GNU Bash Incomplete Fix Remote Code Injection (Shellshock)
Critical Nessus Plugin ID 82581
SynopsisThe remote web server is affected by a remote code execution vulnerability.
DescriptionThe remote web server is affected by a command injection vulnerability in GNU Bash known as Shellshock. The vulnerability is due to the processing of trailing strings after function definitions in the values of environment variables. This allows a remote attacker to execute arbitrary code via environment variable manipulation depending on the configuration of the system.
Note that this vulnerability exists because of an incomplete fix for CVE-2014-6271, CVE-2014-7169, and CVE-2014-6277.
SolutionApply the referenced patch.