CVE-2014-7169

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271.

References

http://twitter.com/taviso/statuses/514887394294652929

http://www.openwall.com/lists/oss-security/2014/09/24/32

http://lcamtuf.blogspot.com/2014/09/quick-notes-about-bash-bug-its-impact.html

http://www.ubuntu.com/usn/USN-2363-1

http://www.us-cert.gov/ncas/alerts/TA14-268A

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash

http://www.debian.org/security/2014/dsa-3035

http://www.kb.cert.org/vuls/id/252743

http://www.ubuntu.com/usn/USN-2363-2

http://rhn.redhat.com/errata/RHSA-2014-1306.html

https://www.suse.com/support/shellshock/

http://support.novell.com/security/cve/CVE-2014-7169.html

https://kb.bluecoat.com/index?page=content&id=SA82

http://support.apple.com/kb/HT6495

http://secunia.com/advisories/61626

http://secunia.com/advisories/59737

http://secunia.com/advisories/61641

http://linux.oracle.com/errata/ELSA-2014-3075.html

http://secunia.com/advisories/61700

http://secunia.com/advisories/61618

http://linux.oracle.com/errata/ELSA-2014-1306.html

http://linux.oracle.com/errata/ELSA-2014-3077.html

http://secunia.com/advisories/61676

http://www.novell.com/support/kb/doc.php?id=7015701

http://secunia.com/advisories/61622

http://linux.oracle.com/errata/ELSA-2014-3078.html

http://secunia.com/advisories/61479

http://secunia.com/advisories/61619

http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00042.html

http://rhn.redhat.com/errata/RHSA-2014-1311.html

http://rhn.redhat.com/errata/RHSA-2014-1312.html

http://marc.info/?l=bugtraq&m=141216207813411&w=2

http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00041.html

http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00038.html

http://marc.info/?l=bugtraq&m=141216668515282&w=2

http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00044.html

http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00048.html

http://secunia.com/advisories/61485

http://secunia.com/advisories/59907

http://secunia.com/advisories/61654

http://www-01.ibm.com/support/docview.wss?uid=swg21685749

http://packetstormsecurity.com/files/128567/CA-Technologies-GNU-Bash-Shellshock.html

http://marc.info/?l=bugtraq&m=141235957116749&w=2

http://secunia.com/advisories/61565

http://secunia.com/advisories/61643

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10648

http://secunia.com/advisories/61633

http://secunia.com/advisories/61552

http://marc.info/?l=bugtraq&m=141319209015420&w=2

http://secunia.com/advisories/61283

http://secunia.com/advisories/61603

http://www-01.ibm.com/support/docview.wss?uid=isg3T1021272

http://www.vmware.com/security/advisories/VMSA-2014-0010.html

http://www.novell.com/support/kb/doc.php?id=7015721

http://secunia.com/advisories/61503

http://secunia.com/advisories/61711

http://secunia.com/advisories/61715

http://www-01.ibm.com/support/docview.wss?uid=swg21685914

http://secunia.com/advisories/61703

http://seclists.org/fulldisclosure/2014/Oct/0

http://packetstormsecurity.com/files/128517/VMware-Security-Advisory-2014-0010.html

http://www.oracle.com/technetwork/topics/security/bashcve-2014-7169-2317675.html

http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00004.html

http://secunia.com/advisories/60947

http://www-01.ibm.com/support/docview.wss?uid=swg21686084

https://support.apple.com/kb/HT6535

http://secunia.com/advisories/61188

http://marc.info/?l=bugtraq&m=141345648114150&w=2

http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html

http://marc.info/?l=bugtraq&m=141330425327438&w=2

http://marc.info/?l=bugtraq&m=141330468527613&w=2

http://secunia.com/advisories/60034

http://secunia.com/advisories/61816

http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004898

http://www-01.ibm.com/support/docview.wss?uid=swg21685733

http://secunia.com/advisories/61442

https://support.citrix.com/article/CTX200223

http://secunia.com/advisories/60055

http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004897

http://secunia.com/advisories/61780

http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004915

http://secunia.com/advisories/60193

http://www-01.ibm.com/support/docview.wss?uid=swg21685604

http://secunia.com/advisories/61855

http://secunia.com/advisories/60325

http://www-01.ibm.com/support/docview.wss?uid=swg21686131

http://secunia.com/advisories/61312

https://support.citrix.com/article/CTX200217

http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004879

http://secunia.com/advisories/61128

http://secunia.com/advisories/61313

http://secunia.com/advisories/61287

http://www-01.ibm.com/support/docview.wss?uid=isg3T1021279

http://secunia.com/advisories/61129

http://www-01.ibm.com/support/docview.wss?uid=swg21686479

http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096315

http://www-01.ibm.com/support/docview.wss?uid=swg21685541

https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15629.html

http://secunia.com/advisories/61471

http://secunia.com/advisories/61328

http://secunia.com/advisories/58200

http://secunia.com/advisories/61857

http://secunia.com/advisories/61065

http://secunia.com/advisories/61550

http://www-01.ibm.com/support/docview.wss?uid=swg21686494

http://secunia.com/advisories/60044

http://www-01.ibm.com/support/docview.wss?uid=swg21686445

http://www-01.ibm.com/support/docview.wss?uid=swg21687079

http://www-01.ibm.com/support/docview.wss?uid=isg3T1021361

http://secunia.com/advisories/60024

http://secunia.com/advisories/60063

http://secunia.com/advisories/61291

http://www-01.ibm.com/support/docview.wss?uid=swg21686246

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk102673&src=securityAlerts

http://secunia.com/advisories/60433

http://marc.info/?l=bugtraq&m=141383244821813&w=2

http://lists.opensuse.org/opensuse-updates/2014-10/msg00025.html

http://jvn.jp/en/jp/JVN55667175/index.html

http://marc.info/?l=bugtraq&m=141383138121313&w=2

http://www.qnap.com/i/en/support/con_show.php?cid=61

http://marc.info/?l=bugtraq&m=141383026420882&w=2

http://lists.opensuse.org/opensuse-updates/2014-10/msg00023.html

http://marc.info/?l=bugtraq&m=141383196021590&w=2

http://marc.info/?l=bugtraq&m=141383353622268&w=2

http://marc.info/?l=bugtraq&m=141383304022067&w=2

http://marc.info/?l=bugtraq&m=141450491804793&w=2

http://marc.info/?l=bugtraq&m=141383081521087&w=2

http://jvndb.jvn.jp/jvndb/JVNDB-2014-000126

http://www-01.ibm.com/support/docview.wss?uid=swg21686447

http://rhn.redhat.com/errata/RHSA-2014-1354.html

http://marc.info/?l=bugtraq&m=141383465822787&w=2

http://secunia.com/advisories/61873

http://marc.info/?l=bugtraq&m=141577241923505&w=2

http://marc.info/?l=bugtraq&m=141576728022234&w=2

http://marc.info/?l=bugtraq&m=141577297623641&w=2

http://marc.info/?l=bugtraq&m=141577137423233&w=2

http://marc.info/?l=bugtraq&m=141585637922673&w=2

http://marc.info/?l=bugtraq&m=141694386919794&w=2

http://secunia.com/advisories/62343

http://secunia.com/advisories/62312

http://marc.info/?l=bugtraq&m=142358026505815&w=2

http://marc.info/?l=bugtraq&m=142358078406056&w=2

http://marc.info/?l=bugtraq&m=142113462216480&w=2

http://marc.info/?l=bugtraq&m=141879528318582&w=2

http://marc.info/?l=bugtraq&m=142118135300698&w=2

http://marc.info/?l=bugtraq&m=142721162228379&w=2

http://marc.info/?l=bugtraq&m=142805027510172&w=2

http://advisories.mageia.org/MGASA-2014-0393.html

http://www.mandriva.com/security/advisories?name=MDVSA-2015:164

https://access.redhat.com/articles/1200223

https://kc.mcafee.com/corporate/index?page=content&id=SB10085

http://secunia.com/advisories/62228

https://access.redhat.com/node/1200223

http://secunia.com/advisories/59272

https://www.exploit-db.com/exploits/34879/

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04518183

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04497075

http://www.securityfocus.com/archive/1/533593/100/0/threaded

https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes

https://www.arista.com/en/support/advisories-notices/security-advisories/1008-security-advisory-0006

