CVE-2014-6271

Priority
Description
GNU Bash through 4.3 processes trailing strings after function definitions
in the values of environment variables, which allows remote attackers to
execute arbitrary code via a crafted environment, as demonstrated by
vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and
mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified
DHCP clients, and other situations in which setting the environment occurs
across a privilege boundary from Bash execution, aka "ShellShock." NOTE:
the original fix for this issue was incorrect; CVE-2014-7169 has been
assigned to cover the vulnerability that is still present after the
incorrect fix.
Notes
 mdeslaur> After updates were released for this issue, it was discovered
 mdeslaur> that the fix was incomplete. The new issue is being tracked
 mdeslaur> as CVE-2014-7169.
Assigned-to
mdeslaur
Package
Source: bash (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 14.04 LTS (Trusty Tahr):released (4.3-7ubuntu1.1)
More Information

Updated: 2018-10-31 21:17:01 UTC (commit cfa7cf69d76449ccff972ac22f40976a08d908c2)