oss-sec mailing list archives

CVE-2014-6271: remote code execution through bash

From: Florian Weimer <fw () deneb enyo de>
Date: Wed, 24 Sep 2014 16:05:51 +0200

Stephane Chazelas discovered a vulnerability in bash, related to how
environment variables are processed: trailing code in function
definitions was executed, independent of the variable name.

In many common configurations, this vulnerability is exploitable over
the network.

Chet Ramey, the GNU bash upstream maintainer, will soon release
official upstream patches.

Current thread:

CVE-2014-6271: remote code execution through bash Florian Weimer (Sep 24)
- Re: CVE-2014-6271: remote code execution through bash Florian Weimer (Sep 24)
  - Re: CVE-2014-6271: remote code execution through bash Florian Weimer (Sep 24)
    - Re: CVE-2014-6271: remote code execution through bash Solar Designer (Sep 24)
- Re: CVE-2014-6271: remote code execution through bash Solar Designer (Sep 24)
  - Re: CVE-2014-6271: remote code execution through bash Henri Salo (Sep 24)
  - Re: CVE-2014-6271: remote code execution through bash Alexander E. Patrakov (Sep 24)
    - Re: CVE-2014-6271: remote code execution through bash Chet Ramey (Sep 24)
    - Re: CVE-2014-6271: remote code execution through bash gremlin (Sep 24)
    - Re: CVE-2014-6271: remote code execution through bash Tim (Sep 24)
    - Re: CVE-2014-6271: remote code execution through bash Rich Felker (Sep 25)

(Thread continues...)