 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| CVE ID: | CVE-2012-6711 |
| Description: | A heap-based buffer overflow exists in GNU Bash before 4.3 when wide characters, not supported by the current locale set in the LC_CTYPE environment variable, are printed through the echo built-in function. A local attacker, who can provide data to print through the "echo -e" built-in function, may use this flaw to crash a script or execute code with the privileges of the bash process. This occurs because ansicstr() in lib/sh/strtrans.c mishandles u32cconv(). |
| Test IDs: | 1.3.6.1.4.1.25623.1.1.2.2019.1911 1.3.6.1.4.1.25623.1.1.4.2019.2976.1 1.3.6.1.4.1.25623.1.1.12.2019.4180.1 1.3.6.1.4.1.25623.1.1.2.2020.1638 1.3.6.1.4.1.25623.1.1.2.2021.1765 1.3.6.1.4.1.25623.1.1.2.2019.1942 |
| Cross References: |
Common Vulnerability Exposure (CVE) ID: CVE-2012-6711 BugTraq ID: 108824 http://www.securityfocus.com/bid/108824 http://git.savannah.gnu.org/cgit/bash.git/commit/?h=devel&id=863d31ae775d56b785dc5b0105b6d251515d81d5 https://bugzilla.redhat.com/show_bug.cgi?id=1721071 https://usn.ubuntu.com/4180-1/ |