CVE-2014-6278

GNU Bash orqali 4.3 bash43-026 atrof-muhit o'zgaruvchilari qiymatlarida funksiya ta'riflarini to'g'ri tahlil qilmaydi, bu masofaviy tajovuzkorlarga yaratilgan muhit orqali o'zboshimchalik bilan buyruqlarni bajarishga imkon beradi, buni OpenSSH sshd-dagi ForceCommand xususiyatini o'z ichiga olgan vektorlar, mod_cgi va mod_cpache exe modullari tomonidan ochilgan HTTP serverlari ko'rsatadi. DHCP mijozlari va muhitni sozlash Bash ijrosidagi imtiyozlar chegarasida sodir bo'ladigan boshqa holatlar.

CVSS Vector

Manbalar

• http://jvn.jp/en/jp/JVN55667175/index.html
• http://jvndb.jvn.jp/jvndb/JVNDB-2014-000126
• http://lcamtuf.blogspot.com/2014/09/bash-bug-apply-unofficial-patch-now.html
• http://lcamtuf.blogspot.com/2014/10/bash-bug-how-we-finally-cracked.html
• http://linux.oracle.com/errata/ELSA-2014-3093