Univention Bugzilla – Bug 36005
bash: Missing sanitising (2.4)
Last modified: 2014-10-21 08:00:20 CEST
Please make a backport for UCS 2.4. +++ This bug was initially created as a clone of Bug #35992 +++ CVE-2014-6271 Stephane Chazelas discovered a vulnerability in bash, the GNU Bourne-Again Shell, related to how environment variables are processed. In many common configurations, this vulnerability is exploitable over the network, especially if bash has been configured as the system shell. Additional writeup: https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/
Patches for CVE-2014-6271 and CVE-2014-7169 added. Tests (i386, amd64): OK
OK - amd64/i386 -> env x='() { :;}; echo vulnerable' bash -c 'echo hello' hello OK - reboot/boot still works
Hotfix announced