Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
10
CVSSv2

CVE-2014-7186

Published: 28/09/2014 Updated: 09/10/2018
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
VMScore: 1000
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Gnu

Vulnerability Summary

The redirection implementation in parse.y in GNU Bash up to and including 4.3 bash43-026 allows remote malicious users to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted use of here documents, aka the "redir_stack" issue.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

gnu bash 1.14.2

gnu bash 1.14.3

gnu bash 2.01.1

gnu bash 2.02

gnu bash 3.0

gnu bash 3.0.16

gnu bash 4.3

gnu bash 1.14.6

gnu bash 1.14.7

gnu bash 2.04

gnu bash 2.05

gnu bash 3.2.48

gnu bash 4.0

gnu bash 1.14.4

gnu bash 1.14.5

gnu bash 2.02.1

gnu bash 2.03

gnu bash 3.1

gnu bash 3.2

gnu bash 1.14.0

gnu bash 1.14.1

gnu bash 2.0

gnu bash 2.01

gnu bash 4.1

gnu bash 4.2

Vendor Advisories

Ubuntu Security Notice: bash vulnerabilities
Several security issues were fixed in Bash ...
Amazon Linux AMI: ALAS-2014-419
GNU Bash through 43 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi an ...
Red Hat: CVE-2014-7186
It was discovered that the fixed-sized redir_stack could be forced to overflow in the Bash parser, resulting in memory corruption, and possibly leading to arbitrary code execution when evaluating untrusted input that would not otherwise be run as code ...
Citrix Security Bulletins: Citrix Security Advisory for GNU Bash Shellshock Vulnerabilities
Description of Problem Citrix is aware of recent vulnerability reports that impact GNU Bash and is actively investigating the potential impact of these issues on Citrix products There are a number of CVEs related to this issue, the current set includes: CVE-2014-6271  CVE-2014-6277  CVE-2014-6278  CVE-2014-7169  CVE-2014-7 ...
Tenable Security Advisories: [R7] Tenable Appliance Affected by GNU bash 'Shellshock' Vulnerability
GNU bash contains a flaw that is triggered when evaluating environment variables passed from another environment After processing a function definition, bash continues to process trailing strings Via certain applications, a local or remote attacker may inject shell commands, allowing local privilege escalation or remote command execution dependin ...

Exploits

Exploit DB: GNU bash 4.3.11 - Environment Variable dhclient
#!/usr/bin/python # Exploit Title: dhclient shellshocker # Google Dork: n/a # Date: 10/1/14 # Exploit Author: @0x00string # Vendor Homepage: gnuorg # Software Link: ftpgnuorg/gnu/bash/bash-43targz # Version: 4311 # Tested on: Ubuntu 14041 # CVE : CVE-2014-6277,CVE-2014-6278,CVE-2014-7169,CVE-2014-7186,CVE-2014-7187 # ______ ...
Exploit DB: dhclient 4.1 - Bash Environment Variable Command Injection (Shellshock)
#!/usr/bin/python # Exploit Title: ShellShock dhclient Bash Environment Variable Command Injection PoC # Date: 2014-09-29 # Author: @fdiskyou # e-mail: rui at deniableorg # Version: 41 # Tested on: Debian, Ubuntu, Kali # CVE: CVE-2014-6277, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187 from scapyall import * confcheckIPaddr = Fal ...
Exploit DB: DNS Reverse Lookup Shellshock
DNS reverse lookups can be used as a vector of attack for the bash shellshock vulnerability ...
Exploit DB: GNU Bash 4.3.11 dhclient Shellshocker
GNU Bash version 4311 environment variable dhclient shellshocker exploit ...
Exploit DB: Bash Me Some More
This is information regarding more bash vulnerabilities and how the original bash patches are ineffective ...

Github Repositories

https://github.com/HttpEduardo/ShellTHEbest

ShellCaçador É uma ferramenta simples para testar a vulnerabilidade do shell ### Shellhunter (softw bug) hellhunter, também conhecido como Bashdoor, é uma família de bugs de segurança no shell Unix Bash, sendo o primeiro deles divulgado em 24 de setembro de 2014 hellhunter pode permitir que um invasor faça com que o Ba

https://github.com/dokku-alt/dokku-alt

Dokku on steroids (this project is no longer actively maintained)

