CVE-2014-6271: remote code execution through bash, time to patch!

“Stephane Chazelas discovered a vulnerability in bash, related to how environment variables are processed: trailing code in function definitions was executed, independent of the variable name.”

In many common configurations, this vulnerability is exploitable over the network.

This vulnerability is actually really bad and you want to patch any Internet-facing systems ASAP! It allows remote, unauthenticated attackers to run code on vulnerable systems. It scores a 10 on the NVD severity scale:

The good news is that it’s an easy fix:

Debian (Ubuntu, etc.):

sudo apt-get update
sudo apt-get upgrade bash

RHEL (Fedora, CentOS, etc.):

sudo yum update bash


Please refer to your operating system vendor’s instructions, for example:



No comments yet.

Leave a Reply