CVE-2014-6278

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary commands via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271, CVE-2014-7169, and CVE-2014-6277.

References

https://security-tracker.debian.org/tracker/CVE-2014-6278

http://lcamtuf.blogspot.com/2014/09/bash-bug-apply-unofficial-patch-now.html

https://bugzilla.redhat.com/show_bug.cgi?id=1147414

https://www.suse.com/support/shellshock/

http://support.novell.com/security/cve/CVE-2014-6278.html

http://secunia.com/advisories/61641

http://lcamtuf.blogspot.com/2014/10/bash-bug-how-we-finally-cracked.html

https://kb.bluecoat.com/index?page=content&id=SA82

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash

http://secunia.com/advisories/61485

http://secunia.com/advisories/59907

http://www.ubuntu.com/usn/USN-2380-1

http://secunia.com/advisories/61654

http://www-01.ibm.com/support/docview.wss?uid=swg21685749

http://packetstormsecurity.com/files/128567/CA-Technologies-GNU-Bash-Shellshock.html

http://secunia.com/advisories/61565

http://www.novell.com/support/kb/doc.php?id=7015721

http://secunia.com/advisories/61643

http://www.vmware.com/security/advisories/VMSA-2014-0010.html

http://secunia.com/advisories/61503

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10648

http://www.oracle.com/technetwork/topics/security/bashcve-2014-7169-2317675.html

http://secunia.com/advisories/61633

http://secunia.com/advisories/61552

http://www-01.ibm.com/support/docview.wss?uid=swg21685914

http://secunia.com/advisories/61703

http://secunia.com/advisories/61283

http://www-01.ibm.com/support/docview.wss?uid=isg3T1021272

http://secunia.com/advisories/61603

http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00004.html

http://marc.info/?l=bugtraq&m=141330468527613&w=2

http://marc.info/?l=bugtraq&m=141345648114150&w=2

https://support.citrix.com/article/CTX200217

http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004879

http://secunia.com/advisories/60034

http://secunia.com/advisories/61816

http://secunia.com/advisories/61128

http://secunia.com/advisories/61313

http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004898

http://www-01.ibm.com/support/docview.wss?uid=swg21685733

http://secunia.com/advisories/61442

http://secunia.com/advisories/61287

https://support.citrix.com/article/CTX200223

http://www-01.ibm.com/support/docview.wss?uid=isg3T1021279

http://secunia.com/advisories/60055

http://secunia.com/advisories/61129

http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004897

http://secunia.com/advisories/61780

http://www-01.ibm.com/support/docview.wss?uid=swg21686479

http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096315

http://www-01.ibm.com/support/docview.wss?uid=swg21685541

https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15629.html

http://secunia.com/advisories/61471

http://secunia.com/advisories/58200

http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004915

http://secunia.com/advisories/61328

http://secunia.com/advisories/61857

http://secunia.com/advisories/60193

http://www-01.ibm.com/support/docview.wss?uid=swg21685604

http://secunia.com/advisories/61065

http://secunia.com/advisories/61550

http://secunia.com/advisories/60325

http://www-01.ibm.com/support/docview.wss?uid=swg21686131

http://secunia.com/advisories/61312

http://www-01.ibm.com/support/docview.wss?uid=swg21686494

http://secunia.com/advisories/60063

http://secunia.com/advisories/61291

http://secunia.com/advisories/60044

http://www-01.ibm.com/support/docview.wss?uid=swg21686246

http://www-01.ibm.com/support/docview.wss?uid=swg21686445

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk102673&src=securityAlerts

http://www-01.ibm.com/support/docview.wss?uid=swg21687079

http://www-01.ibm.com/support/docview.wss?uid=isg3T1021361

http://secunia.com/advisories/60433

http://secunia.com/advisories/60024

http://marc.info/?l=bugtraq&m=141383353622268&w=2

http://marc.info/?l=bugtraq&m=141383304022067&w=2

http://marc.info/?l=bugtraq&m=141383244821813&w=2

http://lists.opensuse.org/opensuse-updates/2014-10/msg00025.html

http://marc.info/?l=bugtraq&m=141450491804793&w=2

http://jvn.jp/en/jp/JVN55667175/index.html

http://marc.info/?l=bugtraq&m=141383081521087&w=2

http://www.qnap.com/i/en/support/con_show.php?cid=61

http://marc.info/?l=bugtraq&m=141383026420882&w=2

http://jvndb.jvn.jp/jvndb/JVNDB-2014-000126

http://marc.info/?l=bugtraq&m=141383196021590&w=2

http://marc.info/?l=bugtraq&m=141383465822787&w=2

http://marc.info/?l=bugtraq&m=141577137423233&w=2

http://marc.info/?l=bugtraq&m=141577241923505&w=2

http://marc.info/?l=bugtraq&m=141576728022234&w=2

http://marc.info/?l=bugtraq&m=141577297623641&w=2

http://marc.info/?l=bugtraq&m=141585637922673&w=2

http://secunia.com/advisories/62312

http://secunia.com/advisories/59961

http://secunia.com/advisories/62343

http://linux.oracle.com/errata/ELSA-2014-3093

http://linux.oracle.com/errata/ELSA-2014-3094

http://marc.info/?l=bugtraq&m=142358026505815&w=2

http://marc.info/?l=bugtraq&m=142358078406056&w=2

http://marc.info/?l=bugtraq&m=141879528318582&w=2

http://marc.info/?l=bugtraq&m=142118135300698&w=2

http://marc.info/?l=bugtraq&m=142721162228379&w=2

http://www.mandriva.com/security/advisories?name=MDVSA-2015:164

http://packetstormsecurity.com/files/137344/Sun-Secure-Global-Desktop-Oracle-Global-Desktop-Shellshock.html

https://www.exploit-db.com/exploits/39887/

https://kc.mcafee.com/corporate/index?page=content&id=SB10085

https://www.exploit-db.com/exploits/39568/

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04518183

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04497075

https://www.arista.com/en/support/advisories-notices/security-advisories/1008-security-advisory-0006

Details

Source: MITRE

Published: 2014-09-30

Updated: 2021-11-17

Type: CWE-78

Risk Information

CVSS v2

Base Score: 10

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 10

Severity: HIGH

Tenable Plugins

View all (37 total)

IDNameProductFamilySeverity
112578GNU Bash Environment Variable Handling Code Injection (Shellshock)Web Application ScanningComponent Vulnerability
critical
95529openSUSE Security Update : bash (openSUSE-2016-1374) (Shellshock)NessusSuSE Local Security Checks
high
95282SUSE SLED12 / SLES12 Security Update : bash (SUSE-SU-2016:2872-1) (Shellshock)NessusSuSE Local Security Checks
high
88514Oracle Solaris Third-Party Patch Update : bash (multiple_vulnerabilities_in_bash1) (Shellshock)NessusSolaris Local Security Checks
critical
87680VMware ESX Multiple Bash Vulnerabilities (VMSA-2014-0010) (Shellshock)NessusMisc.
critical
85630IBM Storwize V7000 Unified 1.3.x < 1.4.3.5 / 1.5.x < 1.5.0.4 Multiple Vulnerabilities (Shellshock)NessusMisc.
critical
82581GNU Bash Incomplete Fix Remote Code Injection (Shellshock)NessusCGI abuses
critical
82417Mandriva Linux Security Advisory : bash (MDVSA-2015:164)NessusMandriva Local Security Checks
critical
80590Oracle Solaris Third-Party Patch Update : bash (multiple_vulnerabilities_in_bash) (Shellshock)NessusSolaris Local Security Checks
critical
80196Juniper Junos Space GNU Bash Command Injection Vulnerability (JSA10648) (Shellshock)NessusJunos Local Security Checks
critical
79584Cisco TelePresence Conductor Bash Remote Code Execution (Shellshock)NessusCISCO
critical
79376Oracle Linux 5 : bash (ELSA-2014-3094) (Shellshock)NessusOracle Linux Local Security Checks
critical
79375Oracle Linux 6 : bash (ELSA-2014-3093) (Shellshock)NessusOracle Linux Local Security Checks
critical
79374Oracle Linux 7 : bash (ELSA-2014-3092) (Shellshock)NessusOracle Linux Local Security Checks
critical
79234McAfee Next Generation Firewall GNU Bash Code Injection (SB10085) (Shellshock)NessusMisc.
critical
79215McAfee Web Gateway GNU Bash Code Injection (SB10085) (Shellshock)NessusMisc.
critical
79147VMware vCenter Converter 5.1.x < 5.1.2 / 5.5.x < 5.5.3 Multiple Vulnerabilities (VMSA-2014-0010) (Shellshock)NessusWindows
critical
79124CUCM IM and Presence Service GNU Bash Environment Variable Handling Command Injection (CSCur05454) (Shellshock)NessusCISCO
critical
79123McAfee Email Gateway GNU Bash Code Injection (SB10085) (Shellshock)NessusMisc.
critical
78889VMware vCenter Operations Management Bash Vulnerabilities (VMSA-2014-0010) (Shellshock)NessusMisc.
critical
78857VMware Workspace Portal Multiple Bash Shell Vulnerabilities (VMSA-2014-0010) (Shellshock)NessusMisc.
critical
78828Cisco Prime Security Manager GNU Bash Environment Variable Handling Command Injection (cisco-sa-20140926-bash) (Shellshock)NessusCGI abuses
critical
78827Cisco ASA Next-Generation Firewall GNU Bash Environment Variable Handling Command Injection (cisco-sa-20140926-bash) (Shellshock)NessusCISCO
critical
78826VMware NSX Bash Environment Variable Command Injection (VMSA-2014-0010) (Shellshock)NessusMisc.
critical
78771VMware vSphere Replication Bash Environment Variable Command Injection Vulnerability (VMSA-2014-0010) (Shellshock)NessusMisc.
critical
78770Cisco UCS Director Code Injection (CSCur02877) (Shellshock)NessusCISCO
critical
78693Cisco NX-OS GNU Bash Environment Variable Command Injection Vulnerability (cisco-sa-20140926-bash) (Shellshock)NessusCISCO
critical
78596Cisco TelePresence Video Communication Server Bash Remote Code Execution (Shellshock)NessusCISCO
critical
78591openSUSE Security Update : bash (openSUSE-SU-2014:1310-1) (Shellshock)NessusSuSE Local Security Checks
critical
78508VMware vCenter Server Appliance Bash Remote Code Execution (VMSA-2014-0010) (Shellshock)NessusMisc.
critical
78395Oracle third party patch update : bash_2014_10_07NessusSolaris Local Security Checks
critical
78260Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS : bash vulnerabilities (USN-2380-1) (Shellshock)NessusUbuntu Local Security Checks
critical
78197F5 Networks BIG-IP : Multiple GNU Bash vulnerabilities (SOL15629) (Shellshock)NessusF5 Networks Local Security Checks
critical
78067Bash Remote Code Execution (CVE-2014-6277 / CVE-2014-6278) (Shellshock)NessusGain a shell remotely
critical
78060GLSA-201410-01 : Bash: Multiple vulnerabilities (Shellshock)NessusGentoo Local Security Checks
critical
78025VMSA-2014-0010 : VMware product updates address critical Bash security vulnerabilities (Shellshock)NessusVMware ESX Local Security Checks
critical
78016FreeBSD : bash -- remote code execution (512d1301-49b9-11e4-ae2c-c80aa9043978) (Shellshock)NessusFreeBSD Local Security Checks
critical