An off-by-one error was discovered in the way Bash was handling deeply nested flow control constructs. Depending on the layout of the .bss segment, this could allow arbitrary execution of code that would not otherwise be executed by Bash.
Find out more about CVE-2014-7187 from the MITRE CVE dictionary dictionary and NIST NVD.
Red Hat Product Security does not consider this bug to have any security impact on the bash packages shipped in Red Hat Enterprise Linux. A fix for this issue was applied as a hardening in RHSA-2014:1306, RHSA-2014:1311, and RHSA-2014:1312.
Base Score | 4.6 |
---|---|
Base Metrics | AV:L/AC:L/Au:N/C:P/I:P/A:P |
Access Vector | Local |
Access Complexity | Low |
Authentication | None |
Confidentiality Impact | Partial |
Integrity Impact | Partial |
Availability Impact | Partial |
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
Platform | Errata | Release Date |
---|---|---|
S-JIS for Red Hat Enteprise Linux 6 Server (bash) | RHSA-2014:1312 | 2014-09-26 |
Red Hat Enterprise Linux Extended Lifecycle Support 4 (bash) | RHSA-2014:1311 | 2014-09-26 |
S-JIS for Red Hat Enteprise Linux 5 Server (bash) | RHSA-2014:1865 | 2014-11-17 |
Red Hat Enterprise Linux 5 (bash) | RHSA-2014:1306 | 2014-09-26 |
Red Hat Enterprise Linux EUS (v. 5.9 server) (bash) | RHSA-2014:1311 | 2014-09-26 |
Red Hat Enterprise Linux 6 (bash) | RHSA-2014:1306 | 2014-09-26 |
RHEV Manager 3 (rhev-hypervisor6) | RHSA-2014:1354 | 2014-10-02 |
Red Hat Enterprise Linux Advanced Update Support 6.2 (bash) | RHSA-2014:1311 | 2014-09-26 |
Red Hat Enterprise Linux 7 (bash) | RHSA-2014:1306 | 2014-09-26 |
Red Hat Enterprise Linux Extended Update Support 6.4 (bash) | RHSA-2014:1311 | 2014-09-26 |
S-JIS for Red Hat Enteprise Linux 5 Server (bash) | RHSA-2014:1312 | 2014-09-26 |
Red Hat Enterprise Linux Long Life (v. 5.6 server) (bash) | RHSA-2014:1311 | 2014-09-26 |
Platform | Package | State |
---|---|---|
Red Hat Enterprise Linux 3 | bash | Not affected |