CVE-2012-6711 (bash, enterprise_linux)

A heap-based buffer overflow exists in GNU Bash before 4.3 when wide characters, not supported by the current locale set in the LC_CTYPE environment variable, are printed through the echo built-in function. A local attacker, who can provide data to print through the "echo -e" built-in function, may use this flaw to crash a script or execute code with the privileges of the bash process. This occurs because ansicstr() in lib/sh/strtrans.c mishandles u32cconv().

View Full Alert

Related Posts

  • CVE-2017-6261 (vibrante_linux)

    NVIDIA Vibrante Linux version 1.1, 2.0, and 2.2 contains a vulnerability in the user space driver in which protection mechanisms are insufficient, may lead to denial of service or information…

  • CVE-2003-0367 (debian_linux, gzip)

    znew in the gzip package allows local users to overwrite arbitrary files via a symlink attack on temporary files.

  • CVE-2019-12749 (dbus, ubuntu_linux)

    dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 (and in some, less common, uses of dbus-daemon), allows cookie…