[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2014-6277Date: (C)2014-09-29   (M)2024-02-22


GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access, and untrusted-pointer read and write operations) via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271 and CVE-2014-7169.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 10.0
Exploit Score: 10.0
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash
SECUNIA-58200
SECUNIA-59907
SECUNIA-59961
SECUNIA-60024
SECUNIA-60034
SECUNIA-60044
SECUNIA-60055
SECUNIA-60063
SECUNIA-60193
SECUNIA-60325
SECUNIA-60433
SECUNIA-61065
SECUNIA-61128
SECUNIA-61129
SECUNIA-61283
SECUNIA-61287
SECUNIA-61291
SECUNIA-61312
SECUNIA-61313
SECUNIA-61328
SECUNIA-61442
SECUNIA-61471
SECUNIA-61485
SECUNIA-61503
SECUNIA-61550
SECUNIA-61552
SECUNIA-61565
SECUNIA-61603
SECUNIA-61633
SECUNIA-61641
SECUNIA-61643
SECUNIA-61654
SECUNIA-61703
SECUNIA-61780
SECUNIA-61816
SECUNIA-61857
SECUNIA-62312
SECUNIA-62343
APPLE-SA-2015-01-27-4
APPLE-SA-2015-09-30-3
HPSBGN03138
HPSBGN03141
HPSBGN03142
HPSBHF03125
HPSBHF03145
HPSBHF03146
HPSBMU03143
HPSBMU03144
HPSBMU03165
HPSBMU03182
HPSBMU03217
HPSBMU03245
HPSBMU03246
HPSBST03129
HPSBST03154
HPSBST03155
HPSBST03157
HPSBST03181
JVN#55667175
JVNDB-2014-000126
MDVSA-2015:164
SSRT101819
SSRT101830
SSRT101868
SUSE-SU-2014:1287
USN-2380-1
http://lcamtuf.blogspot.com/2014/09/bash-bug-apply-unofficial-patch-now.html
http://lcamtuf.blogspot.com/2014/10/bash-bug-how-we-finally-cracked.html
http://linux.oracle.com/errata/ELSA-2014-3093
http://linux.oracle.com/errata/ELSA-2014-3094
http://packetstormsecurity.com/files/128567/CA-Technologies-GNU-Bash-Shellshock.html
http://support.apple.com/HT204244
http://support.novell.com/security/cve/CVE-2014-6277.html
http://www-01.ibm.com/support/docview.wss?uid=isg3T1021272
http://www-01.ibm.com/support/docview.wss?uid=isg3T1021279
http://www-01.ibm.com/support/docview.wss?uid=isg3T1021361
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004879
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004897
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004898
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004915
http://www-01.ibm.com/support/docview.wss?uid=swg21685541
http://www-01.ibm.com/support/docview.wss?uid=swg21685604
http://www-01.ibm.com/support/docview.wss?uid=swg21685733
http://www-01.ibm.com/support/docview.wss?uid=swg21685749
http://www-01.ibm.com/support/docview.wss?uid=swg21685914
http://www-01.ibm.com/support/docview.wss?uid=swg21686131
http://www-01.ibm.com/support/docview.wss?uid=swg21686246
http://www-01.ibm.com/support/docview.wss?uid=swg21686445
http://www-01.ibm.com/support/docview.wss?uid=swg21686479
http://www-01.ibm.com/support/docview.wss?uid=swg21686494
http://www-01.ibm.com/support/docview.wss?uid=swg21687079
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096315
http://www.novell.com/support/kb/doc.php?id=7015721
http://www.oracle.com/technetwork/topics/security/bashcve-2014-7169-2317675.html
http://www.qnap.com/i/en/support/con_show.php?cid=61
http://www.vmware.com/security/advisories/VMSA-2014-0010.html
https://kb.bluecoat.com/index?page=content&id=SA82
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10648
https://kc.mcafee.com/corporate/index?page=content&id=SB10085
https://support.apple.com/HT205267
https://support.citrix.com/article/CTX200217
https://support.citrix.com/article/CTX200223
https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15629.html
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04497075
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04518183
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk102673&src=securityAlerts
https://www.suse.com/support/shellshock/
openSUSE-SU-2014:1310

CPE    28
cpe:/a:gnu:bash:3.2.48
cpe:/a:gnu:bash:2.05:a
cpe:/a:gnu:bash:2.05:b
cpe:/a:gnu:bash:1.14.6
...
CWE    1
CWE-78
OVAL    9
oval:org.secpod.oval:def:601787
oval:org.secpod.oval:def:23394
oval:org.secpod.oval:def:1500809
oval:org.secpod.oval:def:52315
...

© SecPod Technologies