Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

CentOS Update for bash CESA-2014:1293 centos7

Information

Severity

Severity

Critical

Family

Family

CentOS Local Security Checks

CVSSv2 Base

CVSSv2 Base

10.0

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Solution Type

Solution Type

Vendor Patch

Created

Created

9 years ago

Modified

Modified

5 years ago

Summary

The remote host is missing an update for the 'bash' package(s) announced via the referenced advisory.

Insight

Insight

The GNU Bourne Again shell (Bash) is a shell and command language interpreter compatible with the Bourne shell (sh). Bash is the default shell for Red Hat Enterprise Linux. A flaw was found in the way Bash evaluated certain specially crafted environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Certain services and applications allow remote unauthenticated attackers to provide environment variables, allowing them to exploit this issue. (CVE-2014-6271) For additional information on the CVE-2014-6271 flaw, refer to the Knowledgebase article linked at the references. Red Hat would like to thank Stephane Chazelas for reporting this issue. All bash users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.

Affected Software

Affected Software

bash on CentOS 7

Solution

Solution

Please install the updated packages.

Common Vulnerabilities and Exposures (CVE)