Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-3410

Overview

Vulnerability Score 4.6 4.6
CVE Id CVE-2012-3410
Last Modified 18 Apr 2013 11:23:24
Published 27 Aug 2012 07:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2012-3410

Summary

Stack-based buffer overflow in lib/sh/eaccess.c in GNU Bash before 4.2 patch 33 might allow local users to bypass intended restricted shell access via a long filename in /dev/fd, which is not properly handled when expanding the /dev/fd prefix.

Vulnerable Systems

Application

  • Gnu Bash 4.2


References

SUSE - openSUSE-SU-2012:0898

XF - bash-devfd-bo(77551)

BID - 54937

MLIST - [oss-security] 20120712 Re: CVE Request: Overflow fix in bash 4.2 patch 33

MLIST - [oss-security] 20120711 CVE Request: Overflow fix in bash 4.2 patch 33

MANDRIVA - MDVSA-2012:128

MISC - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=681278

CONFIRM - ftp://ftp.gnu.org/pub/gnu/bash/bash-4.2-patches/bash42-033

GENTOO - GLSA-201210-05

SECUNIA - 51086

Related Patches

Novell SUSE 2012:6541 bash security update for SLE 11 SP1 i586

Novell SUSE 2012:6541 bash security update for SLE 11 SP1 x86_64

Novell SUSE 2012:8217 bash security update for SLE 10 SP4 i586

Novell SUSE 2012:8217 bash security update for SLE 10 SP4 x86_64


Last Updated: 27 May 2016 11:00:19