Project

General

Profile

Bug #6655

Bug #6653: bash: popd controlled free (CVE-2016-9401)

[3.5] bash:popd controlled free (CVE-2016-9401)

Added by Alicha CH over 2 years ago. Updated over 2 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Security
Target version:
Start date:
01/10/2017
Due date:
% Done:

100%

Estimated time:
Affected versions:
Security IDs:

Description

A vulnerability was found in popd. It can be tricked to free a user supplied address in the following way:

$ popd +-111111

This could be used to bypass restricted shells (rsh) on some environments to cause use-after-free.

Reference:

https://lists.gnu.org/archive/html/bug-bash/2016-11/msg00099.html
http://seclists.org/oss-sec/2016/q4/445

Patch:

https://lists.gnu.org/archive/html/bug-bash/2016-11/msg00116.html

Associated revisions

Revision 88fc2ef0 (diff)
Added by Sergei Lukin over 2 years ago

main/bash: security fixes #6655

CVE-2016-9401

History

#1 Updated by Natanael Copa over 2 years ago

  • Target version changed from 3.5.0 to 3.5.1

#2 Updated by Sergei Lukin over 2 years ago

  • Status changed from New to Resolved
  • % Done changed from 0 to 100

#3 Updated by Alicha CH over 2 years ago

  • Category set to Security
  • Status changed from Resolved to Closed

Also available in: Atom PDF