Mandrake Local Security Checks : Mandriva Update for bash MDVSA-2012:128 (bash)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.831716

Categoría: Mandrake Local Security Checks

Título: Mandriva Update for bash MDVSA-2012:128 (bash)

Resumen: The remote host is missing an update for the 'bash'; package(s) announced via the referenced advisory.

Descripción: Summary:
The remote host is missing an update for the 'bash'
package(s) announced via the referenced advisory.

Vulnerability Insight:
A vulnerability was found and corrected in bash:

A stack-based buffer overflow flaw was found in the way bash, the
GNU Bourne Again shell, expanded certain /dev/fd file names when
checking file names ('test' command) and evaluating /dev/fd file
names in conditinal command expressions. A remote attacker could
provide a specially-crafted Bash script that, when executed, would
cause the bash executable to crash (CVE-2012-3410).

Additionally the official patches 011 to 037 for bash-4.2 has been
applied which resolves other issues found, including the CVE-2012-3410
vulnerability.

Affected Software/OS:
bash on Mandriva Linux 2011.0

Solution:
Please Install the Updated Packages.

CVSS Score:
4.6

CVSS Vector:
AV:L/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2012-3410
51086
http://secunia.com/advisories/51086
54937
http://www.securityfocus.com/bid/54937
GLSA-201210-05
http://security.gentoo.org/glsa/glsa-201210-05.xml
MDVSA-2012:128
http://www.mandriva.com/security/advisories?name=MDVSA-2012:128
[oss-security] 20120711 CVE Request: Overflow fix in bash 4.2 patch 33
http://www.openwall.com/lists/oss-security/2012/07/11/11
[oss-security] 20120712 Re: CVE Request: Overflow fix in bash 4.2 patch 33
http://www.openwall.com/lists/oss-security/2012/07/11/22
http://www.openwall.com/lists/oss-security/2012/07/12/4
bash-devfd-bo(77551)
https://exchange.xforce.ibmcloud.com/vulnerabilities/77551
ftp://ftp.gnu.org/pub/gnu/bash/bash-4.2-patches/bash42-033
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=681278
openSUSE-SU-2012:0898
https://hermes.opensuse.org/messages/15227834

Copyright Copyright (C) 2012 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.831716
Categoría:	Mandrake Local Security Checks
Título:	Mandriva Update for bash MDVSA-2012:128 (bash)
Resumen:	The remote host is missing an update for the 'bash'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'bash' package(s) announced via the referenced advisory. Vulnerability Insight: A vulnerability was found and corrected in bash: A stack-based buffer overflow flaw was found in the way bash, the GNU Bourne Again shell, expanded certain /dev/fd file names when checking file names ('test' command) and evaluating /dev/fd file names in conditinal command expressions. A remote attacker could provide a specially-crafted Bash script that, when executed, would cause the bash executable to crash (CVE-2012-3410). Additionally the official patches 011 to 037 for bash-4.2 has been applied which resolves other issues found, including the CVE-2012-3410 vulnerability. Affected Software/OS: bash on Mandriva Linux 2011.0 Solution: Please Install the Updated Packages. CVSS Score: 4.6 CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2012-3410 51086 http://secunia.com/advisories/51086 54937 http://www.securityfocus.com/bid/54937 GLSA-201210-05 http://security.gentoo.org/glsa/glsa-201210-05.xml MDVSA-2012:128 http://www.mandriva.com/security/advisories?name=MDVSA-2012:128 [oss-security] 20120711 CVE Request: Overflow fix in bash 4.2 patch 33 http://www.openwall.com/lists/oss-security/2012/07/11/11 [oss-security] 20120712 Re: CVE Request: Overflow fix in bash 4.2 patch 33 http://www.openwall.com/lists/oss-security/2012/07/11/22 http://www.openwall.com/lists/oss-security/2012/07/12/4 bash-devfd-bo(77551) https://exchange.xforce.ibmcloud.com/vulnerabilities/77551 ftp://ftp.gnu.org/pub/gnu/bash/bash-4.2-patches/bash42-033 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=681278 openSUSE-SU-2012:0898 https://hermes.opensuse.org/messages/15227834
Copyright	Copyright (C) 2012 Greenbone AG