Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
10
CVSSv2

CVE-2014-7187

Published: 28/09/2014 Updated: 09/10/2018
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
VMScore: 1000
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Bash

Vulnerability Summary

Off-by-one error in the read_token_word function in parse.y in GNU Bash up to and including 4.3 bash43-026 allows remote malicious users to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via deeply nested for loops, aka the "word_lineno" issue.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

gnu bash 1.14.6

gnu bash 1.14.7

gnu bash 2.04

gnu bash 2.05

gnu bash 4.0

gnu bash 1.14.2

gnu bash 1.14.3

gnu bash 2.01.1

gnu bash 2.02

gnu bash 3.0

gnu bash 3.0.16

gnu bash 3.1

gnu bash 4.3

gnu bash 1.14.0

gnu bash 1.14.1

gnu bash 2.0

gnu bash 2.01

gnu bash 4.1

gnu bash 4.2

gnu bash 1.14.4

gnu bash 1.14.5

gnu bash 2.02.1

gnu bash 2.03

gnu bash 3.2

gnu bash 3.2.48

Vendor Advisories

Ubuntu Security Notice: bash vulnerabilities
Several security issues were fixed in Bash ...
Amazon Linux AMI: ALAS-2014-419
GNU Bash through 43 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi an ...
Red Hat: CVE-2014-7187
An off-by-one error was discovered in the way Bash was handling deeply nested flow control constructs Depending on the layout of the bss segment, this could allow arbitrary execution of code that would not otherwise be executed by Bash ...
Citrix Security Bulletins: Citrix Security Advisory for GNU Bash Shellshock Vulnerabilities
Description of Problem Citrix is aware of recent vulnerability reports that impact GNU Bash and is actively investigating the potential impact of these issues on Citrix products There are a number of CVEs related to this issue, the current set includes: CVE-2014-6271  CVE-2014-6277  CVE-2014-6278  CVE-2014-7169  CVE-2014-7 ...
Tenable Security Advisories: [R7] Tenable Appliance Affected by GNU bash 'Shellshock' Vulnerability
GNU bash contains a flaw that is triggered when evaluating environment variables passed from another environment After processing a function definition, bash continues to process trailing strings Via certain applications, a local or remote attacker may inject shell commands, allowing local privilege escalation or remote command execution dependin ...

Exploits

Exploit DB: GNU bash 4.3.11 - Environment Variable dhclient
#!/usr/bin/python # Exploit Title: dhclient shellshocker # Google Dork: n/a # Date: 10/1/14 # Exploit Author: @0x00string # Vendor Homepage: gnuorg # Software Link: ftpgnuorg/gnu/bash/bash-43targz # Version: 4311 # Tested on: Ubuntu 14041 # CVE : CVE-2014-6277,CVE-2014-6278,CVE-2014-7169,CVE-2014-7186,CVE-2014-7187 # ______ ...
Exploit DB: dhclient 4.1 - Bash Environment Variable Command Injection (Shellshock)
#!/usr/bin/python # Exploit Title: ShellShock dhclient Bash Environment Variable Command Injection PoC # Date: 2014-09-29 # Author: @fdiskyou # e-mail: rui at deniableorg # Version: 41 # Tested on: Debian, Ubuntu, Kali # CVE: CVE-2014-6277, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187 from scapyall import * confcheckIPaddr = Fal ...
Exploit DB: DNS Reverse Lookup Shellshock
DNS reverse lookups can be used as a vector of attack for the bash shellshock vulnerability ...
Exploit DB: GNU Bash 4.3.11 dhclient Shellshocker
GNU Bash version 4311 environment variable dhclient shellshocker exploit ...
Exploit DB: Bash Me Some More
This is information regarding more bash vulnerabilities and how the original bash patches are ineffective ...

