CVE-2014-6278

Name of the Vulnerable Software and Affected Versions bash versions 1.14 through 4.2 p52 GNU Bash (affected versions not specified)

Description The issue is related to the way shell functions are passed through environment variables, allowing an attacker to inject commands into a Bash shell. This can be exploited by creating a new environment variable, which can be done remotely or locally. The vulnerability may allow an unauthenticated remote attacker to execute commands on an affected server, depending on how the shell is invoked. The Bash shell may be invoked by various processes, including telnet, SSH, DHCP, and scripts hosted on web servers.

Recommendations For bash versions 1.14 through 4.2 p52, update to a version later than 4.2 p52 to resolve the issue. For GNU Bash, at the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting the use of environment variables to minimize the risk of exploitation. Avoid using the environment variables in the affected bash shell until the issue is resolved.