CVE-2014-6271 : Remote code execution through bash

mex nginx-forum at
Thu Sep 25 07:27:19 UTC 2014

foo ...

"Note that on Linux systems where /bin/sh is symlinked to /bin/bash,
any popen() / system() calls from within languages such as PHP would
be of concern due to the ability to control HTTP_* in the env.


$ ls -la /bin/sh
lrwxrwxrwx 1 root root 4 Mar  1  2012 /bin/sh -> dash

phew ':)

Posted at Nginx Forum:,253532,253537#msg-253537

More information about the nginx mailing list