Scientific Linux Security Update : bash on SL5.x, SL6.x i386/x86_64 (Shellshock)

This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.


Synopsis :

The remote Scientific Linux host is missing one or more security
updates.

Description :

A flaw was found in the way Bash evaluated certain specially crafted
environment variables. An attacker could use this flaw to override or
bypass environment restrictions to execute shell commands. Certain
services and applications allow remote unauthenticated attackers to
provide environment variables, allowing them to exploit this issue.
(CVE-2014-6271)

For additional information on the CVE-2014-6271 flaw, refer to
https://securityblog.redhat.com/2014/09/24/bash-specially
crafted-environment-variables-code-injection-attack/

See also :

http://www.nessus.org/u?cfda4a81

Solution :

Update the affected bash, bash-debuginfo and / or bash-doc packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
Public Exploit Available : true

Family: Scientific Linux Local Security Checks

Nessus Plugin ID: 77865 ()

Bugtraq ID:

CVE ID: CVE-2014-6271

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now