Details

Source: MITRE

Published: 2014-09-25

Updated: 2021-11-17

Type: CWE-78

Risk Information

CVSS v2

Base Score: 10

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 10

Severity: HIGH

Tenable Plugins

View all (82 total)

IDNameProductFamilySeverity
154582NewStart CGSL MAIN 6.02 : bash Multiple Vulnerabilities (NS-SA-2021-0118)NessusNewStart CGSL Local Security Checks
critical
124921EulerOS Virtualization 3.0.1.0 : bash (EulerOS-SA-2019-1418)NessusHuawei Local Security Checks
critical
104997Check Point Gaia Operating Bash Code Injection (sk102673)(SHELLSHOCK)NessusFirewalls
high
99077OracleVM 3.3 / 3.4 : bash (OVMSA-2017-0050)NessusOracleVM Local Security Checks
high
88514Oracle Solaris Third-Party Patch Update : bash (multiple_vulnerabilities_in_bash1) (Shellshock)NessusSolaris Local Security Checks
critical
87680VMware ESX Multiple Bash Vulnerabilities (VMSA-2014-0010) (Shellshock)NessusMisc.
critical
85630IBM Storwize V7000 Unified 1.3.x < 1.4.3.5 / 1.5.x < 1.5.0.4 Multiple Vulnerabilities (Shellshock)NessusMisc.
critical
82417Mandriva Linux Security Advisory : bash (MDVSA-2015:164)NessusMandriva Local Security Checks
critical
82208Debian DLA-63-1 : bash security updateNessusDebian Local Security Checks
critical
80590Oracle Solaris Third-Party Patch Update : bash (multiple_vulnerabilities_in_bash) (Shellshock)NessusSolaris Local Security Checks
critical
80196Juniper Junos Space GNU Bash Command Injection Vulnerability (JSA10648) (Shellshock)NessusJunos Local Security Checks
critical
79804CUPS Remote Command Execution via ShellshockNessusMisc.
critical
79584Cisco TelePresence Conductor Bash Remote Code Execution (Shellshock)NessusCISCO
critical
79234McAfee Next Generation Firewall GNU Bash Code Injection (SB10085) (Shellshock)NessusMisc.
critical
79215McAfee Web Gateway GNU Bash Code Injection (SB10085) (Shellshock)NessusMisc.
critical
79147VMware vCenter Converter 5.1.x < 5.1.2 / 5.5.x < 5.5.3 Multiple Vulnerabilities (VMSA-2014-0010) (Shellshock)NessusWindows
critical
79124CUCM IM and Presence Service GNU Bash Environment Variable Handling Command Injection (CSCur05454) (Shellshock)NessusCISCO
critical
79123McAfee Email Gateway GNU Bash Code Injection (SB10085) (Shellshock)NessusMisc.
critical
79053RHEL 6 : rhev-hypervisor6 (RHSA-2014:1354) (Shellshock)NessusRed Hat Local Security Checks
critical
79052RHEL 4 / 5 / 6 : bash (RHSA-2014:1311)NessusRed Hat Local Security Checks
critical
78889VMware vCenter Operations Management Bash Vulnerabilities (VMSA-2014-0010) (Shellshock)NessusMisc.
critical
78857VMware Workspace Portal Multiple Bash Shell Vulnerabilities (VMSA-2014-0010) (Shellshock)NessusMisc.
critical
78828Cisco Prime Security Manager GNU Bash Environment Variable Handling Command Injection (cisco-sa-20140926-bash) (Shellshock)NessusCGI abuses
critical
78827Cisco ASA Next-Generation Firewall GNU Bash Environment Variable Handling Command Injection (cisco-sa-20140926-bash) (Shellshock)NessusCISCO
critical
78826VMware NSX Bash Environment Variable Command Injection (VMSA-2014-0010) (Shellshock)NessusMisc.
critical
78771VMware vSphere Replication Bash Environment Variable Command Injection Vulnerability (VMSA-2014-0010) (Shellshock)NessusMisc.
critical
78770Cisco UCS Director Code Injection (CSCur02877) (Shellshock)NessusCISCO
critical
78701Mail Transfer Agent and Mail Delivery Agent Remote Command Execution via ShellshockNessusSMTP problems
critical
78693Cisco NX-OS GNU Bash Environment Variable Command Injection Vulnerability (cisco-sa-20140926-bash) (Shellshock)NessusCISCO
critical
78596Cisco TelePresence Video Communication Server Bash Remote Code Execution (Shellshock)NessusCISCO
critical
78591openSUSE Security Update : bash (openSUSE-SU-2014:1310-1) (Shellshock)NessusSuSE Local Security Checks
critical
78590openSUSE Security Update : bash (openSUSE-SU-2014:1308-1) (Shellshock)NessusSuSE Local Security Checks
critical
78587Palo Alto Networks PAN-OS < 5.0.15 / 5.1.x < 5.1.10 / 6.0.x < 6.0.6 / 6.1.x < 6.1.1 Bash Shell Remote Code Execution (Shellshock)NessusPalo Alto Local Security Checks
critical
78551Mac OS X Multiple Vulnerabilities (Security Update 2014-005) (POODLE) (Shellshock)NessusMacOS X Local Security Checks
critical
78550Mac OS X < 10.10 Multiple Vulnerabilities (POODLE) (Shellshock)NessusMacOS X Local Security Checks
critical
78508VMware vCenter Server Appliance Bash Remote Code Execution (VMSA-2014-0010) (Shellshock)NessusMisc.
critical
78395Oracle third party patch update : bash_2014_10_07NessusSolaris Local Security Checks
critical
78385Bash Incomplete Fix Remote Code Execution Vulnerability (Shellshock)NessusGain a shell remotely
critical
78362Amazon Linux AMI : bash (ALAS-2014-419)NessusAmazon Linux Local Security Checks
critical
78239OracleVM 2.2 : bash (OVMSA-2014-0024)NessusOracleVM Local Security Checks
critical
78238OracleVM 3.2 : bash (OVMSA-2014-0022)NessusOracleVM Local Security Checks
critical
78237OracleVM 3.3 : bash (OVMSA-2014-0021)NessusOracleVM Local Security Checks
critical
78197F5 Networks BIG-IP : Multiple GNU Bash vulnerabilities (SOL15629) (Shellshock)NessusF5 Networks Local Security Checks
critical
78115openSUSE Security Update : bash (openSUSE-SU-2014:1254-1) (deprecated)NessusSuSE Local Security Checks
critical
78113Solaris 9 (x86) : 149080-02NessusSolaris Local Security Checks
critical
78112Solaris 9 (sparc) : 149079-03NessusSolaris Local Security Checks
critical
78058Fedora 20 : bash-4.2.51-2.fc20 (2014-12202)NessusFedora Local Security Checks
critical
78039FreeBSD : rt42 -- vulnerabilities related to shellshock (81e2b308-4a6c-11e4-b711-6805ca0b3d42)NessusFreeBSD Local Security Checks
critical
78025VMSA-2014-0010 : VMware product updates address critical Bash security vulnerabilities (Shellshock)NessusVMware ESX Local Security Checks
critical
77986GNU Bash Environment Variable Handling Code Injection via ProFTPD (Shellshock)NessusFTP
high
77971GNU Bash Local Environment Variable Handling Command Injection (Mac OS X) (Shellshock)NessusMacOS X Local Security Checks
critical
77970Qmail Remote Command Execution via ShellshockNessusSMTP problems
critical
77969Postfix Script Remote Command Execution via ShellshockNessusSMTP problems
critical
77967openSUSE Security Update : bash (openSUSE-SU-2014:1242-1) (Shellshock)NessusSuSE Local Security Checks
critical
77966openSUSE Security Update : bash (openSUSE-SU-2014:1229-1) (Shellshock)NessusSuSE Local Security Checks
critical
77958SuSE 11.3 Security Update : bash (SAT Patch Number 9780)NessusSuSE Local Security Checks
critical
77956Scientific Linux Security Update : bash on SL5.x, SL6.x i386/x86_64 (20140926) (Shellshock)NessusScientific Linux Local Security Checks
critical
77953Oracle Linux 4 : bash (ELSA-2014-3079)NessusOracle Linux Local Security Checks
critical
77951Oracle Linux 5 / 6 / 7 : bash (ELSA-2014-1306)NessusOracle Linux Local Security Checks
critical
77950Mandriva Linux Security Advisory : bash (MDVSA-2014:190)NessusMandriva Local Security Checks
critical
77945Fedora 21 : bash-4.3.25-2.fc21 (2014-11718) (Shellshock)NessusFedora Local Security Checks
critical
77941Fedora 20 : bash-4.2.48-2.fc20 (2014-11527) (Shellshock)NessusFedora Local Security Checks
critical
77939Fedora 19 : bash-4.2.48-2.fc19 (2014-11514) (Shellshock)NessusFedora Local Security Checks
critical
77913Solaris 10 (sparc) : 126546-06NessusSolaris Local Security Checks
critical
77912Solaris 9 (x86) : 149080-01NessusSolaris Local Security Checks
critical
77911Solaris 9 (sparc) : 149079-01NessusSolaris Local Security Checks
critical
77898Ubuntu 14.04 LTS : bash vulnerability (USN-2363-2)NessusUbuntu Local Security Checks
critical
77897Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS : bash vulnerability (USN-2363-1)NessusUbuntu Local Security Checks
critical
77895RHEL 5 / 6 / 7 : bash (RHSA-2014:1306)NessusRed Hat Local Security Checks
critical
77894Oracle Linux 4 : bash (ELSA-2014-3078)NessusOracle Linux Local Security Checks
critical
77893Oracle Linux 5 : bash (ELSA-2014-3077)NessusOracle Linux Local Security Checks
critical
77892Oracle Linux 7 : bash (ELSA-2014-3076)NessusOracle Linux Local Security Checks
critical
77891Oracle Linux 6 : bash (ELSA-2014-3075)NessusOracle Linux Local Security Checks
critical
77886GLSA-201409-10 : Bash: Code Injection (Updated fix for GLSA 201409-09)NessusGentoo Local Security Checks
critical
77882Debian DSA-3035-1 : bash - security updateNessusDebian Local Security Checks
critical
77879CentOS 5 / 6 / 7 : bash (CESA-2014:1306)NessusCentOS Local Security Checks
critical
77878Slackware 13.0 : bash (rebuild for Slackware 13.0 only) (SSA:2014-268-02)NessusSlackware Local Security Checks
critical
77877Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : bash (SSA:2014-268-01)NessusSlackware Local Security Checks
critical
77857GNU Bash Local Environment Variable Handling Command Injection via Telnet (CVE-2014-7169) (Shellshock)NessusGain a shell remotely
critical
77836FreeBSD : bash -- remote code execution vulnerability (71ad81da-4414-11e4-a33e-3c970e169bc2) (Shellshock)NessusFreeBSD Local Security Checks
critical
62305Solaris 10 (sparc) : 126546-10 (deprecated)NessusSolaris Local Security Checks
low
62115Solaris 10 (x86) : 126547-10 (deprecated)NessusSolaris Local Security Checks
low