Bash vulnerability CVE-2014-6271
On September 25, 2014, serious vulnerabilities in bash (CVE-2014-6271) were discovered, allowing arbitrary code execution using specially-crafted environment variables. Buildbox, a platform for automating build processes, has taken steps to protect its customers by updating all copies of bash on their servers and blocking potentially dangerous environment variable values in the job system. However, users are urged to update bash on their own build servers as well. Steps include using specific commands depending on the user's operating system (Ubuntu/Debian, CentOS/Redhat, or OS X), ensuring the Buildbox-agent runs with minimal privileges, and keeping accounts secure. Monitoring the situation and updating servers as necessary is also advised.
Company
Buildkite
Date published
Sept. 25, 2014
Author(s)
Tim Lucas
Word count
318
Language
English
Hacker News points
None found.