Github Repositories

https://github.com/HttpEduardo/ShellTHEbest

ShellCaçador É uma ferramenta simples para testar a vulnerabilidade do shell ### Shellhunter (softw bug) hellhunter, também conhecido como Bashdoor, é uma família de bugs de segurança no shell Unix Bash, sendo o primeiro deles divulgado em 24 de setembro de 2014 hellhunter pode permitir que um invasor faça com que o Ba

https://github.com/dokku-alt/dokku-alt

Dokku on steroids (this project is no longer actively maintained)

Dokku Alternative Unmaintained, Migrate to Dokku as soon as possible Docker powered mini-Heroku The smallest PaaS implementation you've ever seen It's a fork of the original dokku The idea behind this fork is to provide complete solution with plugins covering most use-cases which are stable and well tested Features Debian-based installation and upgrade! Git de

https://github.com/SaltwaterC/sploit-tools

My own tools for easing the task of pentesting / exploit writing

sploit-tools My own tools for easing the task of pentesting / exploit writing pattern A simple Python script for replicating the functionality of pattern_createrb and pattern_offsetrb tools of the Metasploit Framework Useful for exploit writers than only have a python binary around About 25 times faster than the MSF implementation which is as slow as molasses Simply invok

https://github.com/UMDTERPS/Shell-Shock-Update

This will update bash bug

Shell-Shock-Update This will update bash bug How to check for shell shock bug Exploit 1 (CVE-2014-6271) env x='() { :;}; echo vulnerable' bash -c "echo this is a test" Even after udpating it may not work Exploit 2 (CVE-2014-7169) cd /tmp; env X='() { (a)=>\' bash -c "echo date"; cat echo Exploit 3 env -i X=' () { }; echo hel

https://github.com/ankh2054/linux-pentest

Linux pentest tools

linux-pentest Linux pentest tools linuxprivcheckerpy This script is intended to be executed locally on a Linux box to enumerate basic system info and search for common privilege escalation vectors such as world writable files, misconfigurations, clear-text passwords and applicable exploits portknocksh Port knock script using nmap Requests multiple ports as variables Knocks

