CVE-2014-6271 (retired)

GNU Bash through 4.3 processes trailing strings after function definitions
in the values of environment variables, which allows remote attackers to
execute arbitrary code via a crafted environment, as demonstrated by
vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and
mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified
DHCP clients, and other situations in which setting the environment occurs
across a privilege boundary from Bash execution, aka "ShellShock." NOTE:
the original fix for this issue was incorrect; CVE-2014-7169 has been
assigned to cover the vulnerability that is still present after the
incorrect fix.
mdeslaurAfter updates were released for this issue, it was discovered
that the fix was incomplete. The new issue is being tracked
as CVE-2014-7169.
Source: bash (LP Ubuntu Debian)
Ubuntu 14.04 ESM (Trusty Tahr):released (4.3-9ubuntu2)
More Information

Updated: 2019-10-09 07:50:57 UTC (commit 33aea848a182c0afcd0a3f927a01a7ecd9a061ee)