Code Execution Vulnerability in GNU Bash by GNU
CVE-2014-6277

Currently unrated

Key Information:

Vendor

Gnu
Status
Bash
Vendor
CVE Published:
27 September 2014

What is CVE-2014-6277?

GNU Bash, through version 4.3, improperly parses function definitions in environment variables, enabling remote attackers to execute arbitrary code or induce a denial of service. This vulnerability arises from crafted environments that exploit command execution contexts across privilege boundaries, affecting various services such as OpenSSH's ForceCommand feature, Apache's mod_cgi and mod_cgid modules, and potentially untrusted scripts executed by DHCP clients. The issue stems from an incomplete fix related to previous vulnerabilities.

References

http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004897
x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21685749
x_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=141577137423233&w=2
vendor-advisoryx_refsource_HP

EPSS Score

86% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.