Stack-based Buffer Overflow Vulnerability in GNU Bash
CVE-2012-3410

Currently unrated

Key Information:

Vendor: Gnu
Status: Bash
Vendor: CVE Published:; 27 August 2012

What is CVE-2012-3410?

A stack-based buffer overflow vulnerability exists in the GNU Bash implementation before version 4.2 patch 33. This flaw can be exploited by local users who manipulate long filenames in /dev/fd, potentially bypassing intended restricted shell access. The issue arises from improper handling of filename expansions, compromising the security of the shell environment. As such, this vulnerability could enable unauthorized actions within a system, affecting its integrity and confidentiality.

References

http://www.openwall.com/lists/oss-security/2012/07/11/22

mailing-listx_refsource_MLIST

http://www.mandriva.com/security/advisories?name=MDVSA-20...

vendor-advisoryx_refsource_MANDRIVA

https://exchange.xforce.ibmcloud.com/vulnerabilities/77551

vdb-entryx_refsource_XF

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 27, 2012
Vulnerability Reserved
Jun 14, 2012

Gnu

What is CVE-2012-3410?

References

Timeline