CVE-2014-6271: Bash lets you do bad thingsgozen
I am sure you’ve heard but about a critical vulnerability in BASH (Bourne Again Shell) which is the default shell in many Linux and BSD distributions.
An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Certain services and applications allow remote unauthenticated attackers to provide environment variables, allowing them to exploit this issue.
This vulnerability allows code injection via environment variables.
I’ve listed below links for information on how to patch it, in the majority of cases, you can simply run the systems automated package installer to install the new version of BASH.
These links are provided without warranty
- General Information
- Redhat – How does this impact systems
- Centos – Critical update for bash
- Debian – Security Advisory
- Ubuntu – Security Notice USN-2362-1
- FreeBSD – remote code execution vulnerability
- OSX – How to recompile Bash
Some Android distributions as well as some reports of jailbreaked iPhones have vulnerabilities. Keep your eyes open for patches on these platforms.
We have both been made aware of some malware being spread via this vulnerability and the new version of it.
You may also check here for more information: RedHat Bugzilla