A stack-based buffer overflow flaw was found in the way bash, the GNU Bourne Again shell, expanded certain /dev/fd file names when checking file names ('test' command) and evaluating /dev/fd file names in conditinal command expressions. A remote attacker could provide a specially-crafted Bash script that, when executed, would cause the bash executable to crash. References: [1] ftp://ftp.gnu.org/pub/gnu/bash/bash-4.2-patches/bash42-033 [2] http://www.openwall.com/lists/oss-security/2012/07/11/11 [3] http://www.openwall.com/lists/oss-security/2012/07/12/4 [4] http://lists.gnu.org/archive/html/bug-bash/2012-07/msg00027.html [5] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=681278 [6] https://bugzilla.novell.com/show_bug.cgi?id=770795
This issue affects the versions of the bash package, as shipped with Red Hat Enterprise Linux 5 and 6. -- This issue did NOT affect the versions of the bash package, as shipped with Fedora release of 16 and 17, as they got already corrected.
Statement: Red Hat does not consider this do be a security issue. The affected code is present in Red Hat Enterprise Linux 5 and 6, but due to use of FORTIFY_SOURCE protections the impact would be limited to a crash. Therefore, there are no plans to correct this issue in Red Hat Enterprise Linux 5 and 6.