Debian Security Advisory DSA 3032-1 (bash - Security Update) Network Vulnerability

Summary

Stephane Chazelas discovered a vulnerability in bash, the GNU Bourne-Again Shell, related to how environment variables are processed. In many common configurations, this vulnerability is exploitable over the network, especially if bash has been configured as the system shell.

Solution

For the stable distribution (wheezy), this problem has been fixed in version 4.2+dfsg-0.1+deb7u1. We recommend that you upgrade your bash packages.

Insight

Bash is an sh-compatible command language interpreter that executes commands read from the standard input or from a file. Bash also incorporates useful features from the Korn and C shells (ksh and csh).

Affected

bash on Debian Linux

Detection

This check tests the installed software version using the apt package manager.

References

http://www.debian.org/security/2014/dsa-3032.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2014-6271

CVSS	Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Debian Security Advisory DSA 070-1 (netkit-telnet)
Debian Security Advisory DSA 063-1 (xinetd)
Debian Security Advisory DSA 079-1 (uucp)
Debian Security Advisory DSA 044-1 (mailx)
Debian Security Advisory DSA 051-1 (netscape)

Debian Security Advisory DSA 3032-1 (bash - security update)

Take action and discover your vulnerabilities