openSUSE Security Update : bash (openSUSE-SU-2014:1254-1) (deprecated)

Critical Nessus Plugin ID 78115

Synopsis

This plugin has been deprecated.

Description

This patch was withdrawn by the openSUSE team, as the software was
fixed prior to release. No replacement patches/plugins exist.

bash was updated to fix command injection via environment variables.
(CVE-2014-6271,CVE-2014-7169)

Also a hardening patch was applied that only imports functions over
BASH_FUNC_ prefixed environment variables.

Also fixed: CVE-2014-7186, CVE-2014-7187: bad handling of HERE
documents and for loop issue

Solution

n/a

CPE: p-cpe:/a:novell:opensuse:bash, p-cpe:/a:novell:opensuse:bash-debuginfo, p-cpe:/a:novell:opensuse:bash-debuginfo-32bit, p-cpe:/a:novell:opensuse:bash-debugsource, p-cpe:/a:novell:opensuse:bash-devel, p-cpe:/a:novell:opensuse:bash-lang, p-cpe:/a:novell:opensuse:bash-loadables, p-cpe:/a:novell:opensuse:bash-loadables-debuginfo, p-cpe:/a:novell:opensuse:libreadline6, p-cpe:/a:novell:opensuse:libreadline6-32bit, p-cpe:/a:novell:opensuse:libreadline6-debuginfo, p-cpe:/a:novell:opensuse:libreadline6-debuginfo-32bit, p-cpe:/a:novell:opensuse:readline-devel, p-cpe:/a:novell:opensuse:readline-devel-32bit, cpe:/o:novell:opensuse:13.2

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2014/09/29

Exploitable With

Core Impact

Metasploit (Apache mod_cgi Bash Environment Variable Code Injection)

Reference Information

CVE: CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187

IAVA: 2014-A-0142

openSUSE Security Update : bash (openSUSE-SU-2014:1254-1) (deprecated)

Synopsis

Description

Solution

See Also

Plugin Details

Risk Information

CVSS v2.0

Vulnerability Information

Exploitable With

Reference Information