SuSE 11.3 Security Update : bash (SAT Patch Number 9740)
critical Nessus Plugin ID 77850
Language:
Synopsis
The remote SuSE 11 host is missing one or more security updates.Description
bash has been updated to fix a critical security issue.In some circumstances, the shell would evaluate shellcode in environment variables passed at startup time. This allowed code execution by local or remote attackers who could pass environment variables to bash scripts. (CVE-2014-6271)
Solution
Apply SAT patch number 9740.See Also
Plugin Details
Severity: Critical
ID: 77850
File Name: suse_11_bash-140919.nasl
Version: 1.14
Type: local
Agent: unix
Family: SuSE Local Security Checks
Published: 9/25/2014
Updated: 1/31/2022
Supported Sensors: Nessus Agent
Risk Information
VPR
Risk Factor: Critical
Score: 9.5
CVSS v2
Risk Factor: Critical
Base Score: 10
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Vulnerability Information
CPE: p-cpe:/a:novell:suse_linux:11:bash, p-cpe:/a:novell:suse_linux:11:bash-doc, p-cpe:/a:novell:suse_linux:11:libreadline5, p-cpe:/a:novell:suse_linux:11:libreadline5-32bit, p-cpe:/a:novell:suse_linux:11:readline-doc, cpe:/o:novell:suse_linux:11
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 9/19/2014
CISA Known Exploited Dates: 7/28/2022
Exploitable With
Core Impact
Metasploit (Apache mod_cgi Bash Environment Variable Code Injection (Shellshock))
Reference Information
CVE: CVE-2014-6271
IAVA: 2014-A-0142