openSUSE Security Update : bash (openSUSE-SU-2014:1226-1) (Shellshock)

critical Nessus Plugin ID 77846

Synopsis

The remote openSUSE host is missing a security update.

Description

bash was updated to fix a critical security issue, a minor security issue and bugs :

In some circumstances, the shell would evaluate shellcode in environment variables passed at startup time. This allowed code execution by local or remote attackers who could pass environment variables to bash scripts. (CVE-2014-6271)

Fixed a temporary file misuse in _rl_tropen (bnc#868822) Even if used only by developers to debug readline library do not open temporary files from public location without O_EXCL (CVE-2014-2524)

Additional bugfixes :

- Backported corrected german error message for a failing getpwd (bnc#895475)

- Add bash upstream patch 47 to fix a problem where the function that shortens pathnames for $PS1 according to the value of $PROMPT_DIRTRIM uses memcpy on potentially-overlapping regions of memory, when it should use memmove. The result is garbled pathnames in prompt strings.

- Add bash upstream patch 46 to fix a problem introduced by patch 32 a problem with '$@' and arrays expanding empty positional parameters or array elements when using substring expansion, pattern substitution, or case modfication. The empty parameters or array elements are removed instead of expanding to empty strings ('').

- Add bash-4.2-strcpy.patch from upstream mailing list to patch collection tar ball to avoid when using \w in the prompt and changing the directory outside of HOME the a strcpy work on overlapping memory areas.

Solution

Update the affected bash packages.

See Also

https://bugzilla.novell.com/show_bug.cgi?id=868822

https://bugzilla.novell.com/show_bug.cgi?id=895475

https://bugzilla.novell.com/show_bug.cgi?id=896776

https://lists.opensuse.org/opensuse-updates/2014-09/msg00036.html

Plugin Details

Severity: Critical

ID: 77846

File Name: openSUSE-2014-559.nasl

Version: 1.20

Type: local

Agent: unix

Published: 9/25/2014

Updated: 12/5/2022

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.5

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:readline-devel-32bit, p-cpe:/a:novell:opensuse:libreadline6-debuginfo, p-cpe:/a:novell:opensuse:bash-debugsource, p-cpe:/a:novell:opensuse:bash-lang, cpe:/o:novell:opensuse:12.3, p-cpe:/a:novell:opensuse:libreadline6, p-cpe:/a:novell:opensuse:bash-loadables-debuginfo, p-cpe:/a:novell:opensuse:bash-loadables, p-cpe:/a:novell:opensuse:libreadline6-debuginfo-32bit, p-cpe:/a:novell:opensuse:readline-devel, cpe:/o:novell:opensuse:13.1, p-cpe:/a:novell:opensuse:bash-debuginfo-32bit, p-cpe:/a:novell:opensuse:bash-devel, p-cpe:/a:novell:opensuse:bash-debuginfo, p-cpe:/a:novell:opensuse:bash, p-cpe:/a:novell:opensuse:libreadline6-32bit

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 9/24/2014

Vulnerability Publication Date: 8/20/2014

CISA Known Exploited Vulnerability Due Dates: 7/28/2022

Exploitable With

Core Impact

Metasploit (Qmail SMTP Bash Environment Variable Injection (Shellshock))

Reference Information

CVE: CVE-2014-2524, CVE-2014-6271

IAVA: 2014-A-0142