0001936: Bash won't parse environment variables correctly, allowing exploit (Shell Shock)

ID	Project	Category	View Status	Date Submitted	Last Update

0001936	Kali Linux	General Bug	public	2014-11-29 17:29	2025-07-14 09:37

Reporter	skullyKiddo	Assigned To
Priority	normal	Severity	minor	Reproducibility	always
Status	closed	Resolution	no change required
Product Version	kali-dev

Summary	0001936: Bash won't parse environment variables correctly, allowing exploit (Shell Shock)
Description	There's still reminiscent of bash shell shock on Kali. Couldn't find any report on this bug, so if it's duplicate, please close. From https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6277 : "GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access, and untrusted-pointer read and write operations) via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271 and CVE-2014-7169. "
Steps To Reproduce	How to reproduce: bash -c "f() { x() { ;}; x() { ;} <<a; }" 2>/dev/null \|\| echo vulnerable It will echo vulnerable.

rhertzog 2014-11-30 13:16 administrator ~0002839	Shellshock is about executing code just by providing environment variables containing function definitions. Your example here is nothing like that... to me it looks like a segfault in bash's parser, hence a real bug, but with no security implication. A segfault is bad because it shows a possible buffer overflow and thus a possible code execution but it's not a remote code execution because bash does no longer allow function definitions in variables. Hence it has no real security impact. FWIW Debian 7's bash shows the same behaviour (since it's the same version).

Date Modified	Username	Field	Change
2014-11-29 17:29	skullyKiddo	New Issue
2014-11-30 13:16	rhertzog	Note Added: 0002839
2014-11-30 13:16	rhertzog	Status	new => closed
2014-11-30 13:16	rhertzog	Resolution	open => no change required
2015-08-18 12:37	g0tmi1k	Priority	immediate => normal
2025-07-14 09:37	g0tmi1k	Severity	block => minor