[GRLUG] CVE-2014-6271

Mark Farver mfarver at mindbent.org
Wed Sep 24 15:08:42 EDT 2014


I think it is a stretch to label this remotely exploitable.  If an attacker
has remote control of environment variables you have bigger problems.

Mark
On Sep 24, 2014 2:50 PM, "John Wesorick" <john at wesorick.com> wrote:

> Ubuntu <http://www.ubuntu.com/usn/usn-2362-1/> and Debian
> <https://lists.debian.org/debian-security-announce/2014/msg00220.html>
> were patched as well.
>
> On Wed, Sep 24, 2014 at 2:44 PM, Kevin McCarthy <signals42 at gmail.com>
> wrote:
>
>> Figured I'd pass this along to the mailing list since it looks quite
>> serious:
>>
>>
>> http://www.csoonline.com/article/2687265/application-security/remote-exploit-in-bash-cve-2014-6271.html
>>
>> Almost every Linux install is vulnerable to a potentially-remote
>> execution exploit involving bash. I know it has been patched in Gentoo and
>> RHEL. It's probably been fixed in most other distros by now, too. Time to
>> patch!
>>
>> -Kevin
>>
>>
>> _______________________________________________
>> grlug mailing list
>> grlug at grlug.org
>> http://shinobu.grlug.org/cgi-bin/mailman/listinfo/grlug
>>
>
>
> _______________________________________________
> grlug mailing list
> grlug at grlug.org
> http://shinobu.grlug.org/cgi-bin/mailman/listinfo/grlug
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shinobu.grlug.org/pipermail/grlug/attachments/20140924/c8db99f5/attachment-0001.html>


More information about the grlug mailing list