Buenas !
Creo que es momento de empezar a correr en circulos con los brazos en alto xD
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271
----
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution.
Impact
CVSS Severity (version 2.0):
CVSS v2 Base Score: 10.0 (HIGH) (AV:N/AC:L/Au:N/C:C/I:C/A:C) (legend)
Impact Subscore: 10.0
Exploitability Subscore: 10.0
CVSS Version 2 Metrics:
Access Vector: Network exploitable
Access Complexity: Low
Authentication: Not required to exploit
Impact Type: Allows unauthorized disclosure of information; Allows unauthorized modification; Allows disruption of service
----
-=- Netmail devnull@( 2:341/203 | 46:2/103 | 57:245/13 | 316:341/1 )
=-= Email ^^^^^^^@bitslair[dot]voidlabs[dot]com
-=- PGP KeyID 0x1352338D
... Computer Hacker wanted. Must have own axe.
--- MultiMail/Linux v0.49
--- SBBSecho 2.20-Linux
* Origin: Bits Lair BBS (2:341/203)