Executive Summary

Summary
Title bash security and bug fix update
Informations
Name RHSA-2011:0261 First vendor Publication 2011-02-16
Vendor RedHat Last vendor Modification 2011-02-16
Severity (Vendor) Low Revision 01

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score 6.9 Attack Range Local
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 3.4 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Problem Description:

Updated bash packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 4.

The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Description:

Bash (Bourne-again shell) is the default shell for Red Hat Enterprise Linux.

It was found that certain scripts bundled with the Bash documentation created temporary files in an insecure way. A malicious, local user could use this flaw to conduct a symbolic link attack, allowing them to overwrite the contents of arbitrary files accessible to the victim running the scripts. (CVE-2008-5374)

This update also fixes the following bugs:

* If a child process's PID was the same as the PID of a previously ended child process, Bash did not wait for that child process. In some cases this caused "Resource temporarily unavailable" errors. With this update, Bash recycles PIDs and waits for processes with recycled PIDs. (BZ#521134)

* Bash's built-in "read" command had a memory leak when "read" failed due to no input (pipe for stdin). With this update, the memory is correctly freed. (BZ#537029)

* Bash did not correctly check for a valid multi-byte string when setting the IFS value, causing Bash to crash. With this update, Bash checks the multi-byte string and no longer crashes. (BZ#539536)

* Bash incorrectly set locale settings when using the built-in "export" command and setting the locale on the same line (for example, with "LC_ALL=C export LC_ALL"). With this update, Bash correctly sets locale settings. (BZ#539538)

All bash users should upgrade to these updated packages, which contain backported patches to correct these issues.

4. Solution:

Before applying this update, make sure all previously-released errata relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

475474 - CVE-2008-5374 bash: Insecure temporary file use in aliasconv.sh, aliasconv.bash, cshtobash (symlink attack) 521134 - Bash doesn't wait for backgrounded process if its PID is recycled

Original Source

Url : https://rhn.redhat.com/errata/RHSA-2011-0261.html

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-59 Improper Link Resolution Before File Access ('Link Following')

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:21954
 
Oval ID: oval:org.mitre.oval:def:21954
Title: RHSA-2011:1073: bash security, bug fix, and enhancement update (Low)
Description: bash-doc 3.2 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/cb#####.? temporary file, related to the (1) aliasconv.sh, (2) aliasconv.bash, and (3) cshtobash scripts.
Family: unix Class: patch
Reference(s): RHSA-2011:1073-01
CESA-2011:1073
CVE-2008-5374
 Version: 4
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
 Product(s): bash
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23045
 
Oval ID: oval:org.mitre.oval:def:23045
Title: ELSA-2011:1073: bash security, bug fix, and enhancement update (Low)
Description: bash-doc 3.2 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/cb#####.? temporary file, related to the (1) aliasconv.sh, (2) aliasconv.bash, and (3) cshtobash scripts.
Family: unix Class: patch
Reference(s): ELSA-2011:1073-01
CVE-2008-5374
 Version: 6
Platform(s): Oracle Linux 5
 Product(s): bash
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27689
 
Oval ID: oval:org.mitre.oval:def:27689
Title: DEPRECATED: ELSA-2011-1073 -- bash security, bug fix, and enhancement update (low)
Description: [3.2-32] - Dont include backup files Resolves: #700157 [3.2-31] - Use 'mktemp' for temporary files Resolves: #700157 [3.2-30] - Added man page references to systemwide .bash_logout Resolves: #592979 [3.2-29] - Readline glitch, when editing line with more spaces and resizing window Resolves: #525474 [3.2-28] - Fix the memory leak in read builtin Resolves: #618393 - Dont append slash to non-directories Resolves: #583919 [3.2-27] - Test .dynamic section if has PROGBITS or NOBITS Resolves: #484809 - Better random number generator Resolves: #492908 - Allow to source scripts with embeded NULL chars Resolves: #503701 [3.2-26] - vi mode redo insert fixed Resolves: #575076 - Dont show broken pipe messages for builtins Resolves: #546529 - Dont include loadables in doc dir Resolves: #663656 - Enable system-wide .bash_logout for login shells Resolves: #592979 [3.2-25] - Dont abort source builtin Resolves: #448508 - Correctly place cursor Resolves: #463880 - Minor man page clarification for trap builtin Resolves: #504904
Family: unix Class: patch
Reference(s): ELSA-2011-1073
CVE-2008-5374
 Version: 4
Platform(s): Oracle Linux 5
 Product(s): bash
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1

OpenVAS Exploits

Date Description
2012-10-22 Name : Gentoo Security Advisory GLSA 201210-05 (bash)
File : nvt/glsa_201210_05.nasl
2012-07-30 Name : CentOS Update for bash CESA-2011:1073 centos5 x86_64
File : nvt/gb_CESA-2011_1073_bash_centos5_x86_64.nasl
2011-09-23 Name : CentOS Update for bash CESA-2011:1073 centos5 i386
File : nvt/gb_CESA-2011_1073_bash_centos5_i386.nasl
2011-07-22 Name : RedHat Update for bash RHSA-2011:1073-01
File : nvt/gb_RHSA-2011_1073-01_bash.nasl
2011-02-18 Name : RedHat Update for bash RHSA-2011:0261-01
File : nvt/gb_RHSA-2011_0261-01_bash.nasl
2010-01-19 Name : Mandriva Update for bash MDVSA-2010:004 (bash)
File : nvt/gb_mandriva_MDVSA_2010_004.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
51690 bash-doc Multiple Script Temporary File Symlink Arbitrary File Overwrite

Nessus® Vulnerability Scanner

Date Description
2014-11-17 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2011-1090.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing a security update.
File : oraclelinux_ELSA-2011-0261.nasl - Type : ACT_GATHER_INFO
2012-10-22 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201210-05.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing a security update.
File : sl_20110216_bash_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing a security update.
File : sl_20110721_bash_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2011-09-23 Name : The remote CentOS host is missing a security update.
File : centos_RHSA-2011-1073.nasl - Type : ACT_GATHER_INFO
2011-07-22 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2011-1073.nasl - Type : ACT_GATHER_INFO
2011-02-17 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2011-0261.nasl - Type : ACT_GATHER_INFO
2010-01-14 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-004.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 11:54:21
  • Multiple Updates