FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

bash -- remote code execution

Affected packages
bash < 4.3.25_2
bash-static < 4.3.25_2

Details

VuXML ID 512d1301-49b9-11e4-ae2c-c80aa9043978
Discovery 2014-09-27
Entry 2014-10-01

Note that this is different than the public "Shellshock" issue.

Specially crafted environment variables could lead to remote arbitrary code execution. This was fixed in bash 4.3.27, however the port was patched with a mitigation in 4.3.25_2.

References

CVE Name CVE-2014-6277
CVE Name CVE-2014-6278
URL http://lcamtuf.blogspot.com/2014/09/bash-bug-apply-unofficial-patch-now.html