FreeBSD Project Information for VU#252743

GNU Bash shell executes commands in exported functions in environment variables

Status

Not Affected

Vendor Statement

Currently we have already patched CVE-2014-6271 and CVE-2014-7169 in the FreeBSD ports tree, making it no longer vulnerable to these two issues. We will patch the new issues once the fix is validated.

    The FreeBSD base system do not use bash at all and is therefore not affected.

    Vendor Information

    We are not aware of further vendor information regarding this vulnerability.

    Vendor References

    https://svnweb.freebsd.org/ports?view=revision&revision=369341

    Addendum

    FreeBSD has disabled function importing by default in the Bash port.

    If you have feedback, comments, or additional information about this vulnerability, please send us email.