Critical Update: RHEL Bash Code Injection Vulnerability via Specially Crafted Environment Variables (CVE-2014-6271, aka Shellshock)

  Print

Red Hat has been made aware of a vulnerability affecting all versions of the bash package as shipped with Red Hat products. This vulnerability CVE-2014-6271 could allow for arbitrary code execution. Certain services and applications allow remote unauthenticated attackers to provide environment variables, allowing them to exploit this issue.

How does this impact systems

This issue affects all products which use the Bash shell and parse values of environment variables. This issue is especially dangerous as there are many possible ways Bash can be called by an application. Quite often if an application executes another binary, Bash is invoked to accomplish this. Because of the pervasive use of the Bash shell, this issue is quite serious and should be treated as such.
All versions prior to those listed as updates for this issue are vulnerable to some degree.
See the appropriate remediation article for specifics.

RHEL 4 - 7 are affected

https://access.redhat.com/articles/1200223


All our linux servers have been patched and are secure. Dedicated server clients, please take suitable action.

 


Did you find this article useful?   0 out of 0 people found this article useful.

Related Articles


  • Comments

Add Comment

Replying to  

Self-Hosted Help Desk Software by SupportPal.

Login

 
Forgot password?
Register now