[Forgot Password]
Login  Register Subscribe

24128

 
 

131615

 
 

112965

 
 

909

 
 

87854

 
 

136

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML view JSON

CVE-2014-7169Date: (C)2014-09-26   (M)2018-08-27


GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 10.0
Exploit Score: 10.0
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash
http://seclists.org/fulldisclosure/2014/Oct/0
http://www.securityfocus.com/archive/1/archive/1/533593/100/0/threaded
EXPLOIT-DB-34879
SECUNIA-58200
SECUNIA-59272
SECUNIA-59737
SECUNIA-59907
SECUNIA-60024
SECUNIA-60034
SECUNIA-60044
SECUNIA-60055
SECUNIA-60063
SECUNIA-60193
SECUNIA-60325
SECUNIA-60433
SECUNIA-60947
SECUNIA-61065
SECUNIA-61128
SECUNIA-61129
SECUNIA-61188
SECUNIA-61283
SECUNIA-61287
SECUNIA-61291
SECUNIA-61312
SECUNIA-61313
SECUNIA-61328
SECUNIA-61442
SECUNIA-61471
SECUNIA-61479
SECUNIA-61485
SECUNIA-61503
SECUNIA-61550
SECUNIA-61552
SECUNIA-61565
SECUNIA-61603
SECUNIA-61618
SECUNIA-61619
SECUNIA-61622
SECUNIA-61626
SECUNIA-61633
SECUNIA-61641
SECUNIA-61643
SECUNIA-61654
SECUNIA-61676
SECUNIA-61700
SECUNIA-61703
SECUNIA-61711
SECUNIA-61715
SECUNIA-61780
SECUNIA-61816
SECUNIA-61855
SECUNIA-61857
SECUNIA-61873
SECUNIA-62228
SECUNIA-62312
SECUNIA-62343
APPLE-SA-2014-10-16-1
DSA-3035
HPSBGN03117
HPSBGN03138
HPSBGN03141
HPSBGN03142
HPSBGN03233
HPSBHF03119
HPSBHF03124
HPSBHF03125
HPSBHF03145
HPSBHF03146
HPSBMU03133
HPSBMU03143
HPSBMU03144
HPSBMU03165
HPSBMU03182
HPSBMU03217
HPSBMU03220
HPSBMU03245
HPSBMU03246
HPSBOV03228
HPSBST03122
HPSBST03129
HPSBST03131
HPSBST03148
HPSBST03154
HPSBST03155
HPSBST03157
HPSBST03181
HPSBST03195
JVN#55667175
JVNDB-2014-000126
MDVSA-2015:164
RHSA-2014:1306
RHSA-2014:1311
RHSA-2014:1312
RHSA-2014:1354
SSRT101711
SSRT101742
SSRT101819
SSRT101827
SSRT101868
SUSE-SU-2014:1247
SUSE-SU-2014:1259
SUSE-SU-2014:1287
TA14-268A
USN-2363-1
USN-2363-2
VU#252743
http://www.openwall.com/lists/oss-security/2014/09/24/32
http://advisories.mageia.org/MGASA-2014-0393.html
http://lcamtuf.blogspot.com/2014/09/quick-notes-about-bash-bug-its-impact.html
http://linux.oracle.com/errata/ELSA-2014-1306.html
http://linux.oracle.com/errata/ELSA-2014-3075.html
http://linux.oracle.com/errata/ELSA-2014-3077.html
http://linux.oracle.com/errata/ELSA-2014-3078.html
http://packetstormsecurity.com/files/128517/VMware-Security-Advisory-2014-0010.html
http://packetstormsecurity.com/files/128567/CA-Technologies-GNU-Bash-Shellshock.html
http://support.apple.com/kb/HT6495
http://support.novell.com/security/cve/CVE-2014-7169.html
http://twitter.com/taviso/statuses/514887394294652929
http://www-01.ibm.com/support/docview.wss?uid=isg3T1021272
http://www-01.ibm.com/support/docview.wss?uid=isg3T1021279
http://www-01.ibm.com/support/docview.wss?uid=isg3T1021361
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004879
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004897
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004898
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004915
http://www-01.ibm.com/support/docview.wss?uid=swg21685541
http://www-01.ibm.com/support/docview.wss?uid=swg21685604
http://www-01.ibm.com/support/docview.wss?uid=swg21685733
http://www-01.ibm.com/support/docview.wss?uid=swg21685749
http://www-01.ibm.com/support/docview.wss?uid=swg21685914
http://www-01.ibm.com/support/docview.wss?uid=swg21686084
http://www-01.ibm.com/support/docview.wss?uid=swg21686131
http://www-01.ibm.com/support/docview.wss?uid=swg21686246
http://www-01.ibm.com/support/docview.wss?uid=swg21686445
http://www-01.ibm.com/support/docview.wss?uid=swg21686447
http://www-01.ibm.com/support/docview.wss?uid=swg21686479
http://www-01.ibm.com/support/docview.wss?uid=swg21686494
http://www-01.ibm.com/support/docview.wss?uid=swg21687079
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096315
http://www.novell.com/support/kb/doc.php?id=7015701
http://www.novell.com/support/kb/doc.php?id=7015721
http://www.oracle.com/technetwork/topics/security/bashcve-2014-7169-2317675.html
http://www.qnap.com/i/en/support/con_show.php?cid=61
http://www.vmware.com/security/advisories/VMSA-2014-0010.html
https://access.redhat.com/articles/1200223
https://access.redhat.com/node/1200223
https://kb.bluecoat.com/index?page=content&id=SA82
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10648
https://kc.mcafee.com/corporate/index?page=content&id=SB10085
https://support.apple.com/kb/HT6535
https://support.citrix.com/article/CTX200217
https://support.citrix.com/article/CTX200223
https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15629.html
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04497075
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04518183
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk102673&src=securityAlerts
https://www.suse.com/support/shellshock/
openSUSE-SU-2014:1229
openSUSE-SU-2014:1242
openSUSE-SU-2014:1254
openSUSE-SU-2014:1308
openSUSE-SU-2014:1310

CPE    28
cpe:/a:gnu:bash:1.14.6
cpe:/a:gnu:bash:1.14.7
cpe:/a:gnu:bash:1.14.2
cpe:/a:gnu:bash:1.14.3
...
CWE    1
CWE-78
OVAL    26
oval:org.secpod.oval:def:203442
oval:org.secpod.oval:def:107628
oval:org.secpod.oval:def:203432
oval:org.secpod.oval:def:203434
...

© SecPod Technologies