SuSE 11.3 Security Update : bash (SAT Patch Number 9740)

critical Nessus Plugin ID 77850

Synopsis

The remote SuSE 11 host is missing one or more security updates.

Description

bash has been updated to fix a critical security issue.

In some circumstances, the shell would evaluate shellcode in environment variables passed at startup time. This allowed code execution by local or remote attackers who could pass environment variables to bash scripts. (CVE-2014-6271)

Solution

Apply SAT patch number 9740.

See Also

https://bugzilla.novell.com/show_bug.cgi?id=896776

http://support.novell.com/security/cve/CVE-2014-6271.html

Plugin Details

Severity: Critical

ID: 77850

File Name: suse_11_bash-140919.nasl

Version: 1.15

Type: local

Agent: unix

Published: 9/25/2014

Updated: 12/5/2022

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.5

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:11:libreadline5, p-cpe:/a:novell:suse_linux:11:bash, p-cpe:/a:novell:suse_linux:11:libreadline5-32bit, cpe:/o:novell:suse_linux:11, p-cpe:/a:novell:suse_linux:11:readline-doc, p-cpe:/a:novell:suse_linux:11:bash-doc

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 9/19/2014

CISA Known Exploited Vulnerability Due Dates: 7/28/2022

Exploitable With

Core Impact

Metasploit (Apache mod_cgi Bash Environment Variable Code Injection (Shellshock))

Reference Information

CVE: CVE-2014-6271

IAVA: 2014-A-0142