FreeBSD Project Information for VU#252743

GNU Bash shell executes commands in exported functions in environment variables


Not Affected

Vendor Statement

Currently we have already patched CVE-2014-6271 and CVE-2014-7169 in the FreeBSD ports tree, making it no longer vulnerable to these two issues. We will patch the new issues once the fix is validated.

The FreeBSD base system do not use bash at all and is therefore not affected.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References


FreeBSD has disabled function importing by default in the Bash port.

If you have feedback, comments, or additional information about this vulnerability, please send us email.