[arch-security] [Arch Linux Security Advisory 201409-2] bash: Remote code execution
Remi Gacogne
rgacogne-arch at coredump.fr
Fri Sep 26 08:38:37 UTC 2014
Arch Linux Security Advisory 201409-2
=====================================
Severity: Critical
Date : 2014-09-26
CVE-ID : CVE-2014-6271, CVE-2014-7169
Package : bash
Type : Remote code execution
Remote : Yes
Link : https://wiki.archlinux.org/index.php/CVE-2014
Summary
=======
The package bash before version 4.3.026-1 is vulnerable to remote code
execution.
Resolution
==========
Upgrade to 4.3.026-1.
$ pacman -Syu "bash>=4.3.026-1"
The problem has not been fixed upstream yet, though some patches were
released [1].
Workaround
==========
It is possible to work around this issue by replacing bash with a
non-affected shell, for example dash, when specifics bash features are
not needed.
Description
===========
GNU Bash through 4.3 bash43-025 processes trailing strings after
certain malformed function definitions in the values of environment
variables, which allows remote attackers to write to files or possibly
have unknown other impact via a crafted environment, as demonstrated by
vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi
and mod_cgid modules in the Apache HTTP Server, scripts executed by
unspecified DHCP clients, and other situations in which setting the
environment occurs across a privilege boundary from Bash execution.
References
==========
[1] http://ftp.gnu.org/gnu/bash/bash-4.3-patches/
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7169
https://bugs.archlinux.org/task/42109
http://lcamtuf.blogspot.fr/2014/09/quick-notes-about-bash-bug-its-impact.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.archlinux.org/pipermail/arch-security/attachments/20140926/017b4675/attachment-0001.asc>
More information about the arch-security
mailing list