Rapid7 Vulnerability & Exploit Database

RHSA-2014:1294: bash security update

Back to Search

RHSA-2014:1294: bash security update

Severity
10
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Published
09/24/2014
Created
07/25/2018
Added
09/24/2014
Modified
10/01/2019

Description

The GNU Bourne Again shell (Bash) is a shell and command languageinterpreter compatible with the Bourne shell (sh). Bash is the defaultshell for Red Hat Enterprise Linux.A flaw was found in the way Bash evaluated certain specially craftedenvironment variables. An attacker could use this flaw to override orbypass environment restrictions to execute shell commands. Certainservices and applications allow remote unauthenticated attackers toprovide environment variables, allowing them to exploit this issue.(CVE-2014-6271)For additional information on the CVE-2014-6271 flaw, refer to theKnowledgebase article at https://access.redhat.com/articles/1200223Red Hat would like to thank Stephane Chazelas for reporting this issue.All bash users are advised to upgrade to these updated packages, whichcontain a backported patch to correct this issue.

Solution(s)

  • redhat-upgrade-bash
  • redhat-upgrade-bash-debuginfo
  • redhat-upgrade-bash-doc

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;