References

CWE-119http://openwall.com/lists/oss-security/2014/09/28/10http://openwall.com/lists/oss-security/2014/09/25/32http://openwall.com/lists/oss-security/2014/09/26/2https://www.suse.com/support/shellshock/http://support.novell.com/security/cve/CVE-2014-7187.htmlhttp://secunia.com/advisories/61479http://secunia.com/advisories/61641http://secunia.com/advisories/61618http://secunia.com/advisories/61622https://kb.bluecoat.com/index?page=content&id=SA82http://secunia.com/advisories/61636http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00041.htmlhttp://lists.opensuse.org/opensuse-security-announce/2014-09/msg00038.htmlhttp://lists.opensuse.org/opensuse-security-announce/2014-09/msg00042.htmlhttp://lists.opensuse.org/opensuse-security-announce/2014-09/msg00044.htmlhttp://rhn.redhat.com/errata/RHSA-2014-1311.htmlhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bashhttp://www.ubuntu.com/usn/USN-2364-1http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00048.htmlhttp://rhn.redhat.com/errata/RHSA-2014-1312.htmlhttp://secunia.com/advisories/61485http://secunia.com/advisories/59907http://secunia.com/advisories/61654http://www-01.ibm.com/support/docview.wss?uid=swg21685749http://packetstormsecurity.com/files/128567/CA-Technologies-GNU-Bash-Shellshock.htmlhttp://www.novell.com/support/kb/doc.php?id=7015721http://secunia.com/advisories/61565http://secunia.com/advisories/61643http://secunia.com/advisories/61503https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10648http://secunia.com/advisories/61633http://secunia.com/advisories/61552http://www-01.ibm.com/support/docview.wss?uid=swg21685914http://secunia.com/advisories/61703http://seclists.org/fulldisclosure/2014/Oct/0http://secunia.com/advisories/61283http://www-01.ibm.com/support/docview.wss?uid=isg3T1021272http://secunia.com/advisories/61603http://packetstormsecurity.com/files/128517/VMware-Security-Advisory-2014-0010.htmlhttp://www.vmware.com/security/advisories/VMSA-2014-0010.htmlhttp://www.oracle.com/technetwork/topics/security/bashcve-2014-7169-2317675.htmlhttp://www-01.ibm.com/support/docview.wss?uid=swg21686084http://marc.info/?l=bugtraq&m=141330468527613&w=2http://secunia.com/advisories/61188http://marc.info/?l=bugtraq&m=141345648114150&w=2https://support.citrix.com/article/CTX200217http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004879http://secunia.com/advisories/60034http://secunia.com/advisories/61816http://secunia.com/advisories/61128http://secunia.com/advisories/61313http://www-01.ibm.com/support/docview.wss?uid=swg21685733http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004898http://secunia.com/advisories/61442http://secunia.com/advisories/61287https://support.citrix.com/article/CTX200223http://www-01.ibm.com/support/docview.wss?uid=isg3T1021279http://secunia.com/advisories/60055http://secunia.com/advisories/61129http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004897http://www-01.ibm.com/support/docview.wss?uid=swg21686479http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096315https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15629.htmlhttp://www-01.ibm.com/support/docview.wss?uid=ssg1S1004915http://secunia.com/advisories/58200http://secunia.com/advisories/61328http://secunia.com/advisories/61857http://secunia.com/advisories/60193http://www-01.ibm.com/support/docview.wss?uid=swg21685604http://secunia.com/advisories/61065http://secunia.com/advisories/61550http://secunia.com/advisories/61855http://www-01.ibm.com/support/docview.wss?uid=swg21686131http://secunia.com/advisories/61312http://www-01.ibm.com/support/docview.wss?uid=swg21686494http://secunia.com/advisories/60063http://secunia.com/advisories/61291http://secunia.com/advisories/60044http://www-01.ibm.com/support/docview.wss?uid=swg21686246http://www-01.ibm.com/support/docview.wss?uid=swg21686445https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk102673&src=securityAlertshttp://www-01.ibm.com/support/docview.wss?uid=swg21687079http://www-01.ibm.com/support/docview.wss?uid=isg3T1021361http://secunia.com/advisories/60433http://secunia.com/advisories/60024http://marc.info/?l=bugtraq&m=141383304022067&w=2http://marc.info/?l=bugtraq&m=141383244821813&w=2http://lists.opensuse.org/opensuse-updates/2014-10/msg00025.htmlhttp://marc.info/?l=bugtraq&m=141450491804793&w=2http://jvn.jp/en/jp/JVN55667175/index.htmlhttp://marc.info/?l=bugtraq&m=141383081521087&w=2http://marc.info/?l=bugtraq&m=141383138121313&w=2http://www.qnap.com/i/en/support/con_show.php?cid=61http://marc.info/?l=bugtraq&m=141383026420882&w=2http://lists.opensuse.org/opensuse-updates/2014-10/msg00023.htmlhttp://jvndb.jvn.jp/jvndb/JVNDB-2014-000126http://marc.info/?l=bugtraq&m=141383196021590&w=2http://www-01.ibm.com/support/docview.wss?uid=swg21686447http://rhn.redhat.com/errata/RHSA-2014-1354.htmlhttp://secunia.com/advisories/61873http://marc.info/?l=bugtraq&m=141577241923505&w=2http://marc.info/?l=bugtraq&m=141576728022234&w=2http://marc.info/?l=bugtraq&m=141577297623641&w=2http://marc.info/?l=bugtraq&m=141577137423233&w=2http://marc.info/?l=bugtraq&m=141585637922673&w=2http://marc.info/?l=bugtraq&m=141694386919794&w=2http://secunia.com/advisories/62343http://secunia.com/advisories/62312http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.htmlhttp://support.apple.com/HT204244http://marc.info/?l=bugtraq&m=142358026505815&w=2http://marc.info/?l=bugtraq&m=142358078406056&w=2http://marc.info/?l=bugtraq&m=142289270617409&w=2http://marc.info/?l=bugtraq&m=141879528318582&w=2http://marc.info/?l=bugtraq&m=142118135300698&w=2http://marc.info/?l=bugtraq&m=142721162228379&w=2http://www.mandriva.com/security/advisories?name=MDVSA-2015:164http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.htmlhttps://support.apple.com/HT205267https://kc.mcafee.com/corporate/index?page=content&id=SB10085https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04518183https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04497075http://www.securityfocus.com/archive/1/533593/100/0/threadedhttps://usn.ubuntu.com/2364-1/https://nvd.nist.govhttps://www.exploit-db.com/exploits/34860/https://access.redhat.com/security/cve/cve-2014-7187https://www.kb.cert.org/vuls/id/252743
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30924CVE-2024-3400overflowCVE-2024-23528CVE-2024-21338CVE-2024-3818CVE-2024-23535NULL pointer dereferenceelevation of privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook