Summary
Check the version of bash
Solution
Please Install the Updated Packages.
Insight
Michal Zalewski discovered that Bash incorrectly handled parsing certain function definitions. If an attacker were able to create an environment variable containing a function definition with a very specific name, these issues could possibly be used to bypass certain environment restrictions and execute arbitrary code. (CVE-2014-6277, CVE-2014-6278)
Please note that the previous Bash security update, USN-2364-1, includes a hardening measure that prevents these issues from being used in a Shellshock attack.
Affected
bash on Ubuntu 14.04 LTS ,
Ubuntu 12.04 LTS ,
Ubuntu 10.04 LTS
Detection
Get the installed version with the help of detect NVT and check if the version is vulnerable or not.
Severity
Classification
-
CVE CVE-2014-6277, CVE-2014-6278 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Ubuntu Update for file vulnerability USN-439-1
- Ubuntu Update for emacs21 vulnerability USN-504-1
- Ubuntu Update for evolution vulnerabilities USN-615-1
- Ubuntu Update for apache2 USN-1199-1
- Ubuntu Update for apturl, Epiphany, gecko-sharp, gnome-python-extras, liferea, rhythmbox, totem, ubufox, yelp update USN-930-2