Slashdot Mirror

← Back to Stories (view on slashdot.org)

Remote Exploit Vulnerability Found In Bash

Posted by Soulskill on from the don't-bash-bash dept.

kdryer39 sends this news from CSO: A remotely exploitable vulnerability has been discovered by Stephane Chazelas in bash on Linux, and it is unpleasant. The vulnerability has the CVE identifier CVE-2014-6271. This affects Debian as well as other Linux distributions. The major attack vectors that have been identified in this case are HTTP requests and CGI scripts. Another attack surface is OpenSSH through the use of AcceptEnv variables. Also through TERM and SSH_ORIGINAL_COMMAND. An environmental variable with an arbitrary name can carry a nefarious function which can enable network exploitation.

2 of 399 comments (clear)

  1. Re:Thanks god by TechyImmigrant · · Score: 0, Troll

    Thanks god I am using windows.

    Umm. Russian ransomware takes advantage of Windows PowerShell

    --
    I should use this sig to advertise my book ISBN-13 : 978-1501515132.
  2. Re:Dangerous by Anonymous Coward · · Score: 0, Troll

    That was yesterday. Hipster feminists of 2014 use.

    bash man bash