CVE-2014-7186

HIGH
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The redirection implementation in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted use of here documents, aka the "redir_stack" issue.

References

http://jvn.jp/en/jp/JVN55667175/index.html

http://jvndb.jvn.jp/jvndb/JVNDB-2014-000126

http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html

http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html

http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00038.html

http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00041.html

http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00042.html

http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00044.html

http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00048.html

http://marc.info/?l=bugtraq&m=141330468527613&w=2

http://marc.info/?l=bugtraq&m=141345648114150&w=2

http://marc.info/?l=bugtraq&m=141383026420882&w=2

http://marc.info/?l=bugtraq&m=141383081521087&w=2

http://marc.info/?l=bugtraq&m=141383138121313&w=2

http://marc.info/?l=bugtraq&m=141383196021590&w=2

http://marc.info/?l=bugtraq&m=141383244821813&w=2

http://marc.info/?l=bugtraq&m=141383304022067&w=2

http://marc.info/?l=bugtraq&m=141450491804793&w=2

http://marc.info/?l=bugtraq&m=141576728022234&w=2

http://marc.info/?l=bugtraq&m=141577137423233&w=2

http://marc.info/?l=bugtraq&m=141577241923505&w=2

http://marc.info/?l=bugtraq&m=141577297623641&w=2

http://marc.info/?l=bugtraq&m=141585637922673&w=2

http://marc.info/?l=bugtraq&m=141694386919794&w=2

http://marc.info/?l=bugtraq&m=141879528318582&w=2

http://marc.info/?l=bugtraq&m=142113462216480&w=2

http://marc.info/?l=bugtraq&m=142118135300698&w=2

http://marc.info/?l=bugtraq&m=142289270617409&w=2

http://marc.info/?l=bugtraq&m=142358026505815&w=2

http://marc.info/?l=bugtraq&m=142358078406056&w=2

http://marc.info/?l=bugtraq&m=142721162228379&w=2

http://openwall.com/lists/oss-security/2014/09/25/32

http://openwall.com/lists/oss-security/2014/09/26/2

http://openwall.com/lists/oss-security/2014/09/28/10

http://packetstormsecurity.com/files/128517/VMware-Security-Advisory-2014-0010.html

http://packetstormsecurity.com/files/128567/CA-Technologies-GNU-Bash-Shellshock.html

http://rhn.redhat.com/errata/RHSA-2014-1311.html

http://rhn.redhat.com/errata/RHSA-2014-1312.html

http://rhn.redhat.com/errata/RHSA-2014-1354.html

http://seclists.org/fulldisclosure/2014/Oct/0

http://secunia.com/advisories/58200

http://secunia.com/advisories/59907

http://secunia.com/advisories/60024

http://secunia.com/advisories/60034

http://secunia.com/advisories/60044

http://secunia.com/advisories/60055

http://secunia.com/advisories/60063

http://secunia.com/advisories/60193

http://secunia.com/advisories/60433

http://secunia.com/advisories/61065

http://secunia.com/advisories/61128

http://secunia.com/advisories/61129

http://secunia.com/advisories/61188

http://secunia.com/advisories/61283

http://secunia.com/advisories/61287

http://secunia.com/advisories/61291

http://secunia.com/advisories/61312

http://secunia.com/advisories/61313

http://secunia.com/advisories/61328

http://secunia.com/advisories/61442

http://secunia.com/advisories/61471

http://secunia.com/advisories/61479

http://secunia.com/advisories/61485

http://secunia.com/advisories/61503

http://secunia.com/advisories/61550

http://secunia.com/advisories/61552

http://secunia.com/advisories/61565

http://secunia.com/advisories/61603

http://secunia.com/advisories/61618

http://secunia.com/advisories/61622

http://secunia.com/advisories/61633

http://secunia.com/advisories/61636

http://secunia.com/advisories/61641

http://secunia.com/advisories/61643

http://secunia.com/advisories/61654

http://secunia.com/advisories/61703

http://secunia.com/advisories/61711

http://secunia.com/advisories/61780

http://secunia.com/advisories/61816

http://secunia.com/advisories/61873

http://secunia.com/advisories/62228

http://secunia.com/advisories/62312

http://secunia.com/advisories/62343

http://support.apple.com/HT204244

http://support.novell.com/security/cve/CVE-2014-7186.html

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash

http://www.mandriva.com/security/advisories?name=MDVSA-2015:164

http://www.novell.com/support/kb/doc.php?id=7015721

http://www.oracle.com/technetwork/topics/security/bashcve-2014-7169-2317675.html

http://www.qnap.com/i/en/support/con_show.php?cid=61

http://www.securityfocus.com/archive/1/533593/100/0/threaded

http://www.ubuntu.com/usn/USN-2364-1

http://www.vmware.com/security/advisories/VMSA-2014-0010.html

http://www-01.ibm.com/support/docview.wss?uid=isg3T1021272

http://www-01.ibm.com/support/docview.wss?uid=isg3T1021279

http://www-01.ibm.com/support/docview.wss?uid=isg3T1021361

http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004879

http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004897

http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004898

http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004915

http://www-01.ibm.com/support/docview.wss?uid=swg21685541

http://www-01.ibm.com/support/docview.wss?uid=swg21685604

http://www-01.ibm.com/support/docview.wss?uid=swg21685733

http://www-01.ibm.com/support/docview.wss?uid=swg21685749

http://www-01.ibm.com/support/docview.wss?uid=swg21685914

http://www-01.ibm.com/support/docview.wss?uid=swg21686084

http://www-01.ibm.com/support/docview.wss?uid=swg21686131

http://www-01.ibm.com/support/docview.wss?uid=swg21686246

http://www-01.ibm.com/support/docview.wss?uid=swg21686445

http://www-01.ibm.com/support/docview.wss?uid=swg21686447

http://www-01.ibm.com/support/docview.wss?uid=swg21686479

http://www-01.ibm.com/support/docview.wss?uid=swg21686494

http://www-01.ibm.com/support/docview.wss?uid=swg21687079

http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096315

https://kb.bluecoat.com/index?page=content&id=SA82

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10648

https://kc.mcafee.com/corporate/index?page=content&id=SB10085

https://support.apple.com/HT205267

https://support.citrix.com/article/CTX200217

https://support.citrix.com/article/CTX200223

https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15629.html

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04497075

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04518183

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk102673&src=securityAlerts

https://www.suse.com/support/shellshock/

Details

Source: MITRE

Published: 2014-09-28

Updated: 2018-10-09

Type: CWE-119

Risk Information

CVSS v2

Base Score: 10

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 10

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:gnu:bash:1.14.0:*:*:*:*:*:*:*

cpe:2.3:a:gnu:bash:1.14.1:*:*:*:*:*:*:*

cpe:2.3:a:gnu:bash:1.14.2:*:*:*:*:*:*:*

cpe:2.3:a:gnu:bash:1.14.3:*:*:*:*:*:*:*

cpe:2.3:a:gnu:bash:1.14.4:*:*:*:*:*:*:*

cpe:2.3:a:gnu:bash:1.14.5:*:*:*:*:*:*:*

cpe:2.3:a:gnu:bash:1.14.6:*:*:*:*:*:*:*

cpe:2.3:a:gnu:bash:1.14.7:*:*:*:*:*:*:*

cpe:2.3:a:gnu:bash:2.0:*:*:*:*:*:*:*

cpe:2.3:a:gnu:bash:2.01:*:*:*:*:*:*:*

cpe:2.3:a:gnu:bash:2.01.1:*:*:*:*:*:*:*

cpe:2.3:a:gnu:bash:2.02:*:*:*:*:*:*:*

cpe:2.3:a:gnu:bash:2.02.1:*:*:*:*:*:*:*

cpe:2.3:a:gnu:bash:2.03:*:*:*:*:*:*:*

cpe:2.3:a:gnu:bash:2.04:*:*:*:*:*:*:*

cpe:2.3:a:gnu:bash:2.05:*:*:*:*:*:*:*

cpe:2.3:a:gnu:bash:2.05:a:*:*:*:*:*:*

cpe:2.3:a:gnu:bash:2.05:b:*:*:*:*:*:*

cpe:2.3:a:gnu:bash:3.0:*:*:*:*:*:*:*

cpe:2.3:a:gnu:bash:3.0.16:*:*:*:*:*:*:*

cpe:2.3:a:gnu:bash:3.1:*:*:*:*:*:*:*

cpe:2.3:a:gnu:bash:3.2:*:*:*:*:*:*:*

cpe:2.3:a:gnu:bash:3.2.48:*:*:*:*:*:*:*

cpe:2.3:a:gnu:bash:4.0:*:*:*:*:*:*:*

cpe:2.3:a:gnu:bash:4.0:rc1:*:*:*:*:*:*

cpe:2.3:a:gnu:bash:4.1:*:*:*:*:*:*:*

cpe:2.3:a:gnu:bash:4.2:*:*:*:*:*:*:*

cpe:2.3:a:gnu:bash:4.3:*:*:*:*:*:*:*

Tenable Plugins

View all (43 total)

IDNameProductFamilySeverity
124921EulerOS Virtualization 3.0.1.0 : bash (EulerOS-SA-2019-1418)NessusHuawei Local Security Checks
critical
88514Oracle Solaris Third-Party Patch Update : bash (multiple_vulnerabilities_in_bash1) (Shellshock)NessusSolaris Local Security Checks
critical
87680VMware ESX Multiple Bash Vulnerabilities (VMSA-2014-0010) (Shellshock)NessusMisc.
critical
8982Mac OS X < 10.11 Multiple VulnerabilitiesNessus Network MonitorOperating System Detection
critical
86270Mac OS X < 10.11 Multiple Vulnerabilities (GHOST)NessusMacOS X Local Security Checks
critical
85630IBM Storwize V7000 Unified 1.3.x < 1.4.3.5 / 1.5.x < 1.5.0.4 Multiple Vulnerabilities (Shellshock)NessusMisc.
critical
82417Mandriva Linux Security Advisory : bash (MDVSA-2015:164)NessusMandriva Local Security Checks
critical
81087Mac OS X 10.10.x < 10.10.2 Multiple Vulnerabilities (POODLE)NessusMacOS X Local Security Checks
critical
80590Oracle Solaris Third-Party Patch Update : bash (multiple_vulnerabilities_in_bash) (Shellshock)NessusSolaris Local Security Checks
critical
80196Juniper Junos Space GNU Bash Command Injection Vulnerability (JSA10648) (Shellshock)NessusJunos Local Security Checks
critical
79584Cisco TelePresence Conductor Bash Remote Code Execution (Shellshock)NessusCISCO
critical
79234McAfee Next Generation Firewall GNU Bash Code Injection (SB10085) (Shellshock)NessusMisc.
critical
79215McAfee Web Gateway GNU Bash Code Injection (SB10085) (Shellshock)NessusMisc.
critical
79147VMware vCenter Converter 5.1.x < 5.1.2 / 5.5.x < 5.5.3 Multiple Vulnerabilities (VMSA-2014-0010) (Shellshock)NessusWindows
critical
79124CUCM IM and Presence Service GNU Bash Environment Variable Handling Command Injection (CSCur05454) (Shellshock)NessusCISCO
critical
79123McAfee Email Gateway GNU Bash Code Injection (SB10085) (Shellshock)NessusMisc.
critical
79053RHEL 6 : rhev-hypervisor6 (RHSA-2014:1354) (Shellshock)NessusRed Hat Local Security Checks
critical
79052RHEL 4 / 5 / 6 : bash (RHSA-2014:1311)NessusRed Hat Local Security Checks
critical
78889VMware vCenter Operations Management Bash Vulnerabilities (VMSA-2014-0010) (Shellshock)NessusMisc.
critical
78857VMware Workspace Portal Multiple Bash Shell Vulnerabilities (VMSA-2014-0010) (Shellshock)NessusMisc.
critical
78828Cisco Prime Security Manager GNU Bash Environment Variable Handling Command Injection (cisco-sa-20140926-bash) (Shellshock)NessusCGI abuses
critical
78827Cisco ASA Next-Generation Firewall GNU Bash Environment Variable Handling Command Injection (cisco-sa-20140926-bash) (Shellshock)NessusCISCO
critical
78826VMware NSX Bash Environment Variable Command Injection (VMSA-2014-0010) (Shellshock)NessusMisc.
critical
78771VMware vSphere Replication Bash Environment Variable Command Injection Vulnerability (VMSA-2014-0010) (Shellshock)NessusMisc.
critical
78693Cisco NX-OS GNU Bash Environment Variable Command Injection Vulnerability (cisco-sa-20140926-bash) (Shellshock)NessusCISCO
critical
78596Cisco TelePresence Video Communication Server Bash Remote Code Execution (Shellshock)NessusCISCO
critical
78508VMware vCenter Server Appliance Bash Remote Code Execution (VMSA-2014-0010) (Shellshock)NessusMisc.
critical
78395Oracle third party patch update : bash_2014_10_07NessusSolaris Local Security Checks
critical
78362Amazon Linux AMI : bash (ALAS-2014-419)NessusAmazon Linux Local Security Checks
critical
78197F5 Networks BIG-IP : Multiple GNU Bash vulnerabilities (SOL15629) (Shellshock)NessusF5 Networks Local Security Checks
critical
78115openSUSE Security Update : bash (openSUSE-SU-2014:1254-1) (deprecated)NessusSuSE Local Security Checks
critical
78060GLSA-201410-01 : Bash: Multiple vulnerabilities (Shellshock)NessusGentoo Local Security Checks
critical
78039FreeBSD : rt42 -- vulnerabilities related to shellshock (81e2b308-4a6c-11e4-b711-6805ca0b3d42)NessusFreeBSD Local Security Checks
critical
78025VMSA-2014-0010 : VMware product updates address critical Bash security vulnerabilities (Shellshock)NessusVMware ESX Local Security Checks
critical
78002FreeBSD : bash -- out-of-bounds memory access in parser (4a4e9f88-491c-11e4-ae2c-c80aa9043978)NessusFreeBSD Local Security Checks
critical
77967openSUSE Security Update : bash (openSUSE-SU-2014:1242-1) (Shellshock)NessusSuSE Local Security Checks
critical
77966openSUSE Security Update : bash (openSUSE-SU-2014:1229-1) (Shellshock)NessusSuSE Local Security Checks
critical
77961Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS : bash vulnerabilities (USN-2364-1)NessusUbuntu Local Security Checks
critical
77958SuSE 11.3 Security Update : bash (SAT Patch Number 9780)NessusSuSE Local Security Checks
critical
77951Oracle Linux 5 / 6 / 7 : bash (ELSA-2014-1306)NessusOracle Linux Local Security Checks
critical
77950Mandriva Linux Security Advisory : bash (MDVSA-2014:190)NessusMandriva Local Security Checks
critical
77895RHEL 5 / 6 / 7 : bash (RHSA-2014:1306)NessusRed Hat Local Security Checks
critical
77879CentOS 5 / 6 / 7 : bash (CESA-2014:1306)NessusCentOS Local Security Checks
critical