CVE-2012-3410: Buffer Overflow
First published: Mon Aug 27 2012(Updated: )
Stack-based buffer overflow in lib/sh/eaccess.c in GNU Bash before 4.2 patch 33 might allow local users to bypass intended restricted shell access via a long filename in /dev/fd, which is not properly handled when expanding the /dev/fd prefix.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GNU Bash | =4.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=681278
- http://secunia.com/advisories/51086
- http://security.gentoo.org/glsa/glsa-201210-05.xml
- http://www.mandriva.com/security/advisories?name=MDVSA-2012:128
- http://www.openwall.com/lists/oss-security/2012/07/11/11
- http://www.openwall.com/lists/oss-security/2012/07/11/22
- http://www.openwall.com/lists/oss-security/2012/07/12/4
- http://www.securityfocus.com/bid/54937
- https://exchange.xforce.ibmcloud.com/vulnerabilities/77551
- https://hermes.opensuse.org/messages/15227834
- collector/nvd-index
- agent/references
- agent/severity
- agent/weakness
- agent/author
- agent/description
- agent/type
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/tags
- vendor/gnu
- canonical/gnu bash
- version/gnu bash/4.2