CVE-2014-6271

Name of the Vulnerable Software and Affected Versions Bash versions prior to 4.2.45-alt2 Bash versions prior to 3.2.51-alt3 PAN-OS and Panorama versions 5.0.14 and earlier PAN-OS and Panorama versions 5.1.9 and earlier PAN-OS and Panorama versions 6.0.5 and earlier PAN-OS and Panorama versions 6.1.0 and earlier

Description Bash is vulnerable to remote code execution due to flaws in how it evaluates environment variables. An attacker can exploit this by crafting malicious environment variables to override restrictions and execute arbitrary shell commands. This vulnerability affects systems where environment variables can be controlled by external actors, such as through SSH or web servers. The vulnerability can be exploited through multiple vectors. Successful exploitation does not necessarily result in root access, but rather execution with the privileges of the logged-in user. The vulnerability exists in bash and affects versions prior to 4.2.45-alt2 and 3.2.51-alt3. Additionally, PAN-OS and Panorama versions 5.0.14 and earlier, 5.1.9 and earlier, 6.0.5 and earlier, and 6.1.0 and earlier are also affected. The vulnerability stems from incorrect handling of trailing code in function definitions, allowing attackers to bypass environment restrictions.

Recommendations Update Bash to version 4.2.45-alt2 or later. Update Bash to version 3.2.51-alt3 or later. Update PAN-OS and Panorama to a version later than 6.1.0. Run sudo pro fix USN-2362-1 to apply the fix for Ubuntu systems.