[ MDVSA-2014:186 ] bash

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2014:186
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : bash
 Date    : September 24, 2014
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 A flaw was found in the way Bash evaluated certain specially crafted
 environment variables. An attacker could use this flaw to override or
 bypass environment restrictions to execute shell commands. Certain
 services and applications allow remote unauthenticated attackers to
 provide environment variables, allowing them to exploit this issue
 (CVE-2014-6271).
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271
 https://rhn.redhat.co

007 Software

[ MDVSA-2014:186 ] bash

Leave a Reply Cancel reply

Software and Security Information