oss-sec mailing list archives



CVE-2014-6271: remote code execution through bash

Stephane Chazelas discovered a vulnerability in bash, related to how environment variables are processed: trailing code in function definitions was executed, independent of the variable name. In many common configurations, this vulnerability is exploitable over the network. Chet Ramey, the GNU bash upstream maintainer, will soon release official upstream patches.

By Date By Thread

Current thread: