[Forgot Password]
Login  Register Subscribe

23631

 
 

115038

 
 

96078

 
 

909

 
 

78009

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2014-7169

Date: (C)2014-09-26   (M)2017-10-12
 
CVSS Score: 10.0Access Vector: NETWORK
Exploitability Subscore: 10.0Access Complexity: LOW
Impact Subscore: 10.0Authentication: NONE
 Confidentiality: COMPLETE
 Integrity: COMPLETE
 Availability: COMPLETE











GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271.

Reference:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash
http://seclists.org/fulldisclosure/2014/Oct/0
http://www.securityfocus.com/archive/1/archive/1/533593/100/0/threaded
EXPLOIT-DB-34879
SECUNIA-58200
SECUNIA-59272
SECUNIA-59737
SECUNIA-59907
SECUNIA-60024
SECUNIA-60034
SECUNIA-60044
SECUNIA-60055
SECUNIA-60063
SECUNIA-60193
SECUNIA-60325
SECUNIA-60433
SECUNIA-60947
SECUNIA-61065
SECUNIA-61128
SECUNIA-61129
SECUNIA-61188
SECUNIA-61283
SECUNIA-61287
SECUNIA-61291
SECUNIA-61312
SECUNIA-61313
SECUNIA-61328
SECUNIA-61442
SECUNIA-61471
SECUNIA-61479
SECUNIA-61485
SECUNIA-61503
SECUNIA-61550
SECUNIA-61552
SECUNIA-61565
SECUNIA-61603
SECUNIA-61618
SECUNIA-61619
SECUNIA-61622
SECUNIA-61626
SECUNIA-61633
SECUNIA-61641
SECUNIA-61643
SECUNIA-61654
SECUNIA-61676
SECUNIA-61700
SECUNIA-61703
SECUNIA-61711
SECUNIA-61715
SECUNIA-61780
SECUNIA-61816
SECUNIA-61855
SECUNIA-61857
SECUNIA-61873
SECUNIA-62228
SECUNIA-62312
SECUNIA-62343
APPLE-SA-2014-10-16-1
DSA-3035
HPSBGN03117
HPSBGN03138
HPSBGN03141
HPSBGN03142
HPSBHF03119
HPSBHF03124
HPSBHF03125
HPSBHF03145
HPSBHF03146
HPSBMU03133
HPSBMU03143
HPSBMU03144
HPSBMU03165
HPSBMU03182
HPSBMU03246
HPSBST03122
HPSBST03129
HPSBST03131
HPSBST03148
HPSBST03154
HPSBST03155
HPSBST03157
HPSBST03181
HPSBST03195
JVN#55667175
JVNDB-2014-000126
MDVSA-2015:164
RHSA-2014:1306
RHSA-2014:1311
RHSA-2014:1312
RHSA-2014:1354
SSRT101711
SSRT101742
SSRT101819
SSRT101827
SSRT101868
SUSE-SU-2014:1247
SUSE-SU-2014:1259
SUSE-SU-2014:1287
TA14-268A
USN-2363-1
USN-2363-2
VU#252743
http://www.openwall.com/lists/oss-security/2014/09/24/32
http://advisories.mageia.org/MGASA-2014-0393.html
http://lcamtuf.blogspot.com/2014/09/quick-notes-about-bash-bug-its-impact.html
http://linux.oracle.com/errata/ELSA-2014-1306.html
http://linux.oracle.com/errata/ELSA-2014-3075.html
http://linux.oracle.com/errata/ELSA-2014-3077.html
http://linux.oracle.com/errata/ELSA-2014-3078.html
http://packetstormsecurity.com/files/128517/VMware-Security-Advisory-2014-0010.html
http://packetstormsecurity.com/files/128567/CA-Technologies-GNU-Bash-Shellshock.html
http://support.apple.com/kb/HT6495
http://support.novell.com/security/cve/CVE-2014-7169.html
http://twitter.com/taviso/statuses/514887394294652929
http://www-01.ibm.com/support/docview.wss?uid=isg3T1021272
http://www-01.ibm.com/support/docview.wss?uid=isg3T1021279
http://www-01.ibm.com/support/docview.wss?uid=isg3T1021361
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004879
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004897
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004898
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004915
http://www-01.ibm.com/support/docview.wss?uid=swg21685541
http://www-01.ibm.com/support/docview.wss?uid=swg21685604
http://www-01.ibm.com/support/docview.wss?uid=swg21685733
http://www-01.ibm.com/support/docview.wss?uid=swg21685749
http://www-01.ibm.com/support/docview.wss?uid=swg21685914
http://www-01.ibm.com/support/docview.wss?uid=swg21686084
http://www-01.ibm.com/support/docview.wss?uid=swg21686131
http://www-01.ibm.com/support/docview.wss?uid=swg21686246
http://www-01.ibm.com/support/docview.wss?uid=swg21686445
http://www-01.ibm.com/support/docview.wss?uid=swg21686447
http://www-01.ibm.com/support/docview.wss?uid=swg21686479
http://www-01.ibm.com/support/docview.wss?uid=swg21686494
http://www-01.ibm.com/support/docview.wss?uid=swg21687079
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096315
http://www.novell.com/support/kb/doc.php?id=7015701
http://www.novell.com/support/kb/doc.php?id=7015721
http://www.oracle.com/technetwork/topics/security/bashcve-2014-7169-2317675.html
http://www.qnap.com/i/en/support/con_show.php?cid=61
http://www.vmware.com/security/advisories/VMSA-2014-0010.html
https://access.redhat.com/articles/1200223
https://access.redhat.com/node/1200223
https://kb.bluecoat.com/index?page=content&id=SA82
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10648
https://kc.mcafee.com/corporate/index?page=content&id=SB10085
https://support.apple.com/kb/HT6535
https://support.citrix.com/article/CTX200217
https://support.citrix.com/article/CTX200223
https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15629.html
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk102673&src=securityAlerts
https://www.suse.com/support/shellshock/
openSUSE-SU-2014:1229
openSUSE-SU-2014:1242
openSUSE-SU-2014:1254
openSUSE-SU-2014:1308
openSUSE-SU-2014:1310

CPE    27
cpe:/a:gnu:bash:1.14.6
cpe:/a:gnu:bash:1.14.7
cpe:/a:gnu:bash:1.14.2
cpe:/a:gnu:bash:1.14.3
...
CWE    1
CWE-78
OVAL    26
oval:org.secpod.oval:def:203442
oval:org.secpod.oval:def:107628
oval:org.secpod.oval:def:203432
oval:org.secpod.oval:def:203434
...

© 2013 SecPod Technologies