Bash vulnerability CVE-2014-6271

Brought to you by: arbab, cliss, janhar, mcnichol

#258 Bash vulnerability CVE-2014-6271

Milestone: Acknowledged Requests

Status: open

Owner: nobody

Labels: None

Priority: 5

Updated: 2014-09-29

Created: 2014-09-25

Creator: Andrew Collins

Private: No

Hi
Looks like the toolbox version of bash ( 4.2-1 ) is vulnerable to CVE-2014-6271.

Using the demonstration of exploit code from RedHat .... :

$ ps -fp $$
UID PID PPID C STIME TTY TIME CMD
xxxxxxx 11534366 8257536 1 09:26:56 pts/0 0:00 bash
$ rpm -q bash
bash-4.2-1
$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
vulnerable
this is a test

Can we request a new version of bash please which fixes this vulnerability

Many thanks

Discussion

Bill - 2014-09-25

Any idea when an update will be available?

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Andrew Collins - 2014-09-29

IBM have now made this available officially : http://www-01.ibm.com/support/docview.wss?uid=isg3T1021272

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Bash vulnerability CVE-2014-6271

Group

Searches

Help

#258 Bash vulnerability CVE-2014-6271

Discussion