[arch-security] [Arch Linux Security Advisory 201409-2] bash: Remote code execution

Arch Linux Security Advisory 201409-2
=====================================

Severity: Critical
Date    : 2014-09-26
CVE-ID  : CVE-2014-6271, CVE-2014-7169
Package : bash
Type    : Remote code execution
Remote  : Yes
Link    : https://wiki.archlinux.org/index.php/CVE-2014

Summary
=======

The package bash before version 4.3.026-1 is vulnerable to remote code
execution.

Resolution
==========

Upgrade to 4.3.026-1.

$ pacman -Syu “bash>=4.3.026-1”

The problem has not been fixed upstream yet, though some patches were
released [1].

Workaround
==========

It is possible to work around this issue by replacing bash with a
non-affected shell, for example dash, when specifics bash features are
not needed.

Description
===========

GNU Bash through 4.3 bash43-025 processes trailing strings after
certain malformed function definitions in the values of environment
variables, which allows remote attackers to write to files or possibly
have unknown other impact via a crafted environment, as demonstrated by
vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi
and mod_cgid modules in the Apache HTTP Server, scripts executed by
unspecified DHCP clients, and other situations in which setting the
environment occurs across a privilege boundary from Bash execution.

This entry was posted in arch-linux and tagged , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *