SuSE 11.3 Security Update : bash (SAT Patch Number 9740)

Critical Nessus Plugin ID 77850

Synopsis

The remote SuSE 11 host is missing one or more security updates.

Description

bash has been updated to fix a critical security issue.

In some circumstances, the shell would evaluate shellcode in environment variables passed at startup time. This allowed code execution by local or remote attackers who could pass environment variables to bash scripts. (CVE-2014-6271)

Solution

Apply SAT patch number 9740.

See Also

https://bugzilla.novell.com/show_bug.cgi?id=896776

http://support.novell.com/security/cve/CVE-2014-6271.html

Plugin Details

Severity: Critical

ID: 77850

File Name: suse_11_bash-140919.nasl

Version: Revision: 1.11

Type: local

Agent: unix

Family: SuSE Local Security Checks

Published: 2014/09/25

Updated: 2016/12/21

Dependencies: 12634

Risk Information

Risk Factor: Critical

CVSS v2.0

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:11:bash, p-cpe:/a:novell:suse_linux:11:bash-doc, p-cpe:/a:novell:suse_linux:11:libreadline5, p-cpe:/a:novell:suse_linux:11:libreadline5-32bit, p-cpe:/a:novell:suse_linux:11:readline-doc, cpe:/o:novell:suse_linux:11

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2014/09/19

Exploitable With

Core Impact

Metasploit (Apache mod_cgi Bash Environment Variable Code Injection (Shellshock))

Reference Information

CVE: CVE-2014-6271

IAVA: 2014-A-0142