CVE-2014-6271 (retired)

Priority
Description
GNU Bash through 4.3 processes trailing strings after function definitions
in the values of environment variables, which allows remote attackers to
execute arbitrary code via a crafted environment, as demonstrated by
vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and
mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified
DHCP clients, and other situations in which setting the environment occurs
across a privilege boundary from Bash execution, aka "ShellShock." NOTE:
the original fix for this issue was incorrect; CVE-2014-7169 has been
assigned to cover the vulnerability that is still present after the
incorrect fix.
Assigned-to
mdeslaur
Notes
mdeslaurAfter updates were released for this issue, it was discovered
that the fix was incomplete. The new issue is being tracked
as CVE-2014-7169.
Package
Source: bash (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 14.04 ESM (Trusty Tahr):released (4.3-9ubuntu2)
More Information

Updated: 2019-10-09 07:50:57 UTC (commit 33aea848a182c0afcd0a3f927a01a7ecd9a061ee)