CVE-2012-3410 fix in bash-3.2-32.el5

Issues related to software problems.
Post Reply
Naveen
Posts: 12
Joined: 2014/05/22 09:44:52

CVE-2012-3410 fix in bash-3.2-32.el5

Post by Naveen » 2014/05/26 07:37:06

Hi Team,

I am having bash 3.2-32.el5 i386 architecture
This version is affected with CVE-2012-3410
This is fixed in 4.2 patch no33 onwards.
But i cant able to get 4.2 bash rpm in i386 architecture.
How to proceed in order to fix this Vulnerability in bash-3.2-32.el5 version itself?
I have fixed code changes for this Vulnerability. Can I create a patch for this and is that can be applied to bash-3.2-32.el5 version itself?

ThanksInAdvance,
Naveen.

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: CVE-2012-3410 fix in bash-3.2-32.el5

Post by TrevorH » 2014/05/26 15:05:41

The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

Naveen
Posts: 12
Joined: 2014/05/22 09:44:52

Re: CVE-2012-3410 fix in bash-3.2-32.el5

Post by Naveen » 2014/05/30 06:39:07

Hi TrevorH,

In the above link, I see below statement

"Statement
Red Hat does not consider this do be a security issue. The affected code is present in Red Hat Enterprise Linux 5 and 6, but due to use of FORTIFY_SOURCE protections the impact would be limited to a crash. Therefore, there are no plans to correct this issue in Red Hat Enterprise Linux 5 and 6."

So in CentOS 5 also this Vulnerability is not corrected?

Please correct me, if i'm wrong.

Thanks,
Naveen.

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: CVE-2012-3410 fix in bash-3.2-32.el5

Post by TrevorH » 2014/05/30 08:57:15

The vulnerabiity is not present...
due to use of FORTIFY_SOURCE protections the impact would be limited to a crash
Crash not exploit.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

Naveen
Posts: 12
Joined: 2014/05/22 09:44:52

Re: CVE-2012-3410 fix in bash-3.2-32.el5

Post by Naveen » 2014/05/30 11:32:22

Thanks alot TrevorH :)

Post Reply