Bash: Code Injection — GLSA 201409-09

A parsing flaw related to functions and environments in Bash could allow attackers to inject code.

Affected packages

app-shells/bash on all architectures
Affected versions < 4.2_p48
Unaffected versions revision >= 3.1_p18
revision >= 3.2_p52
revision >= 4.0_p39
revision >= 4.1_p12
>= 4.2_p48

Background

Bash is the standard GNU Bourne Again SHell.

Description

Stephane Chazelas reported that Bash incorrectly handles function definitions, allowing attackers to inject arbitrary code.

Impact

A remote attacker could exploit this vulnerability to execute arbitrary commands even in restricted environments.

Workaround

There is no known workaround at this time.

Resolution

All Bash 3.1 users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=app-shells/bash-3.1_p18:3.1"
 

All Bash 3.2 users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=app-shells/bash-3.2_p52:3.2"
 

All Bash 4.0 users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=app-shells/bash-4.0_p39:4.0"
 

All Bash 4.1 users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=app-shells/bash-4.1_p12:4.1"
 

All Bash 4.2 users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=app-shells/bash-4.2_p48"
 

References

Release date
September 24, 2014

Latest revision
October 04, 2014: 4

Severity
high

Exploitable
local, remote

Bugzilla entries