Severity
Moderate
Vendor
Canonical Ubuntu
Versions Affected
- Canonical Ubuntu 10.04 LTS and 14.04 LTS that include bash through 4.3 bash43-026
Description
Off-by-one error in the read_token_word function in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via deeply nested for loops, aka the ‘word_lineno’ issue.
The redirection implementation in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted use of here documents, aka the ‘redir_stack’ issue.
The Cloud Foundry project is unaware of vulnerable versions of bash potentially allowing a denial of service remotely. No exploits have been identified or confirmed yet.
Affected Products and Versions
Severity is moderate unless otherwise noted.
- All versions of Cloud Foundry BOSH stemcells prior to 2719.2 and prior have bash executables vulnerable to CVE-2014-7186 and CVE-2014-7187.
- All versions of Cloud Foundry runtime v187 and prior have bash executables vulnerable to CVE-2014-7186 and CVE-2014-7187.
Mitigation
Users of affected versions should apply the following mitigation:
- The Cloud Foundry project recommends that Cloud Foundry Runtime Deployments running Release v187 or earlier upgrade to v188 or later and BOSH stemcells 2719.3 or later when they are available, which are planned to contain the patched version of bash that resolves CVE-2014-7186 and CVE-2014-7187.
Credit
Florian Weimer and Todd Sabin
References
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7186
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7187
- http://boshartifacts.cloudfoundry.org/file_collections?type=stemcells
- https://github.com/cloudfoundry/cf-release
History
2014-Sep-29: Initial vulnerability report published.