This repository was archived by the owner on Nov 9, 2017. It is now read-only.
This repository was archived by the owner on Nov 9, 2017. It is now read-only.
Bash Remote Exploit Vulnerability via env. var [CVE-2014-6271 / CVE-2014-7169] #253 Copy link Copy linkClosed
Closed
Bash Remote Exploit Vulnerability via env. var [CVE-2014-6271 / CVE-2014-7169]#253Copy link
Assignees
Description mchubby opened on Sep 25, 2014Issue body actions
A vulnerability in Bash up to 4.3 was discovered and allows for remote execution by defining a user-controlled environment variable to a specially crafted function definition.
While the attack surface is probably very limited in a desktop scenario (it would happen when a script is spawned by mod_cgi, for instance), it would still be a good idea to plug the hole.
As of this writing, an incomplete fix was released for CVE-2014-6271; I suggest waiting for a revised solution.
Metadata Metadata Assignees Labels No labelsNo labels
Type No type Projects No projects Milestone No milestoneRetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4