Oval Definition:oval:com.ubuntu.trusty:def:20146271000
Revision Date:2014-09-24Version:1
Title:CVE-2014-6271 on Ubuntu 14.04 LTS (trusty) - high.
Description:GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.
Family:unixClass:vulnerability
Status:Reference(s):CVE-2014-6271
Platform(s):Ubuntu 14.04 LTS
Product(s):
Definition Synopsis
  • Ubuntu 14.04 LTS (trusty) is installed.
  • AND The 'bash' package in trusty was vulnerable but has been fixed (note: '4.3-7ubuntu1.1').
  • BACK