Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

CVE-2014-7186

Related Vulnerabilities: CVE-2014-7186  

It was discovered that the fixed-sized redir_stack could be forced to overflow in the Bash parser, resulting in memory corruption, and possibly leading to arbitrary code execution when evaluating untrusted input that would not otherwise be run as code.

Source
It was discovered that the fixed-sized redir_stack could be forced to overflow in the Bash parser, resulting in memory corruption, and possibly leading to arbitrary code execution when evaluating untrusted input that would not otherwise be run as code.

Find out more about CVE-2014-7186 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

A patch for this issue was applied to the bash packages in Red Hat Enterprise Linux via RHSA-2014:1306, RHSA-2014:1311, and RHSA-2014:1312. The errata do not mention the CVE in the description, as the CVE was only assigned after those updates were released.

CVSS v2 metrics

Base Score 4.6
Base Metrics AV:L/AC:L/Au:N/C:P/I:P/A:P
Access Vector Local
Access Complexity Low
Authentication None
Confidentiality Impact Partial
Integrity Impact Partial
Availability Impact Partial

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat Security Errata

Platform Errata Release Date
S-JIS for Red Hat Enteprise Linux 6 Server (bash) RHSA-2014:1312 2014-09-26
Red Hat Enterprise Linux Extended Lifecycle Support 4 (bash) RHSA-2014:1311 2014-09-26
S-JIS for Red Hat Enteprise Linux 5 Server (bash) RHSA-2014:1865 2014-11-17
Red Hat Enterprise Linux 5 (bash) RHSA-2014:1306 2014-09-26
Red Hat Enterprise Linux EUS (v. 5.9 server) (bash) RHSA-2014:1311 2014-09-26
Red Hat Enterprise Linux 6 (bash) RHSA-2014:1306 2014-09-26
RHEV Manager 3 (rhev-hypervisor6) RHSA-2014:1354 2014-10-02
Red Hat Enterprise Linux Advanced Update Support 6.2 (bash) RHSA-2014:1311 2014-09-26
Red Hat Enterprise Linux 7 (bash) RHSA-2014:1306 2014-09-26
Red Hat Enterprise Linux Extended Update Support 6.4 (bash) RHSA-2014:1311 2014-09-26
S-JIS for Red Hat Enteprise Linux 5 Server (bash) RHSA-2014:1312 2014-09-26
Red Hat Enterprise Linux Long Life (v. 5.6 server) (bash) RHSA-2014:1311 2014-09-26

Affected Packages State

Platform Package State
Red Hat Enterprise Linux 7 rhel-guest-image Will not fix
Red Hat Enterprise Linux 6 guest-images Will not fix
Red Hat Enterprise Linux 3 bash Will not fix
RHEV Manager 3 rhev-hypervisor Will not fix

Acknowledgements

This issue was discovered by Florian Weimer of Red Hat Product Security.

This page is generated automatically and has not been checked for errors or omissions.

For clarification or corrections please contact Red Hat Product Security.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started