CVE Reference: CVE-2014-7186

NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE:
CVE-2014-7186

Description:
The redirection implementation in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted use of here documents, aka the "redir_stack" issue.

CVE Status:
Candidate

References:

UBUNTU
  http://www.ubuntu.com/usn/USN-2364-1

SUSE
  http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00044.html
  http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00041.html
  http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00038.html
  http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00042.html
  http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00048.html

SAID
  Secunia Advisory: SA60063
  Secunia Advisory: SA60024
  Secunia Advisory: SA61816
  Secunia Advisory: SA61780
  Secunia Advisory: SA61550
  Secunia Advisory: SA61471
  Secunia Advisory: SA61442
  Secunia Advisory: SA61328
  Secunia Advisory: SA61313
  Secunia Advisory: SA61312
  Secunia Advisory: SA61287
  Secunia Advisory: SA61129
  Secunia Advisory: SA61128
  Secunia Advisory: SA61065
  Secunia Advisory: SA60193
  Secunia Advisory: SA60055
  Secunia Advisory: SA60034
  Secunia Advisory: SA58200
  Secunia Advisory: SA61188
  Secunia Advisory: SA61711
  Secunia Advisory: SA61703
  Secunia Advisory: SA61654
  Secunia Advisory: SA61643
  Secunia Advisory: SA61633
  Secunia Advisory: SA61603
  Secunia Advisory: SA61565
  Secunia Advisory: SA61552
  Secunia Advisory: SA61503
  Secunia Advisory: SA61485
  Secunia Advisory: SA61283
  Secunia Advisory: SA59907
  Secunia Advisory: SA61636
  Secunia Advisory: SA61641
  Secunia Advisory: SA61622
  Secunia Advisory: SA61618
  Secunia Advisory: SA61479
  Secunia Advisory: SA60044
  Secunia Advisory: SA60433
  Secunia Advisory: SA61291
  Secunia Advisory: SA61873
  Secunia Advisory: SA62312
  Secunia Advisory: SA62343

REDHAT
  http://rhn.redhat.com/errata/RHSA-2014-1312.html
  http://rhn.redhat.com/errata/RHSA-2014-1354.html
  http://rhn.redhat.com/errata/RHSA-2014-1311.html

MLIST
  http://openwall.com/lists/oss-security/2014/09/26/2
  http://openwall.com/lists/oss-security/2014/09/28/10
  http://openwall.com/lists/oss-security/2014/09/25/32

MISC
  http://packetstormsecurity.com/files/128567/CA-Technologies-GNU-Bash-Shellshock.html
  http://packetstormsecurity.com/files/128517/VMware-Security-Advisory-2014-0010.html

MANDRIVA
  http://www.mandriva.com/security/advisories?name=MDVSA-2015:164

JVNDB
  http://jvndb.jvn.jp/jvndb/JVNDB-2014-000126

JVN
  http://jvn.jp/en/jp/JVN55667175/index.html

HP
  http://marc.info/?l=bugtraq&m=142721162228379&w=2
  http://marc.info/?l=bugtraq&m=142118135300698&w=2
  http://marc.info/?l=bugtraq&m=142113462216480&w=2
  http://marc.info/?l=bugtraq&m=142358078406056&w=2
  http://marc.info/?l=bugtraq&m=142358026505815&w=2
  http://marc.info/?l=bugtraq&m=142289270617409&w=2
  http://marc.info/?l=bugtraq&m=141879528318582&w=2
  http://marc.info/?l=bugtraq&m=141694386919794&w=2
  http://marc.info/?l=bugtraq&m=141577241923505&w=2
  http://marc.info/?l=bugtraq&m=141576728022234&w=2
  http://marc.info/?l=bugtraq&m=141585637922673&w=2
  http://marc.info/?l=bugtraq&m=141577297623641&w=2
  http://marc.info/?l=bugtraq&m=141577137423233&w=2
  http://marc.info/?l=bugtraq&m=141450491804793&w=2
  http://marc.info/?l=bugtraq&m=141383138121313&w=2
  http://marc.info/?l=bugtraq&m=141383196021590&w=2
  http://marc.info/?l=bugtraq&m=141383081521087&w=2
  http://marc.info/?l=bugtraq&m=141383026420882&w=2
  http://marc.info/?l=bugtraq&m=141383244821813&w=2
  http://marc.info/?l=bugtraq&m=141383304022067&w=2
  http://marc.info/?l=bugtraq&m=141345648114150&w=2
  http://marc.info/?l=bugtraq&m=141330468527613&w=2

FULLDISC
  http://seclists.org/fulldisclosure/2014/Oct/0

CONFIRM
  http://www.qnap.com/i/en/support/con_show.php?cid=61
  http://www-01.ibm.com/support/docview.wss?uid=swg21686447
  http://support.apple.com/HT204244
  http://www-01.ibm.com/support/docview.wss?uid=swg21687079
  http://www-01.ibm.com/support/docview.wss?uid=swg21686494
  http://www-01.ibm.com/support/docview.wss?uid=swg21686445
  http://www-01.ibm.com/support/docview.wss?uid=isg3T1021361
  http://www-01.ibm.com/support/docview.wss?uid=swg21686246
  http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096315
  http://www-01.ibm.com/support/docview.wss?uid=swg21686479
  http://www-01.ibm.com/support/docview.wss?uid=swg21686131
  http://www-01.ibm.com/support/docview.wss?uid=swg21685733
  http://www-01.ibm.com/support/docview.wss?uid=swg21685604
  http://www-01.ibm.com/support/docview.wss?uid=swg21685541
  http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004915
  http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004898
  http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004897
  http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004879
  http://www-01.ibm.com/support/docview.wss?uid=isg3T1021279
  http://www-01.ibm.com/support/docview.wss?uid=swg21685914
  http://www.novell.com/support/kb/doc.php?id=7015721
  http://www.oracle.com/technetwork/topics/security/bashcve-2014-7169-2317675.html
  http://www.vmware.com/security/advisories/VMSA-2014-0010.html
  http://www-01.ibm.com/support/docview.wss?uid=swg21686084
  http://www-01.ibm.com/support/docview.wss?uid=swg21685749
  http://support.novell.com/security/cve/CVE-2014-7186.html
  http://www-01.ibm.com/support/docview.wss?uid=isg3T1021272

CISCO
  http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash

BUGTRAQ
  http://www.securityfocus.com/archive/1/archive/1/533593/100/0/threaded

APPLE
  http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html
  http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html


Return to the previous page.