Dokku Alternative Unmaintained, Migrate to Dokku as soon as possible Docker powered mini-Heroku The smallest PaaS implementation you've ever seen It's a fork of the original dokku The idea behind this fork is to provide complete solution with plugins covering most use-cases which are stable and well tested Features Debian-based installation and upgrade! Git de

https://github.com/mrigank-9594/Exploit-Shellshock

Shellshock exploit + vulnerable environment Shellshock, also known as Bashdoor, is a family of security bugs in the widely used Unix Bash shell, the first of which was disclosed on 24 September 2014 Many Internet-facing services, such as some web server deployments, use Bash to process certain requests, allowing an attacker to cause vulnerable versions of Bash to execute arbi

https://github.com/SaltwaterC/sploit-tools

My own tools for easing the task of pentesting / exploit writing

sploit-tools My own tools for easing the task of pentesting / exploit writing pattern A simple Python script for replicating the functionality of pattern_createrb and pattern_offsetrb tools of the Metasploit Framework Useful for exploit writers than only have a python binary around About 25 times faster than the MSF implementation which is as slow as molasses Simply invok

https://github.com/UMDTERPS/Shell-Shock-Update

This will update bash bug

Shell-Shock-Update This will update bash bug How to check for shell shock bug Exploit 1 (CVE-2014-6271) env x='() { :;}; echo vulnerable' bash -c "echo this is a test" Even after udpating it may not work Exploit 2 (CVE-2014-7169) cd /tmp; env X='() { (a)=>\' bash -c "echo date"; cat echo Exploit 3 env -i X=' () { }; echo hel

https://github.com/ankh2054/linux-pentest

Linux pentest tools

linux-pentest Linux pentest tools linuxprivcheckerpy This script is intended to be executed locally on a Linux box to enumerate basic system info and search for common privilege escalation vectors such as world writable files, misconfigurations, clear-text passwords and applicable exploits portknocksh Port knock script using nmap Requests multiple ports as variables Knocks

https://github.com/opsxcq/exploit-CVE-2014-6271

Shellshock exploit + vulnerable environment

Shellshock exploit + vulnerable environment Shellshock, also known as Bashdoor, is a family of security bugs in the widely used Unix Bash shell, the first of which was disclosed on 24 September 2014 Many Internet-facing services, such as some web server deployments, use Bash to process certain requests, allowing an attacker to cause vulnerable versions of Bash to execute arbi

Recent Articles

VMWare virtually in control of Shellshock
The Register • Darren Pauli • 02 Oct 2014

Patch here, here, here ... everywhere, really

VMware is plugging away at Shellshock holes in 37 virtual appliance products, but has so far shipped clean code for just a handful of appliances. The company released a fix for cloud analytics kit vCenter Log Insight and offered updates on four others. The advisory said a variety of VMware appliances shipped with Shellshock-vulnerable Bash. Products running on Linux, Android, OSX and iOS could inherit the underlying vulnerability of their OS, and VMWare urges customers to contact their operating...

Read more...

