RULE(RULE ID:708532)

Rule General Information
Release Date: 2018-06-19
Rule Name: WEB-OTHER GNU Bash Environment Variable Handling Command Execution Vulnerability (CVE-2014-6271)
Severity:
CVE ID:
Rule Protection Details
Description: GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, aka "ShellShock.".
Impact: An attacker can execute arbitrary command via a successful exploit in the context of the vulnerable software.
Affected OS: Network Device, Solaris, FreeBSD, Linux, Other Unix, Mac OS
Reference: SecurityFocusBID:70103
ExploitDB:38849
ExploitDB:39918
ExploitDB:40619
ExploitDB:40938
Solutions
More advisories have been published on the website, please visit for more suggestions:
http://ftp.gnu.org/pub/gnu/bash/bash-4.3-patches/bash43-025
http://ftp.gnu.org/pub/gnu/bash/bash-4.2-patches/bash42-048
http://ftp.gnu.org/pub/gnu/bash/bash-4.1-patches/bash41-012
http://ftp.gnu.org/pub/gnu/bash/bash-4.0-patches/bash40-039
http://ftp.gnu.org/pub/gnu/bash/bash-3.2-patches/bash32-052
http://ftp.gnu.org/pub/gnu/bash/bash-3.1-patches/bash31-018
http://ftp.gnu.org/pub/gnu/bash/bash-3.0-patches/bash30-017