Ubuntu 14.04 LTS / 16.04 LTS : Bash vulnerabilities (USN-3294-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3294-1 advisory. Bernd Dietzel discovered that Bash incorrectly expanded the hostname when displaying the prompt. If a remote attacker were able to modify a...

Ubuntu: Security Advisory (USN-3294-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-3294-1: Bash vulnerabilities

Bernd Dietzel discovered that Bash incorrectly expanded the hostname when displaying the prompt. If a remote attacker were able to modify a hostname, this flaw could be exploited to execute arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. CVE-2016-0634...

USN-3294-1 bash vulnerabilities

Bernd Dietzel discovered that Bash incorrectly expanded the hostname when displaying the prompt. If a remote attacker were able to modify a hostname, this flaw could be exploited to execute arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. CVE-2016-0634...

SUSE SLED12 / SLES12 Security Update : bash (SUSE-SU-2017:1317-1)

This update for bash fixes an issue that could lead to syntax errors when parsing scripts that use expr1 inside loops. Additionally, the popd build-in now ensures that the normalized stack offset is within bounds before trying to free that stack entry. This fixes a segmentation fault. Note that...

SUSE-SU-2017:1317-1 Security update for bash

This update for bash fixes an issue that could lead to syntax errors when parsing scripts that use expr1 inside loops. Additionally, the popd build-in now ensures that the normalized stack offset is within bounds before trying to free that stack entry. This fixes a segmentation fault...

CVE-2017-8799

Untrusted input execution via igetwild in all iRODS versions before 4.1.11 and 4.2.1 allows other iRODS users potentially anonymous to execute remote shell commands via iRODS virtual pathnames. To exploit this vulnerability, a virtual iRODS pathname that includes a semicolon would be retrieved vi...

Qmail SMTP Bash Environment Variable Injection (Shellshock)

This module exploits a shellshock vulnerability on Qmail, a public domain MTA written in C that runs on Unix systems. Due to the lack of validation on the MAIL FROM field, it is possible to execute shell code on a system with a vulnerable BASH Shellshock. This flaw works on the latest Qmail...

EulerOS 2.0 SP2 : bash (EulerOS-SA-2017-1032)

According to the version of the bash package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Bash before 4.4 allows local users to execute arbitrary commands with root privileges via crafted SHELLOPTS and PS4 environment variablesCVE-2016-7543...

EulerOS 2.0 SP1 : bash (EulerOS-SA-2017-1031)

According to the version of the bash package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Bash before 4.4 allows local users to execute arbitrary commands with root privileges via crafted SHELLOPTS and PS4 environment variablesCVE-2016-7543...

Exploit for OS Command Injection in Gnu Bash

CVE-2014-6271 python2.7 - Start listenin...

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2017-0009

An update of bash packages for PhotonOS has been released...

Adobe (Multiple Products) - XML Injection File Content Disclosure

Adobe Multiple Products - XML Injection File Content Disclosure !/bin/bash Exploit Title: Adobe XML Injection file content disclosure Date: 07-04-2017 Exploit Author: Thomas Sluyter Website: https://www.kilala.nl Vendor Homepage: http://www.adobe.com/support/security/bulletins/apsb10-05.html...

Scientific Linux Security Update : bash on SL6.x i386/x86_64 (20170321)

Security Fixes : - An arbitrary command injection flaw was found in the way bash processed the hostname value. A malicious DHCP server could use this flaw to execute arbitrary commands on the DHCP client machines running bash under specific circumstances. CVE-2016-0634 - An arbitrary command...

OracleVM 3.3 / 3.4 : bash (OVMSA-2017-0050)

The remote OracleVM system is missing necessary patches to address critical security updates : - Fix signal handling in read builtin Resolves: 1421926 - CVE-2016-9401 - Fix crash when '-' is passed as second sign to popd Resolves: 1396383 - CVE-2016-7543 - Fix for arbitrary code execution via...

Authentication flaw

The path autocompletion feature in Bash 4.4 allows local users to gain privileges via a crafted filename starting with a " double quote character and a command substitution metacharacter...

CVE-2017-5932

The path autocompletion feature in Bash 4.4 allows local users to gain privileges via a crafted filename starting with a " double quote character and a command substitution metacharacter...

DEBIAN-CVE-2017-5932

The path autocompletion feature in Bash 4.4 allows local users to gain privileges via a crafted filename starting with a " double quote character and a command substitution metacharacter...

CVE-2017-5932

The path autocompletion feature in Bash 4.4 allows local users to gain privileges via a crafted filename starting with a " double quote character and a command substitution metacharacter...

CVE-2017-5932

The path autocompletion feature in Bash 4.4 allows local users to gain privileges via a crafted filename starting with a " double quote character and a command substitution metacharacter...