New! Vulnerability Priority Rating (VPR)
Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.
VPR Score: 9.6
Synopsis
The remote Solaris system is missing a security patch for third party software.
Description
The remote Solaris system is missing necessary patches to address critical security updates related to 'Shellshock' :
- GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the 'mod_cgi' and 'mod_cgid' modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, also known as 'Shellshock.' Note that the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix. (CVE-2014-6271)
- GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access, and untrusted-pointer read and write operations) via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the 'mod_cgi' and 'mod_cgid' modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. Note that this vulnerability exists because of an incomplete fix for CVE-2014-6271 and CVE-2014-7169. (CVE-2014-6277)
- GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary commands via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the 'mod_cgi' and 'mod_cgid' modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. Note that this vulnerability exists because of an incomplete fix for CVE-2014-6271, CVE-2014-7169, and CVE-2014-6277.
(CVE-2014-6278)
- GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have other unknown impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the 'mod_cgi' and 'mod_cgid' modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. Note that this vulnerability exists because of an incomplete fix for CVE-2014-6271. (CVE-2014-7169)
- The redirection implementation in 'parse.y' in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have other unspecified impact via crafted use of 'here' documents, also known as the 'redir_stack' issue. (CVE-2014-7186)
- An off-by-one error in the 'read_token_word' function in 'parse.y' in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have other unspecified impact via deeply nested for-loops, also known as the 'word_lineno' issue.
(CVE-2014-7187)
Solution
Upgrade the Solaris system to version SRU 11.2.2.8.0.