NewsSecurity Vulnerabilities

GNU Bash Unsupported Characters Heap-Based Buffer Overflow Vulnerability [CVE-2012-6711]

CVE Number – CVE-2012-6711

A vulnerability in the lib/sh/strtrans.c:anicstr function of GNU Bash could allow an authenticated, local attacker to execute code on a targeted system.The vulnerability is due buffer errors within the lib/sh/strtrans.c:anicstr function of the affected software. An attacker could exploit this vulnerability by providing print data through the echo built-in function. A successful exploit could allow the attacker to execute code on the targeted system.GNU Bash has confirmed this vulnerability and released a software patch.

Analysis

  • An attacker would need to authenticate locally and be able to run Bash with certain options. These requirements could reduce the likelihood of a successful exploit.

Safeguards

  • Administrators are advised to apply the appropriate updates.Administrators are advised to allow only trusted users to access local systems.Administrators are advised to monitor critical systems.

Vendor Announcements

  • GNU Bash has posted a security note at the following link: Bug 1721071

Fixed Software

Duncan

Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.