CVE-2012-3410
Published: 27 August 2012
Stack-based buffer overflow in lib/sh/eaccess.c in GNU Bash before 4.2 patch 33 might allow local users to bypass intended restricted shell access via a long filename in /dev/fd, which is not properly handled when expanding the /dev/fd prefix.
Notes
Author | Note |
---|---|
jdstrand | reproducer in oss thread verified that compiler hardening blocks this on all releases (-D_FORTIFY_SOURCE=2 on 10.04 LTS+ and -fstack-protector on 8.04 LTS) |
mdeslaur | since this gets blocked, it is not a security issue. Ignoring. |
Priority
Status
Package | Release | Status |
---|---|---|
bash Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
lucid |
Ignored
|
|
natty |
Ignored
(end of life)
|
|
oneiric |
Ignored
(end of life)
|
|
precise |
Ignored
|
|
quantal |
Not vulnerable
(4.2-4ubuntu1)
|
|
raring |
Not vulnerable
(4.2-4ubuntu1)
|
|
saucy |
Not vulnerable
(4.2-4ubuntu1)
|
|
trusty |
Not vulnerable
(4.2-4ubuntu1)
|
|
upstream |
Released
(4.2-4)
|
|
Patches: other: ftp://ftp.gnu.org/pub/gnu/bash/bash-4.2-patches/bash42-033 |
||
This vulnerability is mitigated in part by the use of -D_FORTIFY_SOURCE=2 in Ubuntu. |