Bash vuln. can affect OpenSSH

mancha mancha1 at
Thu Sep 25 01:34:08 EST 2014

This is a friendly heads up regarding a recently-disclosed Bash
vulnerability that can impact behavior in the context of OpenSSH
connections (CVE-2014-6271).

In sum, the vulnerability relates to a flaw in Bash's evaluation of
environment variables such that attackers can use specially-crafted
environment variables for code injection [1].

For example, server-side OpenSSH restrictions might be bypassed with
maliciously-crafted TERM or SSH_ORIGINAL_COMMAND variables.

Bash has issued patches to fix this issue:


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <>

More information about the openssh-unix-dev mailing list