Lucene search

K
hackeroneStephane-chazelasH1:29839
HistorySep 24, 2014 - 12:00 a.m.

Internet Bug Bounty: GNU Bourne-Again Shell (Bash) 'Shellshock' Vulnerability

2014-09-2400:00:00
stephane-chazelas
hackerone.com
161

0.976 High

EPSS

Percentile

100.0%

GNU Bash versions 1.14 through 4.3 contain a flaw that processes commands placed after function definitions in the added environment variable, allowing remote attackers to execute arbitrary code via a crafted environment which enables network-based exploitation.

Original disclosure: http://www.openwall.com/lists/oss-security/2014/09/24/11

Detailed analysis by lcamtuf: