| Description: | Summary:
The remote host is missing an update for the 'bash'
package(s) announced via the referenced advisory.
Vulnerability Insight:
The bash packages provide Bash (Bourne-again
shell), which is the default shell for Red Hat Enterprise Linux. Security
Fix(es): * An arbitrary command injection flaw was found in the way bash
processed the hostname value. A malicious DHCP server could use this flaw to
execute arbitrary commands on the DHCP client machines running bash under
specific circumstances. (CVE-2016-0634) * An arbitrary command injection flaw
was found in the way bash processed the SHELLOPTS and PS4 environment variables.
A local, authenticated attacker could use this flaw to exploit poorly written
setuid programs to elevate their privileges under certain circumstances.
(CVE-2016-7543) * A denial of service flaw was found in the way bash handled
popd commands. A poorly written shell script could cause bash to crash resulting
in a local denial of service limited to a specific bash session. (CVE-2016-9401)
Additional Changes: For detailed information on changes in this release, see the
Red Hat Enterprise Linux 7.4 Release Notes linked from the References section.
Affected Software/OS:
bash on Red Hat Enterprise Linux Server (v. 7)
Solution:
Please Install the Updated Packages.
CVSS Score:
7.2
CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C
|
