CVE-2014-6277

Public Date:
2014-09-27
IAVA:
2014-A-0142
CWE:
CWE-78
Bugzilla:
1147189: CVE-2014-6277 bash: uninitialized here document closing delimiter pointer use

The MITRE CVE dictionary describes this issue as:

GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access, and untrusted-pointer read and write operations) via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271 and CVE-2014-7169.

Find out more about CVE-2014-6277 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

Red Hat no longer considers this bug to be a security issue. The change introduced in bash errata RHSA-2014:1306, RHSA-2014:1311 and RHSA-2014:1312 removed the exposure of the bash parser to untrusted input, mitigating this problem to a bug without security impact.

CVSS v2 metrics

NOTE: The following CVSS v2 metrics and score provided are preliminary and subject to review.

Base Score 7.5
Base Metrics AV:N/AC:L/Au:N/C:P/I:P/A:P
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact Partial
Integrity Impact Partial
Availability Impact Partial

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Affected Packages State

Platform Package State
Red Hat Enterprise Linux 7 bash Affected
Red Hat Enterprise Linux 6 bash Affected
Red Hat Enterprise Linux 5 bash Affected
Red Hat Enterprise Linux 4 bash Affected
RHEV-M for Servers rhev-hypervisor Affected

Last Modified