Page 1 of 1

CVE-2012-3410 fix in bash-3.2-32.el5

Posted: 2014/05/26 07:37:06
by Naveen
Hi Team,

I am having bash 3.2-32.el5 i386 architecture
This version is affected with CVE-2012-3410
This is fixed in 4.2 patch no33 onwards.
But i cant able to get 4.2 bash rpm in i386 architecture.
How to proceed in order to fix this Vulnerability in bash-3.2-32.el5 version itself?
I have fixed code changes for this Vulnerability. Can I create a patch for this and is that can be applied to bash-3.2-32.el5 version itself?

ThanksInAdvance,
Naveen.

Re: CVE-2012-3410 fix in bash-3.2-32.el5

Posted: 2014/05/26 15:05:41
by TrevorH

Re: CVE-2012-3410 fix in bash-3.2-32.el5

Posted: 2014/05/30 06:39:07
by Naveen
Hi TrevorH,

In the above link, I see below statement

"Statement
Red Hat does not consider this do be a security issue. The affected code is present in Red Hat Enterprise Linux 5 and 6, but due to use of FORTIFY_SOURCE protections the impact would be limited to a crash. Therefore, there are no plans to correct this issue in Red Hat Enterprise Linux 5 and 6."

So in CentOS 5 also this Vulnerability is not corrected?

Please correct me, if i'm wrong.

Thanks,
Naveen.

Re: CVE-2012-3410 fix in bash-3.2-32.el5

Posted: 2014/05/30 08:57:15
by TrevorH
The vulnerabiity is not present...
due to use of FORTIFY_SOURCE protections the impact would be limited to a crash
Crash not exploit.

Re: CVE-2012-3410 fix in bash-3.2-32.el5

Posted: 2014/05/30 11:32:22
by Naveen
Thanks alot TrevorH :)