Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.871874
Category:Red Hat Local Security Checks
Title:RedHat Update for bash RHSA-2017:1931-01
Summary:The remote host is missing an update for the 'bash'; package(s) announced via the referenced advisory.
Description:Summary:
The remote host is missing an update for the 'bash'
package(s) announced via the referenced advisory.

Vulnerability Insight:
The bash packages provide Bash (Bourne-again
shell), which is the default shell for Red Hat Enterprise Linux. Security
Fix(es): * An arbitrary command injection flaw was found in the way bash
processed the hostname value. A malicious DHCP server could use this flaw to
execute arbitrary commands on the DHCP client machines running bash under
specific circumstances. (CVE-2016-0634) * An arbitrary command injection flaw
was found in the way bash processed the SHELLOPTS and PS4 environment variables.
A local, authenticated attacker could use this flaw to exploit poorly written
setuid programs to elevate their privileges under certain circumstances.
(CVE-2016-7543) * A denial of service flaw was found in the way bash handled
popd commands. A poorly written shell script could cause bash to crash resulting
in a local denial of service limited to a specific bash session. (CVE-2016-9401)
Additional Changes: For detailed information on changes in this release, see the
Red Hat Enterprise Linux 7.4 Release Notes linked from the References section.

Affected Software/OS:
bash on Red Hat Enterprise Linux Server (v. 7)

Solution:
Please Install the Updated Packages.

CVSS Score:
7.2

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2016-0634
BugTraq ID: 92999
http://www.securityfocus.com/bid/92999
https://security.gentoo.org/glsa/201612-39
http://www.openwall.com/lists/oss-security/2016/09/16/8
http://www.openwall.com/lists/oss-security/2016/09/16/12
http://www.openwall.com/lists/oss-security/2016/09/18/11
http://www.openwall.com/lists/oss-security/2016/09/19/7
http://www.openwall.com/lists/oss-security/2016/09/20/1
http://www.openwall.com/lists/oss-security/2016/09/27/9
http://www.openwall.com/lists/oss-security/2016/09/29/27
http://www.openwall.com/lists/oss-security/2016/10/07/6
http://www.openwall.com/lists/oss-security/2016/10/10/3
http://www.openwall.com/lists/oss-security/2016/10/10/4
RedHat Security Advisories: RHSA-2017:0725
http://rhn.redhat.com/errata/RHSA-2017-0725.html
RedHat Security Advisories: RHSA-2017:1931
https://access.redhat.com/errata/RHSA-2017:1931
Common Vulnerability Exposure (CVE) ID: CVE-2016-7543
BugTraq ID: 93183
http://www.securityfocus.com/bid/93183
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F7XOQSHU63Y357NHU5FPTFBM6I3YOCQB/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OU3C756YPHDAAPFX76UGZBAQQQ5UMHS5/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z2VRBSIPZDZ75ZQ2DLITHUIDW4W26KVR/
https://security.gentoo.org/glsa/201701-02
https://lists.gnu.org/archive/html/bug-bash/2016-09/msg00018.html
http://www.openwall.com/lists/oss-security/2016/09/26/9
http://www.securitytracker.com/id/1037812
Common Vulnerability Exposure (CVE) ID: CVE-2016-9401
BugTraq ID: 94398
http://www.securityfocus.com/bid/94398
https://lists.debian.org/debian-lts-announce/2019/03/msg00028.html
http://www.openwall.com/lists/oss-security/2016/11/17/9
http://www.openwall.com/lists/oss-security/2016/11/17/5
CopyrightCopyright (C) 2017 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.