SuSE 11.3 Security Update : bash (SAT Patch Number 9740)

Critical Nessus Plugin ID 77850


The remote SuSE 11 host is missing one or more security updates.


bash has been updated to fix a critical security issue.

In some circumstances, the shell would evaluate shellcode in environment variables passed at startup time. This allowed code execution by local or remote attackers who could pass environment variables to bash scripts. (CVE-2014-6271)


Apply SAT patch number 9740.

See Also

Plugin Details

Severity: Critical

ID: 77850

File Name: suse_11_bash-140919.nasl

Version: $Revision: 1.11 $

Type: local

Agent: unix

Published: 2014/09/25

Modified: 2016/12/21

Dependencies: 12634

Risk Information

Risk Factor: Critical


Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:11:bash, p-cpe:/a:novell:suse_linux:11:bash-doc, p-cpe:/a:novell:suse_linux:11:libreadline5, p-cpe:/a:novell:suse_linux:11:libreadline5-32bit, p-cpe:/a:novell:suse_linux:11:readline-doc, cpe:/o:novell:suse_linux:11

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2014/09/19

Exploitable With

Core Impact

Metasploit (Apache mod_cgi Bash Environment Variable Code Injection (Shellshock))

Reference Information

CVE: CVE-2014-6271

IAVA: 2014-A-0142