Bash Code Injection Vulnerability – Bash Security Update

Red Hat has been made aware of a vulnerability affecting all versions of the bash package as shipped with Red Hat products. This vulnerability CVE-2014-6271 could allow for arbitrary code execution. Certain services and applications allow remote unauthenticated attackers to provide environment variables, allowing them to exploit this issue.

WHMCS Complete Billing and Support

A flaw was found in the bash functionality that evaluates specially formatted environment variables passed to it from another environment. An attacker could use this feature to override or bypass restrictions to the environment to execute shell commands before restrictions have been applied. Certain services and applications allow remote unauthenticated attackers to provide environment variables, allowing them to exploit this issue.

How to fix?

In order to update to the most recent version of the Bash package run the following command:

# yum update bash

For more information about this vulnerability, please refer the following URL:

https://access.redhat.com/solutions/1207723

If you have any question related to this vulnerability, please refer our thread Bash Code Injection Vulnerability.

Posted in Security.