Stack-based Buffer Overflow Vulnerability in GNU Bash
CVE-2012-3410

Currently unrated

Key Information:

Vendor: Gnu
Status: Bash
Vendor: CVE Published:; 27 August 2012

Summary

A stack-based buffer overflow vulnerability exists in the GNU Bash implementation before version 4.2 patch 33. This flaw can be exploited by local users who manipulate long filenames in /dev/fd, potentially bypassing intended restricted shell access. The issue arises from improper handling of filename expansions, compromising the security of the shell environment. As such, this vulnerability could enable unauthorized actions within a system, affecting its integrity and confidentiality.

References

http://www.openwall.com/lists/oss-security/2012/07/11/22

mailing-listx_refsource_MLIST

http://www.mandriva.com/security/advisories?name=MDVSA-20...

vendor-advisoryx_refsource_MANDRIVA

https://exchange.xforce.ibmcloud.com/vulnerabilities/77551

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Aug 27, 2012
Vulnerability Reserved
Jun 14, 2012