Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
10
CVSSv2

CVE-2014-6277

Published: 27/09/2014 Updated: 09/08/2018
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
VMScore: 1000
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Gnu

Vulnerability Summary

GNU Bash up to and including 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote malicious users to execute arbitrary code or cause a denial of service (uninitialized memory access, and untrusted-pointer read and write operations) via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271 and CVE-2014-7169.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

gnu bash 1.14.2

gnu bash 1.14.3

gnu bash 2.01.1

gnu bash 2.02

gnu bash 3.0

gnu bash 3.0.16

gnu bash 4.3

gnu bash 1.14.6

gnu bash 1.14.7

gnu bash 2.04

gnu bash 2.05

gnu bash 3.2.48

gnu bash 4.0

gnu bash 1.14.0

gnu bash 1.14.1

gnu bash 2.0

gnu bash 2.01

gnu bash 4.1

gnu bash 4.2

gnu bash 1.14.4

gnu bash 1.14.5

gnu bash 2.02.1

gnu bash 2.03

gnu bash 3.1

gnu bash 3.2

Vendor Advisories

Ubuntu Security Notice: bash vulnerabilities
Several security issues were fixed in Bash ...
Arch Linux Issues:
GNU Bash through 43 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access, and untrusted-pointer read and write operations) via a crafted environment, as demonstrated by vectors involving the F ...
Citrix Security Bulletins: Citrix Security Advisory for GNU Bash Shellshock Vulnerabilities
Description of Problem Citrix is aware of recent vulnerability reports that impact GNU Bash and is actively investigating the potential impact of these issues on Citrix products There are a number of CVEs related to this issue, the current set includes: CVE-2014-6271  CVE-2014-6277  CVE-2014-6278  CVE-2014-7169  CVE-2014-7 ...
Tenable Security Advisories: [R7] Tenable Appliance Affected by GNU bash 'Shellshock' Vulnerability
GNU bash contains a flaw that is triggered when evaluating environment variables passed from another environment After processing a function definition, bash continues to process trailing strings Via certain applications, a local or remote attacker may inject shell commands, allowing local privilege escalation or remote command execution dependin ...

Exploits

Exploit DB: Binary File Descriptor Library (libbfd) - Out-of-Bounds Crash
Many shell users, and certainly a lot of the people working in computer forensics or other fields of information security, have a habit of running /usr/bin/strings on binary files originating from the Internet Their understanding is that the tool simply scans the file for runs of printable characters and dumps them to stdout - something that is ve ...
Exploit DB: GNU bash 4.3.11 - Environment Variable dhclient
#!/usr/bin/python # Exploit Title: dhclient shellshocker # Google Dork: n/a # Date: 10/1/14 # Exploit Author: @0x00string # Vendor Homepage: gnuorg # Software Link: ftpgnuorg/gnu/bash/bash-43targz # Version: 4311 # Tested on: Ubuntu 14041 # CVE : CVE-2014-6277,CVE-2014-6278,CVE-2014-7169,CVE-2014-7186,CVE-2014-7187 # ______ ...
Exploit DB: dhclient 4.1 - Bash Environment Variable Command Injection (Shellshock)
#!/usr/bin/python # Exploit Title: ShellShock dhclient Bash Environment Variable Command Injection PoC # Date: 2014-09-29 # Author: @fdiskyou # e-mail: rui at deniableorg # Version: 41 # Tested on: Debian, Ubuntu, Kali # CVE: CVE-2014-6277, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187 from scapyall import * confcheckIPaddr = Fal ...
Exploit DB: DNS Reverse Lookup Shellshock
DNS reverse lookups can be used as a vector of attack for the bash shellshock vulnerability ...
Exploit DB: GNU Bash 4.3.11 dhclient Shellshocker
GNU Bash version 4311 environment variable dhclient shellshocker exploit ...
Exploit DB: Bash Me Some More
This is information regarding more bash vulnerabilities and how the original bash patches are ineffective ...

Github Repositories

https://github.com/swapravo/cvesploit

Find SearchSploit exploits by CVE-IDs / dpkg status file

cvesploit Find SearchSploit exploits by CVE-IDs / dpkg status file CVE Mode Vulnerablitiy Scanners often return the CVE-IDs in their scans /cvesploit CVE-2018-11776 CVE-2018-11776 Apache Struts 23 < 2334 / 25 < 2516 - Remote Code Execution (1) exploits/linux/remote/45260py Apache Struts 23 < 2334 / 25 < 2516 -

https://github.com/unixorn/shellshock-patch-osx

This will download Apple's bash source, patch it, build it, and create a pkg file for you

shellshock-patch-osx This will download Apple's bash source, patch it, build it, and create a pkg file for you, then optionally wrap it in a dmg or zip file to make distributing it easier This applies the following patches: bash32-052 - CVE-2014-6271 (aka shellshock) bash32-053 - CVE-2014-7169 (aka aftershock) bash32-054 - CVE-2014-6277 (another bash bug) Pre-requisites

https://github.com/ido/macosx-bash-92-shellshock-patched

Apple Mac OS X bash-92 updated to 3.2.54 (shellshock patched)

This repository is deprecated since Apple released an official hotfix, referred to as the OS X bash Update 10, which updates bash to 3253 (although not 3254, aka Florian's patch) That update does seem to apply portions of Florian's patch The updated bash-9212 code is also available from Apple, and I've created a branch containing that source code Ap

