CVE-2014-6271 (retired)

GNU Bash through 4.3 processes trailing strings after function definitions
in the values of environment variables, which allows remote attackers to
execute arbitrary code via a crafted environment, as demonstrated by
vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and
mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified
DHCP clients, and other situations in which setting the environment occurs
across a privilege boundary from Bash execution, aka "ShellShock." NOTE:
the original fix for this issue was incorrect; CVE-2014-7169 has been
assigned to cover the vulnerability that is still present after the
incorrect fix.
 mdeslaur> After updates were released for this issue, it was discovered
 mdeslaur> that the fix was incomplete. The new issue is being tracked
 mdeslaur> as CVE-2014-7169.
Source: bash (LP Ubuntu Debian)
Ubuntu 14.04 LTS (Trusty Tahr):released (4.3-7ubuntu1.1)
More Information

Updated: 2019-03-26 12:13:26 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)