Univention Bugzilla – Bug 36240
bash: Missing sanitising (2.4)
Last modified: 2014-10-29 17:13:26 CET
+++ This bug was initially created as a clone of Bug #36005 +++ Please make a backport for UCS 2.4. +++ This bug was initially created as a clone of Bug #35992 +++ CVE-2014-6271 Stephane Chazelas discovered a vulnerability in bash, the GNU Bourne-Again Shell, related to how environment variables are processed. In many common configurations, this vulnerability is exploitable over the network, especially if bash has been configured as the system shell. Additional writeup: https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/ Reported at #2014102021000351 I suppose Patches for CVE-2014-6277, CVE-2014-6278, CVE-2014-7186 and CVE-2014-7187 were not included here. Please assess the severity for these.
Upstream patches #54…#57 for CVE-2014-{7186,7187,6277,6278} added. Tests (i386): OK
FIXED: b24-scope sec2.4-10 bash # amd64 3.2-4.{45.201409261641→49.201410231847} OK: apt-get install bash=3.2-4.49.201410231847 OK: env x='() { :;}; echo vulnerable' bash -c "echo this is a test" OK: /usr/share/doc/bash/changelog.Debian.gz OK: i386 amd64