Mandrake Local Security Checks : Mandriva Security Advisory MDVSA-2012:128 (bash)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.72120

Categoría: Mandrake Local Security Checks

Título: Mandriva Security Advisory MDVSA-2012:128 (bash)

Resumen: NOSUMMARY

Descripción: Description:
The remote host is missing an update to bash
announced via advisory MDVSA-2012:128.

A vulnerability was found and corrected in bash:

A stack-based buffer overflow flaw was found in the way bash, the
GNU Bourne Again shell, expanded certain /dev/fd file names when
checking file names ('
test'
command) and evaluating /dev/fd file
names in conditinal command expressions. A remote attacker could
provide a specially-crafted Bash script that, when executed, would
cause the bash executable to crash (CVE-2012-3410).

Additionally the official patches 011 to 037 for bash-4.2 has been
applied which resolves other issues found, including the CVE-2012-3410
vulnerability.

Affected: 2011.

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2012:128

Risk factor : High

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2012-3410
51086
http://secunia.com/advisories/51086
54937
http://www.securityfocus.com/bid/54937
GLSA-201210-05
http://security.gentoo.org/glsa/glsa-201210-05.xml
MDVSA-2012:128
http://www.mandriva.com/security/advisories?name=MDVSA-2012:128
[oss-security] 20120711 CVE Request: Overflow fix in bash 4.2 patch 33
http://www.openwall.com/lists/oss-security/2012/07/11/11
[oss-security] 20120712 Re: CVE Request: Overflow fix in bash 4.2 patch 33
http://www.openwall.com/lists/oss-security/2012/07/11/22
http://www.openwall.com/lists/oss-security/2012/07/12/4
bash-devfd-bo(77551)
https://exchange.xforce.ibmcloud.com/vulnerabilities/77551
ftp://ftp.gnu.org/pub/gnu/bash/bash-4.2-patches/bash42-033
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=681278
openSUSE-SU-2012:0898
https://hermes.opensuse.org/messages/15227834

Copyright Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.72120
Categoría:	Mandrake Local Security Checks
Título:	Mandriva Security Advisory MDVSA-2012:128 (bash)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to bash announced via advisory MDVSA-2012:128. A vulnerability was found and corrected in bash: A stack-based buffer overflow flaw was found in the way bash, the GNU Bourne Again shell, expanded certain /dev/fd file names when checking file names (' test' command) and evaluating /dev/fd file names in conditinal command expressions. A remote attacker could provide a specially-crafted Bash script that, when executed, would cause the bash executable to crash (CVE-2012-3410). Additionally the official patches 011 to 037 for bash-4.2 has been applied which resolves other issues found, including the CVE-2012-3410 vulnerability. Affected: 2011. Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2012:128 Risk factor : High
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2012-3410 51086 http://secunia.com/advisories/51086 54937 http://www.securityfocus.com/bid/54937 GLSA-201210-05 http://security.gentoo.org/glsa/glsa-201210-05.xml MDVSA-2012:128 http://www.mandriva.com/security/advisories?name=MDVSA-2012:128 [oss-security] 20120711 CVE Request: Overflow fix in bash 4.2 patch 33 http://www.openwall.com/lists/oss-security/2012/07/11/11 [oss-security] 20120712 Re: CVE Request: Overflow fix in bash 4.2 patch 33 http://www.openwall.com/lists/oss-security/2012/07/11/22 http://www.openwall.com/lists/oss-security/2012/07/12/4 bash-devfd-bo(77551) https://exchange.xforce.ibmcloud.com/vulnerabilities/77551 ftp://ftp.gnu.org/pub/gnu/bash/bash-4.2-patches/bash42-033 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=681278 openSUSE-SU-2012:0898 https://hermes.opensuse.org/messages/15227834
Copyright	Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com