Educause Security Discussion mailing list archives
serious and widespread Bash vulnerability CVE-2014-6271
From: "Keller, Alex" <axkeller () STANFORD EDU>
Date: Thu, 25 Sep 2014 01:55:32 +0000
Hi Folks, This Bash vulnerability appears to be serious and widespread (CVSS 10/High): http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271 https://www.us-cert.gov/ncas/current-activity/2014/09/24/Bourne-Again-Shell-Bash-Remote-Code-Execution-Vulnerability Best, alex [NCCIC / US-CERT] National Cyber Awareness System: Bourne Again Shell (Bash) Remote Code Execution Vulnerability<https://www.us-cert.gov/ncas/current-activity/2014/09/24/Bourne-Again-Shell-Bash-Remote-Code-Execution-Vulnerability> 09/24/2014 06:06 PM EDT Original release date: September 24, 2014 US-CERT is aware of a Bash vulnerability affecting Unix-based operating systems such as Linux and Mac OS X. Exploitation of this vulnerability may allow a remote attacker to execute arbitrary code on an affected system. US-CERT recommends users and administrators review the Redhat Security Blog<https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/> for additional details and to refer to their respective Linux or Unix-based OS vendor(s) for an appropriate patch. A GNU Bash patch<http://lists.gnu.org/archive/html/bug-bash/2014-09/threads.html> is also available for experienced users and administrators to implement. Operating systems with updates include: * CentOS<http://lists.centos.org/pipermail/centos/2014-September/146099.html> * Debian<https://www.debian.org/security/2014/dsa-3032> * Redhat<https://access.redhat.com/site/solutions/1207723> Alex Keller Information Technology Stanford School of Engineering axkeller () stanford edu<mailto:axkeller () stanford edu> (650) 736-6421 [SoE_IT_Logo]
Current thread:
- serious and widespread Bash vulnerability CVE-2014-6271 Keller, Alex (Sep 24)
- Re: serious and widespread Bash vulnerability CVE-2014-6271 Avdagic, Indir (Sep 25)
- Re: serious and widespread Bash vulnerability CVE-2014-6271 Livio Ricciulli (Sep 25)
- Re: serious and widespread Bash vulnerability CVE-2014-6271 Avdagic, Indir (Sep 25)