CVE Reference: CVE-2014-7187

NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE:
CVE-2014-7187

Description:
Off-by-one error in the read_token_word function in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via deeply nested for loops, aka the "word_lineno" issue.

CVE Status:
Candidate

References:

UBUNTU
  http://www.ubuntu.com/usn/USN-2364-1

SUSE
  http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00038.html
  http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00041.html
  http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00044.html
  http://lists.opensuse.org/opensuse-updates/2014-10/msg00025.html
  http://lists.opensuse.org/opensuse-updates/2014-10/msg00023.html
  http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00048.html
  http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00042.html

SAID
  Secunia Advisory: SA61857
  Secunia Advisory: SA61855
  Secunia Advisory: SA61816
  Secunia Advisory: SA61550
  Secunia Advisory: SA61442
  Secunia Advisory: SA61328
  Secunia Advisory: SA61313
  Secunia Advisory: SA61312
  Secunia Advisory: SA61287
  Secunia Advisory: SA61129
  Secunia Advisory: SA61128
  Secunia Advisory: SA61065
  Secunia Advisory: SA60193
  Secunia Advisory: SA60055
  Secunia Advisory: SA60034
  Secunia Advisory: SA58200
  Secunia Advisory: SA61188
  Secunia Advisory: SA61703
  Secunia Advisory: SA61654
  Secunia Advisory: SA61643
  Secunia Advisory: SA61633
  Secunia Advisory: SA61603
  Secunia Advisory: SA61565
  Secunia Advisory: SA61552
  Secunia Advisory: SA61503
  Secunia Advisory: SA61485
  Secunia Advisory: SA61283
  Secunia Advisory: SA59907
  Secunia Advisory: SA61641
  Secunia Advisory: SA61636
  Secunia Advisory: SA61622
  Secunia Advisory: SA61618
  Secunia Advisory: SA61479
  Secunia Advisory: SA60024
  Secunia Advisory: SA60063
  Secunia Advisory: SA60044
  Secunia Advisory: SA60433
  Secunia Advisory: SA61291
  Secunia Advisory: SA61873
  Secunia Advisory: SA62312
  Secunia Advisory: SA62343

REDHAT
  http://rhn.redhat.com/errata/RHSA-2014-1354.html
  http://rhn.redhat.com/errata/RHSA-2014-1312.html
  http://rhn.redhat.com/errata/RHSA-2014-1311.html

MLIST
  http://openwall.com/lists/oss-security/2014/09/26/2
  http://openwall.com/lists/oss-security/2014/09/28/10
  http://openwall.com/lists/oss-security/2014/09/25/32

MISC
  http://packetstormsecurity.com/files/128517/VMware-Security-Advisory-2014-0010.html
  http://packetstormsecurity.com/files/128567/CA-Technologies-GNU-Bash-Shellshock.html

MANDRIVA
  http://www.mandriva.com/security/advisories?name=MDVSA-2015:164

JVNDB
  http://jvndb.jvn.jp/jvndb/JVNDB-2014-000126

JVN
  http://jvn.jp/en/jp/JVN55667175/index.html

HP
  http://marc.info/?l=bugtraq&m=142721162228379&w=2
  http://marc.info/?l=bugtraq&m=142118135300698&w=2
  http://marc.info/?l=bugtraq&m=142358078406056&w=2
  http://marc.info/?l=bugtraq&m=142358026505815&w=2
  http://marc.info/?l=bugtraq&m=142289270617409&w=2
  http://marc.info/?l=bugtraq&m=141879528318582&w=2
  http://marc.info/?l=bugtraq&m=141694386919794&w=2
  http://marc.info/?l=bugtraq&m=141577241923505&w=2
  http://marc.info/?l=bugtraq&m=141576728022234&w=2
  http://marc.info/?l=bugtraq&m=141577297623641&w=2
  http://marc.info/?l=bugtraq&m=141585637922673&w=2
  http://marc.info/?l=bugtraq&m=141577137423233&w=2
  http://marc.info/?l=bugtraq&m=141450491804793&w=2
  http://marc.info/?l=bugtraq&m=141383138121313&w=2
  http://marc.info/?l=bugtraq&m=141383196021590&w=2
  http://marc.info/?l=bugtraq&m=141383081521087&w=2
  http://marc.info/?l=bugtraq&m=141383026420882&w=2
  http://marc.info/?l=bugtraq&m=141383244821813&w=2
  http://marc.info/?l=bugtraq&m=141383304022067&w=2
  http://marc.info/?l=bugtraq&m=141345648114150&w=2
  http://marc.info/?l=bugtraq&m=141330468527613&w=2

FULLDISC
  http://seclists.org/fulldisclosure/2014/Oct/0

CONFIRM
  http://support.apple.com/HT204244
  http://www.qnap.com/i/en/support/con_show.php?cid=61
  http://www-01.ibm.com/support/docview.wss?uid=swg21686447
  http://www-01.ibm.com/support/docview.wss?uid=swg21687079
  http://www-01.ibm.com/support/docview.wss?uid=swg21686494
  http://www-01.ibm.com/support/docview.wss?uid=swg21686445
  http://www-01.ibm.com/support/docview.wss?uid=swg21686246
  http://www-01.ibm.com/support/docview.wss?uid=isg3T1021361
  http://www-01.ibm.com/support/docview.wss?uid=swg21686479
  http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096315
  http://www-01.ibm.com/support/docview.wss?uid=swg21686131
  http://www-01.ibm.com/support/docview.wss?uid=swg21685733
  http://www-01.ibm.com/support/docview.wss?uid=swg21685604
  http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004915
  http://www-01.ibm.com/support/docview.wss?uid=isg3T1021279
  http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004879
  http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004897
  http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004898
  http://www.vmware.com/security/advisories/VMSA-2014-0010.html
  http://www-01.ibm.com/support/docview.wss?uid=swg21686084
  http://www.oracle.com/technetwork/topics/security/bashcve-2014-7169-2317675.html
  http://www-01.ibm.com/support/docview.wss?uid=swg21685914
  http://www.novell.com/support/kb/doc.php?id=7015721
  http://www-01.ibm.com/support/docview.wss?uid=isg3T1021272
  http://www-01.ibm.com/support/docview.wss?uid=swg21685749
  http://support.novell.com/security/cve/CVE-2014-7187.html

CISCO
  http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash

BUGTRAQ
  http://www.securityfocus.com/archive/1/archive/1/533593/100/0/threaded

APPLE
  http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html
  http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html


Return to the previous page.