serious and widespread Bash vulnerability CVE-2014-6271

["Keller, Alex" <axkeller () STANFORD EDU>]

Hi Folks,

This Bash vulnerability appears to be serious and widespread (CVSS 10/High):
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271
https://www.us-cert.gov/ncas/current-activity/2014/09/24/Bourne-Again-Shell-Bash-Remote-Code-Execution-Vulnerability

Best,
alex


[NCCIC / US-CERT]

National Cyber Awareness System:
Bourne Again Shell (Bash) Remote Code Execution 
Vulnerability<https://www.us-cert.gov/ncas/current-activity/2014/09/24/Bourne-Again-Shell-Bash-Remote-Code-Execution-Vulnerability>
09/24/2014 06:06 PM EDT

Original release date: September 24, 2014

US-CERT is aware of a Bash vulnerability affecting Unix-based operating systems such as Linux and Mac OS X. 
Exploitation of this vulnerability may allow a remote attacker to execute arbitrary code on an affected system.

US-CERT recommends users and administrators review the Redhat Security 
Blog<https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/> 
for additional details and to refer to their respective Linux or Unix-based OS vendor(s) for an appropriate patch. A 
GNU Bash patch<http://lists.gnu.org/archive/html/bug-bash/2014-09/threads.html> is also available for experienced users 
and administrators to implement.

Operating systems with updates include:

  *   CentOS<http://lists.centos.org/pipermail/centos/2014-September/146099.html>
  *   Debian<https://www.debian.org/security/2014/dsa-3032>
  *   Redhat<https://access.redhat.com/site/solutions/1207723>


Alex Keller
Information Technology
Stanford School of Engineering
axkeller () stanford edu<mailto:axkeller () stanford edu>
(650) 736-6421
[SoE_IT_Logo]