CVE-2014-6277

Name of the Vulnerable Software and Affected Versions bash versions 1.14 through 4.2 p52 GNU Bash (affected versions not specified)

Description The issue is related to errors in processing input data during code syntax analysis in the Bash shell. Exploitation of the vulnerability allows an attacker to execute arbitrary commands with the rights of the current user by creating a specially crafted environment variable. This can be done remotely, for example, using a web server or DHCP server, or locally. The vulnerability may lead to a breach of confidentiality, integrity, and availability of protected information.

Recommendations For bash versions 1.14 through 4.2 p52, update to a version later than 4.2 p52 to resolve the issue. For GNU Bash, at the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting the use of the Bash shell to minimize the risk of exploitation. Avoid using the Bash shell for remote connections, such as telnet or SSH, until the issue is resolved. Restrict access to web servers and DHCP servers that may be used to create a specially crafted environment variable.