RULE(RULE ID:708534)

Rule General Information
Release Date: 2017-05-12
Rule Name: GNU Bash Environment Variable Handling Command Execution Vulnerability -1 (CVE-2014-6271)
Severity:
CVE ID:
Rule Protection Details
Description: GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, aka "ShellShock."。
Impact: An attacker can execute arbitrary command via a successful exploit in the context of the vulnerable software.
Affected OS: Mac OS, Solaris, Other Unix, FreeBSD, Linux
Reference: SecurityFocusBID:70103
ExploitDB:38849
ExploitDB:39918
ExploitDB:40619
ExploitDB:40938
Solutions
More advisories have been published on the website, please visit for more suggestions:
http://ftp.gnu.org/pub/gnu/bash/bash-4.3-patches/bash43-025
http://ftp.gnu.org/pub/gnu/bash/bash-4.2-patches/bash42-048
http://ftp.gnu.org/pub/gnu/bash/bash-4.1-patches/bash41-012
http://ftp.gnu.org/pub/gnu/bash/bash-4.0-patches/bash40-039
http://ftp.gnu.org/pub/gnu/bash/bash-3.2-patches/bash32-052
http://ftp.gnu.org/pub/gnu/bash/bash-3.1-patches/bash31-018
http://ftp.gnu.org/pub/gnu/bash/bash-3.0-patches/bash30-017