10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.976 High
EPSS
Percentile
100.0%
Issue Overview:
GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution.
NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271 and this bulletin is a follow-up to ALAS-2014-418 (https://alas.aws.amazon.com/ALAS-2014-418.html).
It was discovered that the fixed-sized redir_stack could be forced to overflow in the Bash parser, resulting in memory corruption, and possibly leading to arbitrary code execution when evaluating untrusted input that would not otherwise be run as code.
An off-by-one error was discovered in the way Bash was handling deeply nested flow control constructs. Depending on the layout of the .bss segment, this could allow arbitrary execution of code that would not otherwise be executed by Bash.
Special notes:
Because of the exceptional nature of this security event, we have backfilled our 2014.03, 2013.09, and 2013.03 Amazon Linux AMI repositories with new bash packages that also fix both CVE-2014-7169 and CVE-2014-6271.
For 2014.09 Amazon Linux AMIs, bash-4.1.2-15.21.amzn1
addresses both CVEs. Running yum clean all
followed by yum update bash
will install the fixed package.
For Amazon Linux AMIs locked (https://aws.amazon.com/amazon-linux-ami/faqs/#lock) to the 2014.03 repositories, bash-4.1.2-15.21.amzn1
also addresses both CVEs. Running yum clean all
followed by yum update bash
to the 2013.09 or 2013.03 repositories, bash-4.1.2-15.18.22.amzn1
addresses both CVEs. Running yum clean all
followed by yum update bash
will install the fixed package.
For Amazon Linux AMIs locked (https://aws.amazon.com/amazon-linux-ami/faqs/#lock) to the 2012.09, 2012.03, or 2011.09 repositories, run yum clean all
followed by yum --releasever=2013.03 update bash
to install only the updated bash package.
If you are using a pre-2011.09 Amazon Linux AMI, then you are using a version of the Amazon Linux AMI that was part of our public beta, and we encourage you to move to a newer version of the Amazon Linux AMI as soon as possible.
Affected Packages:
bash
Issue Correction:
Run yum update bash to update your system. Note that you may need to run yum clean all first.
New Packages:
i686:
bash-debuginfo-4.1.2-15.21.amzn1.i686
bash-doc-4.1.2-15.21.amzn1.i686
bash-4.1.2-15.21.amzn1.i686
src:
bash-4.1.2-15.21.amzn1.src
x86_64:
bash-doc-4.1.2-15.21.amzn1.x86_64
bash-debuginfo-4.1.2-15.21.amzn1.x86_64
bash-4.1.2-15.21.amzn1.x86_64
Red Hat: CVE-2014-7169, CVE-2014-7186, CVE-2014-7187
Mitre: CVE-2014-7169, CVE-2014-7186, CVE-2014-7187
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Amazon Linux | 1 | i686 | bash-debuginfo | < 4.1.2-15.21.amzn1 | bash-debuginfo-4.1.2-15.21.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | bash-doc | < 4.1.2-15.21.amzn1 | bash-doc-4.1.2-15.21.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | bash | < 4.1.2-15.21.amzn1 | bash-4.1.2-15.21.amzn1.i686.rpm |
Amazon Linux | 1 | x86_64 | bash-doc | < 4.1.2-15.21.amzn1 | bash-doc-4.1.2-15.21.amzn1.x86_64.rpm |
Amazon Linux | 1 | x86_64 | bash-debuginfo | < 4.1.2-15.21.amzn1 | bash-debuginfo-4.1.2-15.21.amzn1.x86_64.rpm |
Amazon Linux | 1 | x86_64 | bash | < 4.1.2-15.21.amzn1 | bash-4.1.2-15.21.amzn1.x86_64.rpm |
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.976 High
EPSS
Percentile
100.0%