NewStart CGSL MAIN 6.02 : bash Multiple Vulnerabilities (NS-SA-2021-0118)


The remote NewStart CGSL host, running version MAIN 6.02, has bash packages installed that are affected by multiple vulnerabilities: - GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271. (CVE-2014-7169) - The expansion of '\h' in the prompt string in bash 4.3 allows remote authenticated users to execute arbitrary code via shell metacharacters placed in 'hostname' of a machine. (CVE-2016-0634) - Bash before 4.4 allows local users to execute arbitrary commands with root privileges via crafted SHELLOPTS and PS4 environment variables. (CVE-2016-7543) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.