After further investigation of the Shellshock vulnerability, vulnerability researchers uncovered two more bugs that affect Gnu BASH parser, 'parse.y'.
What are these Vulnerabilities?
According to the National Vulerability Database, the Bash parser 'parse.y' is affected by the following vulnerabilities:
Fixed-sized redir_stack issue (CVE-2014-7186)
"The redirection implementation in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted use of here documents, aka the "redir_stack" issue."
"Off-by-one error in the read_token_word function in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via deeply nested for loops, aka the "word_lineno" issue."
Who are affected?
Similar to Shellshock, some of Trend Micro products that are designed to run on or protect Linux-based platforms, may be affected by this vulnerability. This article contains the list of products that are affected and the recommended action to take to eliminate the risks as they are identified and corrected.
Trend Micro products that are running on Windows are not affected by this Vulnerability. Trend external servers including SaaS servers are also unaffected.
Trend Micro Linux, Unix, or Mac-based products that are not Affected
|Deep Security as a Service||All|
|Safesync for Business||All|
|Home and Home |
Linux, Unix, or Mac-based products that require updates
What if my product is not listed?
If the product has not reached End- of-Support, it is most likely that Trend Micro is still analyzing the vulnerability and it’s impact on your product. As soon as the analysis is completed, the product will be added in the list.
What if I have additional questions?
For additional inquiries, contact Technical Support.