From 04be4687d9408c1ca0eae4079b788e9042b8666d Mon Sep 17 00:00:00 2001 From: Xin LI Date: Wed, 24 Sep 2014 18:12:39 +0000 Subject: MFH: r369192 Document bash remote code execution vulnerability. Approved by: portmgr (ports-security blanket) --- security/vuxml/vuln.xml | 36 ++++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 186ecf8086d7..418eb63ef18d 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -57,6 +57,42 @@ Notes: --> + + bash -- remote code execution vulnerability + + + bash + bash-static + 3.03.0.17 + 3.13.1.18 + 3.23.2.52 + 4.04.0.39 + 4.14.1.12 + 4.24.2.48 + 4.34.3.25 + + + + +

Chet Ramey reports:

+
Under certain circumstances, bash will execute user code + while processing the environment for exported function + definitions.
+

+ + + + CVE-2014-6271 + https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/ + https://lists.gnu.org/archive/html/bug-bash/2014-09/msg00081.html + + + 2014-09-24 + 2014-09-24 + + + asterisk -- Remotely triggered crash -- cgit v1.2.3