CVE-2014-7169

Name of the Vulnerable Software and Affected Versions bash versions prior to 4.3 bash-3.0 bash-3.2 bash-4.1.2 bash-4.2.45 bash-debuginfo bash-debuginfo-3.2 bash-debuginfo-4.1.2 bash-debuginfo-4.2.45 bash-debugsource bash-devel bash-doc bash-doc-4.1.2 bash-doc-4.2.45 bash-loadables bash-loadables-debuginfo

Description The issue is related to the way the Bash shell processes environment variables, allowing remote attackers to execute arbitrary commands. This can lead to unauthorized access, data modification, and other malicious activities. The vulnerability can be exploited through various vectors, including the ForceCommand feature in OpenSSH sshd, the mod cgi and mod cgid modules in the Apache HTTP Server, and scripts executed by DHCP clients. Researchers have confirmed the possibility of exploiting this vulnerability in different situations where environment variables are set across a privilege boundary from Bash execution.

Recommendations For bash versions prior to 4.3, update to version 4.3 or later. For bash-3.0, update to a newer version. For bash-3.2, update to a newer version. For bash-4.1.2, update to a newer version. For bash-4.2.45, update to a newer version. For bash-debuginfo, update to a newer version. For bash-debuginfo-3.2, update to a newer version. For bash-debuginfo-4.1.2, update to a newer version. For bash-debuginfo-4.2.45, update to a newer version. For bash-debugsource, update to a newer version. For bash-devel, update to a newer version. For bash-doc, update to a newer version. For bash-doc-4.1.2, update to a newer version. For bash-doc-4.2.45, update to a newer version. For bash-loadables, update to a newer version. For bash-loadables-debuginfo, update to a newer version. As a temporary workaround, consider disabling the use of environment variables in Bash scripts until a patch is available. Restrict access to the Bash shell to minimize the risk of exploitation. Avoid using the Bash shell for executing commands from untrusted sources until the issue is resolved.