6.9 - MDVSA-2010:004

Executive Summary

Informations
Name	MDVSA-2010:004	First vendor Publication	2010-01-13
Vendor	Mandriva	Last vendor Modification	2010-01-13
Severity (Vendor)	N/A	Revision	N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score	6.9	Attack Range	Local
Cvss Impact Score	10	Attack Complexity	Medium
Cvss Expoit Score	3.4	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A vulnerability have been discovered in Mandriva bash package, which could allow a malicious user to hide files from the ls command, or garble its output by crafting files or directories which contain special characters or escape sequences (CVE-2010-0002). This update fixes the issue by disabling the display of control characters by default.

Additionally, this update fixes the unsafe file creation in bash-doc sample scripts (CVE-2008-5374).

Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers.

Original Source

Url : http://www.mandriva.com/security/advisories?name=MDVSA-2010:004

CWE : Common Weakness Enumeration

%	Id	Name
50 %	CWE-59	Improper Link Resolution Before File Access ('Link Following')
50 %	CWE-20	Improper Input Validation

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:21954

Oval ID:	oval:org.mitre.oval:def:21954
Title:	RHSA-2011:1073: bash security, bug fix, and enhancement update (Low)
Description:	bash-doc 3.2 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/cb#####.? temporary file, related to the (1) aliasconv.sh, (2) aliasconv.bash, and (3) cshtobash scripts.
Family:	unix	Class:	patch
Reference(s):	RHSA-2011:1073-01 CESA-2011:1073 CVE-2008-5374	Version:	4
Platform(s):	Red Hat Enterprise Linux 5 CentOS Linux 5	Product(s):	bash
Definition Synopsis:
Redhat 5 or Centos 5 release The operating system installed on the system is Red Hat Enterprise Linux 5 AND The operating system installed on the system is CentOS Linux 5.x AND bash is earlier than 0:3.2-32.el5

Definition Id: oval:org.mitre.oval:def:23045

Oval ID:	oval:org.mitre.oval:def:23045
Title:	ELSA-2011:1073: bash security, bug fix, and enhancement update (Low)
Description:	bash-doc 3.2 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/cb#####.? temporary file, related to the (1) aliasconv.sh, (2) aliasconv.bash, and (3) cshtobash scripts.
Family:	unix	Class:	patch
Reference(s):	ELSA-2011:1073-01 CVE-2008-5374	Version:	6
Platform(s):	Oracle Linux 5	Product(s):	bash
Definition Synopsis:
Oracle Linux 5.x AND bash is earlier than 0:3.2-32.el5

Definition Id: oval:org.mitre.oval:def:27689

Oval ID:	oval:org.mitre.oval:def:27689
Title:	DEPRECATED: ELSA-2011-1073 -- bash security, bug fix, and enhancement update (low)
Description:	[3.2-32] - Dont include backup files Resolves: #700157 [3.2-31] - Use 'mktemp' for temporary files Resolves: #700157 [3.2-30] - Added man page references to systemwide .bash_logout Resolves: #592979 [3.2-29] - Readline glitch, when editing line with more spaces and resizing window Resolves: #525474 [3.2-28] - Fix the memory leak in read builtin Resolves: #618393 - Dont append slash to non-directories Resolves: #583919 [3.2-27] - Test .dynamic section if has PROGBITS or NOBITS Resolves: #484809 - Better random number generator Resolves: #492908 - Allow to source scripts with embeded NULL chars Resolves: #503701 [3.2-26] - vi mode redo insert fixed Resolves: #575076 - Dont show broken pipe messages for builtins Resolves: #546529 - Dont include loadables in doc dir Resolves: #663656 - Enable system-wide .bash_logout for login shells Resolves: #592979 [3.2-25] - Dont abort source builtin Resolves: #448508 - Correctly place cursor Resolves: #463880 - Minor man page clarification for trap builtin Resolves: #504904
Family:	unix	Class:	patch
Reference(s):	ELSA-2011-1073 CVE-2008-5374	Version:	4
Platform(s):	Oracle Linux 5	Product(s):	bash
Definition Synopsis:
Oracle Linux 5.x AND bash is earlier than 0:3.2-32.el5

CPE : Common Platform Enumeration

Type	Description	Count
Application	Gnu Bash cpe:2.3:a:gnu:bash:4.0:::::::* cpe:2.3:a:gnu:bash:3.2.48:::::::* cpe:2.3:a:gnu:bash:3.2:::::::* cpe:2.3:a:gnu:bash:3.0:::::::* cpe:2.3:a:gnu:bash:2.05:b::::::	5
Application	Matthias Klose Bash-Doc cpe:2.3:a:matthias_klose:bash-doc:3.2:::::::*	1

OpenVAS Exploits

Date	Description
2012-10-22	Name : Gentoo Security Advisory GLSA 201210-05 (bash) File : nvt/glsa_201210_05.nasl
2012-07-30	Name : CentOS Update for bash CESA-2011:1073 centos5 x86_64 File : nvt/gb_CESA-2011_1073_bash_centos5_x86_64.nasl
2011-09-23	Name : CentOS Update for bash CESA-2011:1073 centos5 i386 File : nvt/gb_CESA-2011_1073_bash_centos5_i386.nasl
2011-07-22	Name : RedHat Update for bash RHSA-2011:1073-01 File : nvt/gb_RHSA-2011_1073-01_bash.nasl
2011-02-18	Name : RedHat Update for bash RHSA-2011:0261-01 File : nvt/gb_RHSA-2011_0261-01_bash.nasl
2010-01-19	Name : Mandriva Update for bash MDVSA-2010:004 (bash) File : nvt/gb_mandriva_MDVSA_2010_004.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
61790	Bash on Mandriva etc/profile.d/60alias.sh LS_OPTIONS Terminal Emulator Escape...
51690	bash-doc Multiple Script Temporary File Symlink Arbitrary File Overwrite

Nessus® Vulnerability Scanner

Date	Description
2014-11-17	Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2011-1090.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2011-0261.nasl - Type : ACT_GATHER_INFO
2012-10-22	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201210-05.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing a security update. File : sl_20110216_bash_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing a security update. File : sl_20110721_bash_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2011-09-23	Name : The remote CentOS host is missing a security update. File : centos_RHSA-2011-1073.nasl - Type : ACT_GATHER_INFO
2011-07-22	Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2011-1073.nasl - Type : ACT_GATHER_INFO
2011-02-17	Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2011-0261.nasl - Type : ACT_GATHER_INFO
2010-01-14	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-004.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2014-02-17 11:41:09	Multiple Updates

Global Informations

Type	Count
CWE ID(s)	2
Oval ID(s)	3
CPE ID(s)	6
osvdb(s)	2
Openvas Exploit(s)	6
Nessus® Exploit(s)	9

	Related
6.9	CVE-2008-5374
2.1	CVE-2010-0002
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 2 more Alert(s)

6.9 - MDVSA-2010:004

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

OVAL Definitions

CPE : Common Platform Enumeration

OpenVAS Exploits

Open Source Vulnerability Database (OSVDB)

Nessus® Vulnerability Scanner

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU