Vigil@nce - bash: two denial of service
October 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use several vulnerabilities of bash.
Impacted products: AIX, Junos Space, NSM Central Manager,
NSMXpress, McAfee Email and Web Security, McAfee Email Gateway,
McAfee MOVE AntiVirus, McAfee Network Security Platform, McAfee
Next Generation Firewall, McAfee Web Gateway, openSUSE, Solaris,
RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu, Unix
(platform), ESX, vCenter, VMware vSphere
Severity: 1/4
Creation date: 29/09/2014
DESCRIPTION OF THE VULNERABILITY
Several vulnerabilities were announced in bash.
An attacker can force a read at an invalid address in redir_stack,
in order to trigger a denial of service. [severity:1/4;
CVE-2014-7186]
An attacker can generate a buffer overflow of one byte in
word_lineno, in order to trigger a denial of service, and possibly
to execute code. [severity:1/4; CVE-2014-7187]
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/bash-two-denial-of-service-15419