GNU Bash Environment Variable Command Injection Vulnerability
|
Información sobre el sistema
|
|
|
Software afectado |
Cisco |
Descripción
|
On September 24, 2014, a vulnerability in the Bash shell was publicly announced. The vulnerability is related to the way in which shell functions are passed though environment variables. The vulnerability may allow an attacker to inject commands into a Bash shell, depending on how the shell is invoked. The Bash shell may be invoked by a number of processes including, but not limited to, telnet, SSH, DHCP, and scripts hosted on web servers.All versions of GNU Bash starting with version 1.14 are
More info:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=GNU%20Bash%20Environment%20Variable%20Command%20Injection%20Vulnerability&vs_ |
Identificadores estándar
|
Propiedad |
Valor |
CVE |
CVE-2014-6271 ,CVE-2014-6277 ,CVE-2014-6278 ,CVE-2014-7169 ,CVE-2014-7186 and CVE-2014-7187. |