openSUSE Security Update : bash (openSUSE-SU-2014:1254-1) (deprecated)

critical Nessus Plugin ID 78115

Language:

Synopsis

This plugin has been deprecated.

Description

This patch was withdrawn by the openSUSE team, as the software was fixed prior to release. No replacement patches/plugins exist.

bash was updated to fix command injection via environment variables.
(CVE-2014-6271,CVE-2014-7169)

Also a hardening patch was applied that only imports functions over BASH_FUNC_ prefixed environment variables.

Also fixed: CVE-2014-7186, CVE-2014-7187: bad handling of HERE documents and for loop issue

Plugin Details

Severity: Critical

ID: 78115

File Name: openSUSE-2014-567.nasl

Version: 1.12

Type: local

Agent: unix

Family: SuSE Local Security Checks

Published: 10/10/2014

Updated: 1/19/2021

Supported Sensors: Nessus Agent

Risk Information

VPR

Risk Factor: Critical

Score: 9.5

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:bash, p-cpe:/a:novell:opensuse:bash-debuginfo, p-cpe:/a:novell:opensuse:bash-debuginfo-32bit, p-cpe:/a:novell:opensuse:bash-debugsource, p-cpe:/a:novell:opensuse:bash-devel, p-cpe:/a:novell:opensuse:bash-lang, p-cpe:/a:novell:opensuse:bash-loadables, p-cpe:/a:novell:opensuse:bash-loadables-debuginfo, p-cpe:/a:novell:opensuse:libreadline6, p-cpe:/a:novell:opensuse:libreadline6-32bit, p-cpe:/a:novell:opensuse:libreadline6-debuginfo, p-cpe:/a:novell:opensuse:libreadline6-debuginfo-32bit, p-cpe:/a:novell:opensuse:readline-devel, p-cpe:/a:novell:opensuse:readline-devel-32bit, cpe:/o:novell:opensuse:13.2

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 9/29/2014

Exploitable With

Core Impact

Metasploit (Apache mod_cgi Bash Environment Variable Code Injection)

Reference Information

CVE: CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187

IAVA: 2014-A-0142