[Novalug] CVE-2014-6271: Bash Code Injection Vulnerability

Jared Scott jared@jaredscott.com
Wed Sep 24 17:29:03 EDT 2014


http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271
http://seclists.org/oss-sec/2014/q3/649
https://access.redhat.com/articles/1200223



How does this impact systems

This issue affects all products which use the Bash shell and parse values
of environment variables. This issue is especially dangerous as there are
many possible ways Bash can be called by an application. Quite often if an
application executes another binary, Bash is invoked to accomplish this.
Because of the pervasive use of the Bash shell, this issue is quite serious
and should be treated as such.



More information about the Novalug mailing list