[CVE-2014-6271] bash: specially-crafted environment variables can be used to inject shell commands
31 views
Skip to first unread message
Zhang Huangbin
Sep 24, 2014, 7:59:50 PM9/24/14
to ired...@googlegroups.com
Dear all,
You may want to update your system to get a patched bash shell immediately. Quote
from Red Hat web site:
"How does this impact systems
This issue affects all products which use the Bash shell and parse values of environment variables. This issue is especially dangerous as there are many possible ways Bash can be called by an application. Quite often if an application executes another binary, Bash is invoked to accomplish this. Because of the pervasive use of the Bash shell, this issue is quite serious and should be treated as such.
All versions prior to those listed as updates for this issue are vulnerable to some degree.
See the appropriate remediation article for specifics."
References:
*) Detailed article: Bash Code Injection Vulnerability via Specially Crafted Environment
Variables (CVE-2014-6271):
https://access.redhat.com/articles/1200223
*) CWE: http://cwe.mitre.org/data/definitions/78.html
----
Zhang Huangbin, founder of iRedMail project: http://www.iredmail.org/
You may want to update your system to get a patched bash shell immediately. Quote
from Red Hat web site:
"How does this impact systems
This issue affects all products which use the Bash shell and parse values of environment variables. This issue is especially dangerous as there are many possible ways Bash can be called by an application. Quite often if an application executes another binary, Bash is invoked to accomplish this. Because of the pervasive use of the Bash shell, this issue is quite serious and should be treated as such.
All versions prior to those listed as updates for this issue are vulnerable to some degree.
See the appropriate remediation article for specifics."
References:
*) Detailed article: Bash Code Injection Vulnerability via Specially Crafted Environment
Variables (CVE-2014-6271):
https://access.redhat.com/articles/1200223
*) CWE: http://cwe.mitre.org/data/definitions/78.html
----
Zhang Huangbin, founder of iRedMail project: http://www.iredmail.org/
Reply all
Reply to author
Forward
0 new messages