Bash vulnerabilities (CVE-2014-6271 and CVE-2014-7169)

Last update: 4 August 2017

Bash vulnerabilities (CVE-2014-6271 and CVE-2014-7169)

Summary

This is an information regarding a security issue in the Unix Bash (Bourne Again Shell) commonly used in Linux environments as well as Mac OS.

Information

CVE-2014-6271
A flaw was found in the way Bash evaluated certain specially crafted environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Certain services and applications allow remote unauthenticated attackers to provide environment variables, allowing them to exploit this issue.

CVE-2014-7169
This CVE describes the incomplete fix of CVE-2014-6271 in the first round of patches

For further information, please refer to the References section.

Fabasoft Products

Due to the fact that Fabasoft products do not use CGI Scripts on Linux environments they are not directly affected by this vulnerability.

Solution

We strongly suggest you immediately install the latest patches for the bash executable on all systems!

All major Linux distribution have released patches, both for the original and the followup CVE. So far there are no known problems with either of these patches. As of writing this article the second patch has not yet been distributed to all patch mirrors, due to this it is advised to verify the version of the patch provided from your mirror.

References

Applies to

  • All Fabasoft products running on an Linux environment