Worse than HeartBleed? CVE-2014-6271


CVE-2014-6271

Overview

GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution.

Impact
CVSS Severity (version 2.0):
CVSS v2 Base Score: 10.0 (HIGH) (AV:N/AC:L/Au:N/C:C/I:C/A:C) (legend)
Impact Subscore: 10.0Exploitability Subscore: 10.0
CVSS Version 2 Metrics:

Access Vector: Network exploitable

Access Complexity: Low

Authentication: Not required to exploit

Impact Type: Allows unauthorized disclosure of information; Allows unauthorized modification; Allows disruption of service


Information taken from: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271

Comments

  1. As a result, taking a look at incoming HTTP requests and your HTTP logs may be a good way to kept abreast of active threats to your network. and this is possible only cloud computing or cloudwedge. Because you know Cloud computing is internet-based computing in which large groups of remote servers are networked to allow sharing of data-processing tasks, centralized data. thanks

    ReplyDelete

  2. I would add that there is no need to purchase licensed software , its configuration, and update , you simply go to the service and use of its services data room virtual by paying for actual use .

    ReplyDelete

Post a Comment

Popular posts from this blog

"F" Keys don't work!

NSIP, MIP, SNIP, VIP explanation

Microsoft - Gpresult ERROR Access Denied