desktop-virtualization-community-VDI-UDS-EnterpriseJOIN OUR


Major vulnerability found in bash

Posted by UDS Enterprise TeamMajor vulnerability found in bash 2014-09-26 UDS Enterprise TeamMajor vulnerability found in bash

A major vulnerability has been discovered that targets bash, the Unix system (including OSX) and Linux commands interpreter. Apparently, this security flaw is also affecting other interpreters, such as ksh, tcsh, zsh and csh. Nevertheless, other shells aren't being affected.

UDS Enterprise servers aren't vulnerable to this fail, so the security of the virrual machines which provide UDS Enterprise remains unaltered.

This vulnerability has been registed as CVE-2014-6271 and it allows to execute certain commands due to the wrong process of the environment variables. Besides, it may be exploited remotely.

The problem lies in the fact that, as all interpreted languages, bash allows functions which are not properly validated when they are storaged in a variable.

You can find more information about this problem here:

Bash specially-crafted environment variables code injection attack



You must authenticate to review this post