Vulnerability Details : CVE-2012-3410
Stack-based buffer overflow in lib/sh/eaccess.c in GNU Bash before 4.2 patch 33 might allow local users to bypass intended restricted shell access via a long filename in /dev/fd, which is not properly handled when expanding the /dev/fd prefix.
Vulnerability category: Overflow
Products affected by CVE-2012-3410
- cpe:2.3:a:gnu:bash:4.2:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2012-3410
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 6 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2012-3410
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.6
|
MEDIUM | AV:L/AC:L/Au:N/C:P/I:P/A:P |
3.9
|
6.4
|
NIST |
CWE ids for CVE-2012-3410
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-3410
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/77551
GNU Bash dev/fd buffer overflow CVE-2012-3410 Vulnerability Report
-
http://www.openwall.com/lists/oss-security/2012/07/11/11
oss-security - CVE Request: Overflow fix in bash 4.2 patch 33
-
ftp://ftp.gnu.org/pub/gnu/bash/bash-4.2-patches/bash42-033
Patch
-
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=681278
#681278 - bash: CVE-2012-3410: Stack-based buffer overflow - Debian Bug report logsPatch
-
http://security.gentoo.org/glsa/glsa-201210-05.xml
Bash: Multiple vulnerabilities (GLSA 201210-05) — Gentoo security
-
http://www.openwall.com/lists/oss-security/2012/07/12/4
oss-security - Re: CVE Request: Overflow fix in bash 4.2 patch 33
-
http://www.openwall.com/lists/oss-security/2012/07/11/22
oss-security - Re: CVE Request: Overflow fix in bash 4.2 patch 33
-
https://hermes.opensuse.org/messages/15227834
openSUSE.org - 503
-
http://www.securityfocus.com/bid/54937
GNU Bash Remote Stack Based Buffer Overflow Vulnerability
-
http://www.mandriva.com/security/advisories?name=MDVSA-2012:128
mandriva.com
Jump to