Hi Team,
I am having bash 3.2-32.el5 i386 architecture
This version is affected with CVE-2012-3410
This is fixed in 4.2 patch no33 onwards.
But i cant able to get 4.2 bash rpm in i386 architecture.
How to proceed in order to fix this Vulnerability in bash-3.2-32.el5 version itself?
I have fixed code changes for this Vulnerability. Can I create a patch for this and is that can be applied to bash-3.2-32.el5 version itself?
ThanksInAdvance,
Naveen.
CVE-2012-3410 fix in bash-3.2-32.el5
Re: CVE-2012-3410 fix in bash-3.2-32.el5
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Re: CVE-2012-3410 fix in bash-3.2-32.el5
Hi TrevorH,
In the above link, I see below statement
"Statement
Red Hat does not consider this do be a security issue. The affected code is present in Red Hat Enterprise Linux 5 and 6, but due to use of FORTIFY_SOURCE protections the impact would be limited to a crash. Therefore, there are no plans to correct this issue in Red Hat Enterprise Linux 5 and 6."
So in CentOS 5 also this Vulnerability is not corrected?
Please correct me, if i'm wrong.
Thanks,
Naveen.
In the above link, I see below statement
"Statement
Red Hat does not consider this do be a security issue. The affected code is present in Red Hat Enterprise Linux 5 and 6, but due to use of FORTIFY_SOURCE protections the impact would be limited to a crash. Therefore, there are no plans to correct this issue in Red Hat Enterprise Linux 5 and 6."
So in CentOS 5 also this Vulnerability is not corrected?
Please correct me, if i'm wrong.
Thanks,
Naveen.
Re: CVE-2012-3410 fix in bash-3.2-32.el5
The vulnerabiity is not present...
Crash not exploit.due to use of FORTIFY_SOURCE protections the impact would be limited to a crash
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Re: CVE-2012-3410 fix in bash-3.2-32.el5
Thanks alot TrevorH