[Novalug] CVE-2014-6271: Bash Code Injection Vulnerability
Jared Scott
jared@jaredscott.com
Wed Sep 24 17:29:03 EDT 2014
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271
http://seclists.org/oss-sec/2014/q3/649
https://access.redhat.com/articles/1200223
How does this impact systems
This issue affects all products which use the Bash shell and parse values
of environment variables. This issue is especially dangerous as there are
many possible ways Bash can be called by an application. Quite often if an
application executes another binary, Bash is invoked to accomplish this.
Because of the pervasive use of the Bash shell, this issue is quite serious
and should be treated as such.
More information about the Novalug
mailing list