Bash Vulnerability: Patch Now! CVE-2014-6271

  • HOME
  • >
  • NEWS
  • >
  • Bash Vulnerability: Patch Now! CVE-2014-6271
Published: , Last Updated:
May 4, 2020

A Bash vulnerability has just been announced, rated 10 on a scale of 10. The vulnerability is Network Exploitable. Patch Now.

GNU Bash through 4.3 incorrectly handle trailing strings after function definitions in the values of environment variables. An attacker could use this issue to bypass environment restrictions, such as SSH forced command environments, and execute arbitrary code.

⚠️ You need to patch your systems now.

👉 If you need to upgrade your bash version on macOS, check the post How To Upgrade your Bash Version on macOS?

Update: If you already patched your system. Check it again. You may have to patch again due to a previous incomplete fixes. See CVE-2014-7169, Incomplete fix for CVE-2014-6271

References:

Related news posts that you may like
What's New in Focal Fossa Ubuntu 20.04 LTS?
Ubuntu 20.04 LTS is available for download. Find out some of the major security and performance improvements from this new distribution, including the introduction of WireGuard VPN, upgraded suite of software packages, faster boot time, etc.
What's New in GNU Bash 5?
Bash version 5 is generally available and comes with some important improvements and new features like BASH_ARGV0, EPOCHSECONDS, and EPOCHREALTIME.
Top 5 Machine Learning and Self-Healing Techniques used by SRE
Applying Machine Learning and Self-Healing techniques to the day operations of a production system has become common practices for most SREs. This post cover some real production use cases like automated failover, forecasting, anomalies detection, risk classification and so on.