CVE-2014-7187

Name of the Vulnerable Software and Affected Versions bash versions prior to 4.3 bash-3.2 bash-4.1.2 bash-4.2.45 bash-debuginfo bash-debuginfo-3.2 bash-debuginfo-4.1.2 bash-debuginfo-4.2.45 bash-debugsource bash-devel bash-doc bash-doc-4.1.2 bash-doc-4.2.45 bash-loadables bash-loadables-debuginfo

Description The issue is related to multiple vulnerabilities in the bash package, which can lead to disruption of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. The problem is caused by an off-by-one error in the read token word function in parse.y, allowing remote attackers to cause a denial of service or possibly have other unspecified impacts. The vulnerability may also allow an attacker to inject commands into a Bash shell, depending on how the shell is invoked.

Recommendations For bash versions prior to 4.3, update to version 4.3 or later. For bash-3.2, update to a newer version. For bash-4.1.2, update to a newer version. For bash-4.2.45, update to a newer version. For bash-debuginfo, update to a newer version. For bash-debuginfo-3.2, update to a newer version. For bash-debuginfo-4.1.2, update to a newer version. For bash-debuginfo-4.2.45, update to a newer version. For bash-debugsource, update to a newer version. For bash-devel, update to a newer version. For bash-doc, update to a newer version. For bash-doc-4.1.2, update to a newer version. For bash-doc-4.2.45, update to a newer version. For bash-loadables, update to a newer version. For bash-loadables-debuginfo, update to a newer version. As a temporary workaround, consider disabling the read token word function until a patch is available. Restrict access to the vulnerable bash package to minimize the risk of exploitation. Avoid using the bash shell until the issue is resolved.