[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

ELSA-2014-3093 -- Oracle bash

ID: oval:org.secpod.oval:def:1500832Date: (C)2015-01-02   (M)2024-02-19
Class: PATCHFamily: unix




GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary commands via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution.

Platform:
Oracle Linux 6
Product:
bash
Reference:
ELSA-2014-3093
CVE-2014-6277
CVE-2014-6278
CVE    2
CVE-2014-6277
CVE-2014-6278
CPE    2
cpe:/a:matthias_klose:bash-doc
cpe:/o:oracle:linux:6

© SecPod Technologies