References

CWE-119http://openwall.com/lists/oss-security/2014/09/25/32http://openwall.com/lists/oss-security/2014/09/26/2http://openwall.com/lists/oss-security/2014/09/28/10https://www.suse.com/support/shellshock/http://support.novell.com/security/cve/CVE-2014-7186.htmlhttp://secunia.com/advisories/61479http://secunia.com/advisories/61641http://secunia.com/advisories/61618http://secunia.com/advisories/61622https://kb.bluecoat.com/index?page=content&id=SA82http://secunia.com/advisories/61636http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00041.htmlhttp://lists.opensuse.org/opensuse-security-announce/2014-09/msg00038.htmlhttp://lists.opensuse.org/opensuse-security-announce/2014-09/msg00042.htmlhttp://lists.opensuse.org/opensuse-security-announce/2014-09/msg00044.htmlhttp://rhn.redhat.com/errata/RHSA-2014-1311.htmlhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bashhttp://www.ubuntu.com/usn/USN-2364-1http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00048.htmlhttp://rhn.redhat.com/errata/RHSA-2014-1312.htmlhttp://secunia.com/advisories/61485http://secunia.com/advisories/59907http://secunia.com/advisories/61654http://www-01.ibm.com/support/docview.wss?uid=swg21685749http://packetstormsecurity.com/files/128567/CA-Technologies-GNU-Bash-Shellshock.htmlhttp://www.novell.com/support/kb/doc.php?id=7015721http://secunia.com/advisories/61565http://secunia.com/advisories/61643http://secunia.com/advisories/61503http://secunia.com/advisories/61711https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10648http://secunia.com/advisories/61633http://secunia.com/advisories/61552http://www-01.ibm.com/support/docview.wss?uid=swg21685914http://secunia.com/advisories/61703http://seclists.org/fulldisclosure/2014/Oct/0http://secunia.com/advisories/61283http://www-01.ibm.com/support/docview.wss?uid=isg3T1021272http://secunia.com/advisories/61603http://packetstormsecurity.com/files/128517/VMware-Security-Advisory-2014-0010.htmlhttp://www.vmware.com/security/advisories/VMSA-2014-0010.htmlhttp://www.oracle.com/technetwork/topics/security/bashcve-2014-7169-2317675.htmlhttp://www-01.ibm.com/support/docview.wss?uid=swg21686084http://marc.info/?l=bugtraq&m=141330468527613&w=2http://secunia.com/advisories/61188http://marc.info/?l=bugtraq&m=141345648114150&w=2https://support.citrix.com/article/CTX200217http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004879http://secunia.com/advisories/60034http://secunia.com/advisories/61816http://secunia.com/advisories/61128http://secunia.com/advisories/61313http://www-01.ibm.com/support/docview.wss?uid=swg21685733http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004898http://secunia.com/advisories/61442http://secunia.com/advisories/61287https://support.citrix.com/article/CTX200223http://www-01.ibm.com/support/docview.wss?uid=isg3T1021279http://secunia.com/advisories/60055http://secunia.com/advisories/61129http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004897http://secunia.com/advisories/61780http://www-01.ibm.com/support/docview.wss?uid=swg21686479http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096315http://www-01.ibm.com/support/docview.wss?uid=swg21685541https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15629.htmlhttp://secunia.com/advisories/61471http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004915http://secunia.com/advisories/58200http://secunia.com/advisories/61328http://secunia.com/advisories/60193http://www-01.ibm.com/support/docview.wss?uid=swg21685604http://secunia.com/advisories/61065http://secunia.com/advisories/61550http://www-01.ibm.com/support/docview.wss?uid=swg21686131http://secunia.com/advisories/61312http://www-01.ibm.com/support/docview.wss?uid=swg21686494http://secunia.com/advisories/60063http://secunia.com/advisories/61291http://secunia.com/advisories/60044http://www-01.ibm.com/support/docview.wss?uid=swg21686246http://www-01.ibm.com/support/docview.wss?uid=swg21686445https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk102673&src=securityAlertshttp://www-01.ibm.com/support/docview.wss?uid=swg21687079http://www-01.ibm.com/support/docview.wss?uid=isg3T1021361http://secunia.com/advisories/60433http://secunia.com/advisories/60024http://marc.info/?l=bugtraq&m=141383304022067&w=2http://marc.info/?l=bugtraq&m=141383244821813&w=2http://marc.info/?l=bugtraq&m=141450491804793&w=2http://jvn.jp/en/jp/JVN55667175/index.htmlhttp://marc.info/?l=bugtraq&m=141383081521087&w=2http://marc.info/?l=bugtraq&m=141383138121313&w=2http://www.qnap.com/i/en/support/con_show.php?cid=61http://marc.info/?l=bugtraq&m=141383026420882&w=2http://jvndb.jvn.jp/jvndb/JVNDB-2014-000126http://marc.info/?l=bugtraq&m=141383196021590&w=2http://www-01.ibm.com/support/docview.wss?uid=swg21686447http://rhn.redhat.com/errata/RHSA-2014-1354.htmlhttp://secunia.com/advisories/61873http://marc.info/?l=bugtraq&m=141577241923505&w=2http://marc.info/?l=bugtraq&m=141576728022234&w=2http://marc.info/?l=bugtraq&m=141577297623641&w=2http://marc.info/?l=bugtraq&m=141577137423233&w=2http://marc.info/?l=bugtraq&m=141585637922673&w=2http://marc.info/?l=bugtraq&m=141694386919794&w=2http://secunia.com/advisories/62343http://secunia.com/advisories/62312http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.htmlhttp://support.apple.com/HT204244http://marc.info/?l=bugtraq&m=142358026505815&w=2http://marc.info/?l=bugtraq&m=142358078406056&w=2http://marc.info/?l=bugtraq&m=142113462216480&w=2http://marc.info/?l=bugtraq&m=142289270617409&w=2http://marc.info/?l=bugtraq&m=141879528318582&w=2http://marc.info/?l=bugtraq&m=142118135300698&w=2http://marc.info/?l=bugtraq&m=142721162228379&w=2http://www.mandriva.com/security/advisories?name=MDVSA-2015:164http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.htmlhttps://support.apple.com/HT205267https://kc.mcafee.com/corporate/index?page=content&id=SB10085http://secunia.com/advisories/62228https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04518183https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04497075http://www.securityfocus.com/archive/1/533593/100/0/threadedhttps://usn.ubuntu.com/2364-1/https://nvd.nist.govhttps://www.exploit-db.com/exploits/34860/https://access.redhat.com/security/cve/cve-2014-7186https://www.kb.cert.org/vuls/id/252743
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30924CVE-2024-3400overflowCVE-2024-23528CVE-2024-21338CVE-2024-3818CVE-2024-23535NULL pointer dereferenceelevation of privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook