CVE-2014-6271

HIGH

Description

GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.

References

http://advisories.mageia.org/MGASA-2014-0388.html

http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html

http://jvn.jp/en/jp/JVN55667175/index.html

http://jvndb.jvn.jp/jvndb/JVNDB-2014-000126

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10673

http://lcamtuf.blogspot.com/2014/09/quick-notes-about-bash-bug-its-impact.html

http://linux.oracle.com/errata/ELSA-2014-1293.html

http://linux.oracle.com/errata/ELSA-2014-1294.html

http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00028.html

http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00029.html

http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00034.html

http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00037.html

http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00040.html

http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00044.html

http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00049.html

http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00004.html

http://lists.opensuse.org/opensuse-updates/2014-10/msg00023.html

http://lists.opensuse.org/opensuse-updates/2014-10/msg00025.html

http://marc.info/?l=bugtraq&m=141216207813411&w=2

http://marc.info/?l=bugtraq&m=141216668515282&w=2

http://marc.info/?l=bugtraq&m=141235957116749&w=2

http://marc.info/?l=bugtraq&m=141319209015420&w=2

http://marc.info/?l=bugtraq&m=141330425327438&w=2

http://marc.info/?l=bugtraq&m=141330468527613&w=2

http://marc.info/?l=bugtraq&m=141345648114150&w=2

http://marc.info/?l=bugtraq&m=141383026420882&w=2

http://marc.info/?l=bugtraq&m=141383081521087&w=2

http://marc.info/?l=bugtraq&m=141383138121313&w=2

http://marc.info/?l=bugtraq&m=141383196021590&w=2

http://marc.info/?l=bugtraq&m=141383244821813&w=2

http://marc.info/?l=bugtraq&m=141383304022067&w=2

http://marc.info/?l=bugtraq&m=141383353622268&w=2

http://marc.info/?l=bugtraq&m=141383465822787&w=2

http://marc.info/?l=bugtraq&m=141450491804793&w=2

http://marc.info/?l=bugtraq&m=141576728022234&w=2

http://marc.info/?l=bugtraq&m=141577137423233&w=2

http://marc.info/?l=bugtraq&m=141577241923505&w=2

http://marc.info/?l=bugtraq&m=141577297623641&w=2

http://marc.info/?l=bugtraq&m=141585637922673&w=2

http://marc.info/?l=bugtraq&m=141694386919794&w=2

http://marc.info/?l=bugtraq&m=141879528318582&w=2

http://marc.info/?l=bugtraq&m=142113462216480&w=2

http://marc.info/?l=bugtraq&m=142118135300698&w=2

http://marc.info/?l=bugtraq&m=142358026505815&w=2

http://marc.info/?l=bugtraq&m=142358078406056&w=2

http://marc.info/?l=bugtraq&m=142546741516006&w=2

http://marc.info/?l=bugtraq&m=142719845423222&w=2

http://marc.info/?l=bugtraq&m=142721162228379&w=2

http://marc.info/?l=bugtraq&m=142805027510172&w=2

http://packetstormsecurity.com/files/128517/VMware-Security-Advisory-2014-0010.html

http://packetstormsecurity.com/files/128567/CA-Technologies-GNU-Bash-Shellshock.html

http://packetstormsecurity.com/files/128573/Apache-mod_cgi-Remote-Command-Execution.html

http://packetstormsecurity.com/files/137376/IPFire-Bash-Environment-Variable-Injection-Shellshock.html

http://packetstormsecurity.com/files/161107/SonicWall-SSL-VPN-Shellshock-Remote-Code-Execution.html

http://rhn.redhat.com/errata/RHSA-2014-1293.html

http://rhn.redhat.com/errata/RHSA-2014-1294.html

http://rhn.redhat.com/errata/RHSA-2014-1295.html

http://rhn.redhat.com/errata/RHSA-2014-1354.html

http://seclists.org/fulldisclosure/2014/Oct/0

http://secunia.com/advisories/58200

http://secunia.com/advisories/59272

http://secunia.com/advisories/59737

http://secunia.com/advisories/59907

http://secunia.com/advisories/60024

http://secunia.com/advisories/60034

http://secunia.com/advisories/60044

http://secunia.com/advisories/60055

http://secunia.com/advisories/60063

http://secunia.com/advisories/60193

http://secunia.com/advisories/60325

http://secunia.com/advisories/60433

http://secunia.com/advisories/60947

http://secunia.com/advisories/61065

http://secunia.com/advisories/61128

http://secunia.com/advisories/61129

http://secunia.com/advisories/61188

http://secunia.com/advisories/61283

http://secunia.com/advisories/61287

http://secunia.com/advisories/61291

http://secunia.com/advisories/61312

http://secunia.com/advisories/61313

http://secunia.com/advisories/61328

http://secunia.com/advisories/61442

http://secunia.com/advisories/61471

http://secunia.com/advisories/61485

http://secunia.com/advisories/61503

http://secunia.com/advisories/61542

http://secunia.com/advisories/61547

http://secunia.com/advisories/61550

http://secunia.com/advisories/61552

http://secunia.com/advisories/61565

http://secunia.com/advisories/61603

http://secunia.com/advisories/61633

http://secunia.com/advisories/61641

http://secunia.com/advisories/61643

http://secunia.com/advisories/61654

http://secunia.com/advisories/61676

http://secunia.com/advisories/61700

http://secunia.com/advisories/61703

http://secunia.com/advisories/61711

http://secunia.com/advisories/61715

http://secunia.com/advisories/61780

http://secunia.com/advisories/61816

http://secunia.com/advisories/61855

http://secunia.com/advisories/61857

http://secunia.com/advisories/61873

http://secunia.com/advisories/62228

http://secunia.com/advisories/62312

http://secunia.com/advisories/62343

http://support.apple.com/kb/HT6495

http://support.novell.com/security/cve/CVE-2014-6271.html

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash

http://www.debian.org/security/2014/dsa-3032

http://www.kb.cert.org/vuls/id/252743

http://www.mandriva.com/security/advisories?name=MDVSA-2015:164

http://www.novell.com/support/kb/doc.php?id=7015701

http://www.novell.com/support/kb/doc.php?id=7015721

http://www.oracle.com/technetwork/topics/security/bashcve-2014-7169-2317675.html

http://www.qnap.com/i/en/support/con_show.php?cid=61

http://www.securityfocus.com/archive/1/533593/100/0/threaded

http://www.securityfocus.com/bid/70103

http://www.ubuntu.com/usn/USN-2362-1

http://www.us-cert.gov/ncas/alerts/TA14-268A

http://www.vmware.com/security/advisories/VMSA-2014-0010.html

http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0

http://www-01.ibm.com/support/docview.wss?uid=isg3T1021272

http://www-01.ibm.com/support/docview.wss?uid=isg3T1021279

http://www-01.ibm.com/support/docview.wss?uid=isg3T1021361

http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004879

http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004897

http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004898

http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004915

http://www-01.ibm.com/support/docview.wss?uid=swg21685541

http://www-01.ibm.com/support/docview.wss?uid=swg21685604

http://www-01.ibm.com/support/docview.wss?uid=swg21685733

http://www-01.ibm.com/support/docview.wss?uid=swg21685749

http://www-01.ibm.com/support/docview.wss?uid=swg21685914

http://www-01.ibm.com/support/docview.wss?uid=swg21686084

http://www-01.ibm.com/support/docview.wss?uid=swg21686131

http://www-01.ibm.com/support/docview.wss?uid=swg21686246

http://www-01.ibm.com/support/docview.wss?uid=swg21686445

http://www-01.ibm.com/support/docview.wss?uid=swg21686447

http://www-01.ibm.com/support/docview.wss?uid=swg21686479

http://www-01.ibm.com/support/docview.wss?uid=swg21686494

http://www-01.ibm.com/support/docview.wss?uid=swg21687079

http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096315

https://access.redhat.com/articles/1200223

https://access.redhat.com/node/1200223

https://bugzilla.redhat.com/show_bug.cgi?id=1141597

https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes

https://kb.bluecoat.com/index?page=content&id=SA82

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10648

https://kc.mcafee.com/corporate/index?page=content&id=SB10085

https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/

https://support.apple.com/kb/HT6535

https://support.citrix.com/article/CTX200217

https://support.citrix.com/article/CTX200223

https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15629.html

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04497075

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04518183

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk102673&src=securityAlerts

https://www.exploit-db.com/exploits/34879/

https://www.exploit-db.com/exploits/37816/

https://www.exploit-db.com/exploits/38849/

https://www.exploit-db.com/exploits/39918/

https://www.exploit-db.com/exploits/40619/

https://www.exploit-db.com/exploits/40938/

https://www.exploit-db.com/exploits/42938/

https://www.suse.com/support/shellshock/

Details

Source: MITRE

Published: 2014-09-24

Updated: 2021-02-01

Type: CWE-78

Risk Information

CVSS v2.0

Base Score: 10

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 10

Severity: HIGH

CVSS v3.0

Base Score: 9.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 3.9

Severity: CRITICAL

Tenable Plugins

View all (77 total)

IDNameProductFamilySeverity
112578GNU Bash Environment Variable Handling Code Injection (Shellshock)Web Application ScanningComponent Vulnerability
critical
124921EulerOS Virtualization 3.0.1.0 : bash (EulerOS-SA-2019-1418)NessusHuawei Local Security Checks
critical
104997Check Point Gaia Operating Bash Code Injection (sk102673)(SHELLSHOCK)NessusFirewalls
critical
88514Oracle Solaris Third-Party Patch Update : bash (multiple_vulnerabilities_in_bash1) (Shellshock)NessusSolaris Local Security Checks
critical
87680VMware ESX Multiple Bash Vulnerabilities (VMSA-2014-0010) (Shellshock)NessusMisc.
critical
85630IBM Storwize V7000 Unified 1.3.x < 1.4.3.5 / 1.5.x < 1.5.0.4 Multiple Vulnerabilities (Shellshock)NessusMisc.
critical
82417Mandriva Linux Security Advisory : bash (MDVSA-2015:164)NessusMandriva Local Security Checks
critical
80590Oracle Solaris Third-Party Patch Update : bash (multiple_vulnerabilities_in_bash) (Shellshock)NessusSolaris Local Security Checks
critical
80196Juniper Junos Space GNU Bash Command Injection Vulnerability (JSA10648) (Shellshock)NessusJunos Local Security Checks
critical
79804CUPS Remote Command Execution via ShellshockNessusMisc.
critical
79584Cisco TelePresence Conductor Bash Remote Code Execution (Shellshock)NessusCISCO
critical
79234McAfee Next Generation Firewall GNU Bash Code Injection (SB10085) (Shellshock)NessusMisc.
critical
79215McAfee Web Gateway GNU Bash Code Injection (SB10085) (Shellshock)NessusMisc.
critical
79147VMware vCenter Converter 5.1.x < 5.1.2 / 5.5.x < 5.5.3 Multiple Vulnerabilities (VMSA-2014-0010) (Shellshock)NessusWindows
critical
79124CUCM IM and Presence Service GNU Bash Environment Variable Handling Command Injection (CSCur05454) (Shellshock)NessusCISCO
critical
79123McAfee Email Gateway GNU Bash Code Injection (SB10085) (Shellshock)NessusMisc.
critical
79053RHEL 6 : rhev-hypervisor6 (RHSA-2014:1354) (Shellshock)NessusRed Hat Local Security Checks
critical
79051RHEL 4 / 5 / 6 : bash (RHSA-2014:1294) (Shellshock)NessusRed Hat Local Security Checks
critical
78889VMware vCenter Operations Management Bash Vulnerabilities (VMSA-2014-0010) (Shellshock)NessusMisc.
critical
78857VMware Workspace Portal Multiple Bash Shell Vulnerabilities (VMSA-2014-0010) (Shellshock)NessusMisc.
critical
78828Cisco Prime Security Manager GNU Bash Environment Variable Handling Command Injection (cisco-sa-20140926-bash) (Shellshock)NessusCGI abuses
critical
78827Cisco ASA Next-Generation Firewall GNU Bash Environment Variable Handling Command Injection (cisco-sa-20140926-bash) (Shellshock)NessusCISCO
critical
78826VMware NSX Bash Environment Variable Command Injection (VMSA-2014-0010) (Shellshock)NessusMisc.
critical
78822SIP Script Remote Command Execution via ShellshockNessusGeneral
critical
78771VMware vSphere Replication Bash Environment Variable Command Injection Vulnerability (VMSA-2014-0010) (Shellshock)NessusMisc.
critical
78770Cisco UCS Director Code Injection (CSCur02877) (Shellshock)NessusCISCO
critical
78701Mail Transfer Agent and Mail Delivery Agent Remote Command Execution via ShellshockNessusSMTP problems
critical
78693Cisco NX-OS GNU Bash Environment Variable Command Injection Vulnerability (cisco-sa-20140926-bash) (Shellshock)NessusCISCO
critical
78596Cisco TelePresence Video Communication Server Bash Remote Code Execution (Shellshock)NessusCISCO
critical
78591openSUSE Security Update : bash (openSUSE-SU-2014:1310-1) (Shellshock)NessusSuSE Local Security Checks
critical
78590openSUSE Security Update : bash (openSUSE-SU-2014:1308-1) (Shellshock)NessusSuSE Local Security Checks
critical
78587Palo Alto Networks PAN-OS < 5.0.15 / 5.1.x < 5.1.10 / 6.0.x < 6.0.6 / 6.1.x < 6.1.1 Bash Shell Remote Code Execution (Shellshock)NessusPalo Alto Local Security Checks
critical
78551Mac OS X Multiple Vulnerabilities (Security Update 2014-005) (POODLE) (Shellshock)NessusMacOS X Local Security Checks
critical
78550Mac OS X < 10.10 Multiple Vulnerabilities (POODLE) (Shellshock)NessusMacOS X Local Security Checks
critical
78508VMware vCenter Server Appliance Bash Remote Code Execution (VMSA-2014-0010) (Shellshock)NessusMisc.
critical
78395Oracle third party patch update : bash_2014_10_07NessusSolaris Local Security Checks
critical
78361Amazon Linux AMI : bash (ALAS-2014-418) (Shellshock)NessusAmazon Linux Local Security Checks
critical
78197F5 Networks BIG-IP : Multiple GNU Bash vulnerabilities (SOL15629) (Shellshock)NessusF5 Networks Local Security Checks
critical
78115openSUSE Security Update : bash (openSUSE-SU-2014:1254-1) (deprecated)NessusSuSE Local Security Checks
critical
78113Solaris 9 (x86) : 149080-02NessusSolaris Local Security Checks
critical
78112Solaris 9 (sparc) : 149079-03NessusSolaris Local Security Checks
critical
78059GLSA-201409-09 : Bash: Code Injection (Shellshock)NessusGentoo Local Security Checks
critical
78039FreeBSD : rt42 -- vulnerabilities related to shellshock (81e2b308-4a6c-11e4-b711-6805ca0b3d42)NessusFreeBSD Local Security Checks
critical
78025VMSA-2014-0010 : VMware product updates address critical Bash security vulnerabilities (Shellshock)NessusVMware ESX Local Security Checks
critical
77986GNU Bash Environment Variable Handling Code Injection via ProFTPD (Shellshock)NessusFTP
critical
77971GNU Bash Local Environment Variable Handling Command Injection (Mac OS X) (Shellshock)NessusMacOS X Local Security Checks
critical
77970Qmail Remote Command Execution via ShellshockNessusSMTP problems
critical
77969Postfix Script Remote Command Execution via ShellshockNessusSMTP problems
critical
77967openSUSE Security Update : bash (openSUSE-SU-2014:1242-1) (Shellshock)NessusSuSE Local Security Checks
critical
77966openSUSE Security Update : bash (openSUSE-SU-2014:1229-1) (Shellshock)NessusSuSE Local Security Checks
critical
77958SuSE 11.3 Security Update : bash (SAT Patch Number 9780)NessusSuSE Local Security Checks
critical
77956Scientific Linux Security Update : bash on SL5.x, SL6.x i386/x86_64 (20140926) (Shellshock)NessusScientific Linux Local Security Checks
critical
77945Fedora 21 : bash-4.3.25-2.fc21 (2014-11718) (Shellshock)NessusFedora Local Security Checks
critical
77941Fedora 20 : bash-4.2.48-2.fc20 (2014-11527) (Shellshock)NessusFedora Local Security Checks
critical
77939Fedora 19 : bash-4.2.48-2.fc19 (2014-11514) (Shellshock)NessusFedora Local Security Checks
critical
77935Fedora 21 : bash-4.3.22-3.fc21 (2014-11295) (Shellshock)NessusFedora Local Security Checks
critical
77913Solaris 10 (sparc) : 126546-06NessusSolaris Local Security Checks
critical
77912Solaris 9 (x86) : 149080-01NessusSolaris Local Security Checks
critical
77911Solaris 9 (sparc) : 149079-01NessusSolaris Local Security Checks
critical
77876Fedora 19 : bash-4.2.47-2.fc19 (2014-11503)NessusFedora Local Security Checks
critical
77874Fedora 20 : bash-4.2.47-4.fc20 (2014-11360)NessusFedora Local Security Checks
critical
77865Scientific Linux Security Update : bash on SL5.x, SL6.x i386/x86_64 (20140924) (Shellshock)NessusScientific Linux Local Security Checks
critical
77854Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS : bash vulnerability (USN-2362-1) (Shellshock)NessusUbuntu Local Security Checks
critical
77850SuSE 11.3 Security Update : bash (SAT Patch Number 9740)NessusSuSE Local Security Checks
critical
77849Oracle Linux 4 : bash (ELSA-2014-1294) (Shellshock)NessusOracle Linux Local Security Checks
critical
77848Oracle Linux 5 / 6 / 7 : bash (ELSA-2014-1293) (Shellshock)NessusOracle Linux Local Security Checks
critical
77846openSUSE Security Update : bash (openSUSE-SU-2014:1226-1) (Shellshock)NessusSuSE Local Security Checks
critical
77843Mandriva Linux Security Advisory : bash (MDVSA-2014:186)NessusMandriva Local Security Checks
critical
77836FreeBSD : bash -- remote code execution vulnerability (71ad81da-4414-11e4-a33e-3c970e169bc2) (Shellshock)NessusFreeBSD Local Security Checks
critical
77835CentOS 5 / 6 / 7 : bash (CESA-2014:1293) (Shellshock)NessusCentOS Local Security Checks
critical
77832Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : bash (SSA:2014-267-01) (Shellshock)NessusSlackware Local Security Checks
critical
77828RHEL 5 / 6 / 7 : bash (RHSA-2014:1293) (Shellshock)NessusRed Hat Local Security Checks
critical
77825Debian DSA-3032-1 : bash - security updateNessusDebian Local Security Checks
critical
77829GNU Bash Environment Variable Handling Code Injection (Shellshock)NessusCGI abuses
critical
77823Bash Remote Code Execution (Shellshock)NessusGain a shell remotely
critical
62305Solaris 10 (sparc) : 126546-10 (deprecated)NessusSolaris Local Security Checks
critical
62115Solaris 10 (x86) : 126547-10 (deprecated)NessusSolaris Local Security Checks
critical