certain services and applications allow remote unauthenticated attackers to provide environment variables, allowing them to exploit this issue.(CVE-2014-7169)
- A denial of service flaw was found in the way bash handled popd commands. A poorly written shell script could cause bash to crash resulting in a local denial of service limited to a specific bash session.(CVE-2016-9401)
- It was discovered that the fixed-sized redir_stack could be forced to overflow in the Bash parser, resulting in memory corruption, and possibly leading to arbitrary code execution when evaluating untrusted input that would not otherwise be run as code.(CVE-2014-7186)
- An off-by-one error was discovered in the way Bash was handling deeply nested flow control constructs.
Depending on the layout of the .bss segment, this could allow arbitrary execution of code that would not otherwise be executed by Bash.(CVE-2014-7187)
- A flaw was found in the way Bash evaluated certain specially crafted environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Certain services and applications allow remote unauthenticated attackers to provide environment variables, allowing them to exploit this issue.(CVE-2014-6271)
- An arbitrary command injection flaw was found in the way bash processed the SHELLOPTS and PS4 environment variables. A local, authenticated attacker could use this flaw to exploit poorly written setuid programs to elevate their privileges under certain circumstances.(CVE-2016-7543)
Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
SolutionUpdate the affected bash packages.