Ubuntu Update For Bash USN-2380-1 Network Vulnerability

Summary

Check the version of bash

Solution

Please Install the Updated Packages.

Insight

Michal Zalewski discovered that Bash incorrectly handled parsing certain function definitions. If an attacker were able to create an environment variable containing a function definition with a very specific name, these issues could possibly be used to bypass certain environment restrictions and execute arbitrary code. (CVE-2014-6277, CVE-2014-6278) Please note that the previous Bash security update, USN-2364-1, includes a hardening measure that prevents these issues from being used in a Shellshock attack.

Affected

bash on Ubuntu 14.04 LTS , Ubuntu 12.04 LTS , Ubuntu 10.04 LTS

Detection

Get the installed version with the help of detect NVT and check if the version is vulnerable or not.

Severity

Classification

CVE CVE-2014-6277, CVE-2014-6278
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Ubuntu Update for djvulibre USN-2056-1
Ubuntu Update for bash USN-2380-1
Ubuntu Update for avahi vulnerabilities USN-992-1
Ubuntu Update for apturl USN-1132-1
Ubuntu Update for ffmpeg, ffmpeg-debian vulnerabilities USN-931-1

Take action and discover your vulnerabilities