References

CWE-78http://lcamtuf.blogspot.com/2014/09/bash-bug-apply-unofficial-patch-now.htmlhttps://www.suse.com/support/shellshock/http://support.novell.com/security/cve/CVE-2014-6277.htmlhttp://secunia.com/advisories/61641http://lcamtuf.blogspot.com/2014/10/bash-bug-how-we-finally-cracked.htmlhttps://kb.bluecoat.com/index?page=content&id=SA82http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bashhttp://secunia.com/advisories/61485http://secunia.com/advisories/59907http://www.ubuntu.com/usn/USN-2380-1http://secunia.com/advisories/61654http://www-01.ibm.com/support/docview.wss?uid=swg21685749http://packetstormsecurity.com/files/128567/CA-Technologies-GNU-Bash-Shellshock.htmlhttp://secunia.com/advisories/61565http://www.novell.com/support/kb/doc.php?id=7015721http://www.vmware.com/security/advisories/VMSA-2014-0010.htmlhttp://secunia.com/advisories/61643http://secunia.com/advisories/61503https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10648http://www.oracle.com/technetwork/topics/security/bashcve-2014-7169-2317675.htmlhttp://secunia.com/advisories/61633http://secunia.com/advisories/61552http://www-01.ibm.com/support/docview.wss?uid=swg21685914http://secunia.com/advisories/61703http://secunia.com/advisories/61283http://secunia.com/advisories/61603http://www-01.ibm.com/support/docview.wss?uid=isg3T1021272http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00004.htmlhttp://marc.info/?l=bugtraq&m=141330468527613&w=2http://marc.info/?l=bugtraq&m=141345648114150&w=2https://support.citrix.com/article/CTX200217http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004879http://secunia.com/advisories/60034http://secunia.com/advisories/61816http://secunia.com/advisories/61128http://secunia.com/advisories/61313http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004898http://www-01.ibm.com/support/docview.wss?uid=swg21685733http://secunia.com/advisories/61442http://secunia.com/advisories/61287https://support.citrix.com/article/CTX200223http://www-01.ibm.com/support/docview.wss?uid=isg3T1021279http://secunia.com/advisories/60055http://secunia.com/advisories/61129http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004897http://secunia.com/advisories/61780http://www-01.ibm.com/support/docview.wss?uid=swg21686479http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096315http://www-01.ibm.com/support/docview.wss?uid=swg21685541https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15629.htmlhttp://secunia.com/advisories/61471http://secunia.com/advisories/61328http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004915http://secunia.com/advisories/58200http://secunia.com/advisories/61857http://secunia.com/advisories/60193http://www-01.ibm.com/support/docview.wss?uid=swg21685604http://secunia.com/advisories/61065http://secunia.com/advisories/61550http://secunia.com/advisories/60325http://www-01.ibm.com/support/docview.wss?uid=swg21686131http://secunia.com/advisories/61312http://www-01.ibm.com/support/docview.wss?uid=swg21686494http://secunia.com/advisories/60063http://secunia.com/advisories/61291http://secunia.com/advisories/60044http://www-01.ibm.com/support/docview.wss?uid=swg21686246http://www-01.ibm.com/support/docview.wss?uid=swg21686445https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk102673&src=securityAlertshttp://www-01.ibm.com/support/docview.wss?uid=swg21687079http://www-01.ibm.com/support/docview.wss?uid=isg3T1021361http://secunia.com/advisories/60433http://secunia.com/advisories/60024http://marc.info/?l=bugtraq&m=141383353622268&w=2http://marc.info/?l=bugtraq&m=141383304022067&w=2http://marc.info/?l=bugtraq&m=141383244821813&w=2http://lists.opensuse.org/opensuse-updates/2014-10/msg00025.htmlhttp://marc.info/?l=bugtraq&m=141450491804793&w=2http://jvn.jp/en/jp/JVN55667175/index.htmlhttp://marc.info/?l=bugtraq&m=141383081521087&w=2http://www.qnap.com/i/en/support/con_show.php?cid=61http://marc.info/?l=bugtraq&m=141383026420882&w=2http://jvndb.jvn.jp/jvndb/JVNDB-2014-000126http://marc.info/?l=bugtraq&m=141383196021590&w=2http://marc.info/?l=bugtraq&m=141383465822787&w=2http://marc.info/?l=bugtraq&m=141577137423233&w=2http://marc.info/?l=bugtraq&m=141577241923505&w=2http://marc.info/?l=bugtraq&m=141576728022234&w=2http://marc.info/?l=bugtraq&m=141577297623641&w=2http://marc.info/?l=bugtraq&m=141585637922673&w=2http://secunia.com/advisories/62312http://secunia.com/advisories/59961http://secunia.com/advisories/62343http://linux.oracle.com/errata/ELSA-2014-3093http://linux.oracle.com/errata/ELSA-2014-3094http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.htmlhttp://support.apple.com/HT204244http://marc.info/?l=bugtraq&m=142358026505815&w=2http://marc.info/?l=bugtraq&m=142358078406056&w=2http://marc.info/?l=bugtraq&m=142289270617409&w=2http://marc.info/?l=bugtraq&m=141879528318582&w=2http://marc.info/?l=bugtraq&m=142118135300698&w=2http://marc.info/?l=bugtraq&m=142721162228379&w=2http://www.mandriva.com/security/advisories?name=MDVSA-2015:164http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.htmlhttps://support.apple.com/HT205267https://kc.mcafee.com/corporate/index?page=content&id=SB10085https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04518183https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04497075https://usn.ubuntu.com/2380-1/https://nvd.nist.govhttps://www.exploit-db.com/exploits/35081/https://www.kb.cert.org/vuls/id/252743
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977IMAPlocal usersCVE-2024-32038CVE-2023-49963CVE-2023-22869CVE-2024-31497localCVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook