CVE-2014-6271: remote code execution through bash (3rd vulnerability?)

It looks to me like this is still an incomplete fix. The third vulnerability I’d like to report is the feature itself in bash that allows functions to be passed in the environment, e.g.

env ls='() { echo vulnerable; }' bash -c ls

A friend of mine said this could be a vulnerability gift that keeps on giving. CVE-2014-7169 was discovered very quickly after CVE-2014-6271. Do you think that’s the end of it?

via: http://seclists.org/oss-sec/2014/q3/748

September 28, 2014 0 Comments

No comments yet.

September 2014
S	M	T	W	T	F	S
« Feb		Oct »
	1	2	3	4	5	6
7	8	9	10	11	12	13
14	15	16	17	18	19	20
21	22	23	24	25	26	27
28	29	30

Recent Tweets

New macOS zero-day, currently no PoC. https://t.co/usSM8CXUNW 5 years ago
“The exploit is highly efficient because the malicious app doesn't need admin access to retrieve passwords from the… https://t.co/wb3xu9MWL2 5 years ago
There is no way of telling whether this security flaw has been actively used or not, best practice is to assume tha… https://t.co/v3vBjImZTN 5 years ago
You can see which version of Kubernetes your nodes are running by running: kubectl get nodes. Your output tells you… https://t.co/vYrqpHsDv7 5 years ago
Kubernetes CVE-2018-1002105 allows any authenticated user to get administrative access to the cluster (using standa… https://t.co/lqv0HcFbWH 5 years ago

Follow ajrams on Twitter

SSH Access for Remote Login with OS X

Upgrade Bash via Homebrew for OS X

CVE-2014-6271: remote code execution through bash (3rd vulnerability?)

Leave a Reply

Recent Posts

Categories

Archives

Recent Tweets

CVE-2014-6271: remote code execution through bash (3rd vulnerability?)

Leave a Reply

Recent Posts

Categories

Archives

Tags

Recent Tweets