CVE-2014-7186

HIGH

Description

The redirection implementation in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted use of here documents, aka the "redir_stack" issue.

ID	Name	Product	Family	Severity
124921	EulerOS Virtualization 3.0.1.0 : bash (EulerOS-SA-2019-1418)	Nessus	Huawei Local Security Checks	critical
88514	Oracle Solaris Third-Party Patch Update : bash (multiple_vulnerabilities_in_bash1) (Shellshock)	Nessus	Solaris Local Security Checks	critical
87680	VMware ESX Multiple Bash Vulnerabilities (VMSA-2014-0010) (Shellshock)	Nessus	Misc.	critical
8982	Mac OS X < 10.11 Multiple Vulnerabilities	Nessus Network Monitor	Operating System Detection	high
86270	Mac OS X < 10.11 Multiple Vulnerabilities (GHOST)	Nessus	MacOS X Local Security Checks	critical
85630	IBM Storwize V7000 Unified 1.3.x < 1.4.3.5 / 1.5.x < 1.5.0.4 Multiple Vulnerabilities (Shellshock)	Nessus	Misc.	critical
82417	Mandriva Linux Security Advisory : bash (MDVSA-2015:164)	Nessus	Mandriva Local Security Checks	critical
81087	Mac OS X 10.10.x < 10.10.2 Multiple Vulnerabilities (POODLE)	Nessus	MacOS X Local Security Checks	critical
80590	Oracle Solaris Third-Party Patch Update : bash (multiple_vulnerabilities_in_bash) (Shellshock)	Nessus	Solaris Local Security Checks	critical
80196	Juniper Junos Space GNU Bash Command Injection Vulnerability (JSA10648) (Shellshock)	Nessus	Junos Local Security Checks	critical
79584	Cisco TelePresence Conductor Bash Remote Code Execution (Shellshock)	Nessus	CISCO	critical
79234	McAfee Next Generation Firewall GNU Bash Code Injection (SB10085) (Shellshock)	Nessus	Misc.	critical
79215	McAfee Web Gateway GNU Bash Code Injection (SB10085) (Shellshock)	Nessus	Misc.	critical
79147	VMware vCenter Converter 5.1.x < 5.1.2 / 5.5.x < 5.5.3 Multiple Vulnerabilities (VMSA-2014-0010) (Shellshock)	Nessus	Windows	critical
79124	CUCM IM and Presence Service GNU Bash Environment Variable Handling Command Injection (CSCur05454) (Shellshock)	Nessus	CISCO	critical
79123	McAfee Email Gateway GNU Bash Code Injection (SB10085) (Shellshock)	Nessus	Misc.	critical
79053	RHEL 6 : rhev-hypervisor6 (RHSA-2014:1354) (Shellshock)	Nessus	Red Hat Local Security Checks	critical
79052	RHEL 4 / 5 / 6 : bash (RHSA-2014:1311)	Nessus	Red Hat Local Security Checks	critical
78889	VMware vCenter Operations Management Bash Vulnerabilities (VMSA-2014-0010) (Shellshock)	Nessus	Misc.	critical
78857	VMware Workspace Portal Multiple Bash Shell Vulnerabilities (VMSA-2014-0010) (Shellshock)	Nessus	Misc.	critical
78828	Cisco Prime Security Manager GNU Bash Environment Variable Handling Command Injection (cisco-sa-20140926-bash) (Shellshock)	Nessus	CGI abuses	critical
78827	Cisco ASA Next-Generation Firewall GNU Bash Environment Variable Handling Command Injection (cisco-sa-20140926-bash) (Shellshock)	Nessus	CISCO	critical
78826	VMware NSX Bash Environment Variable Command Injection (VMSA-2014-0010) (Shellshock)	Nessus	Misc.	critical
78771	VMware vSphere Replication Bash Environment Variable Command Injection Vulnerability (VMSA-2014-0010) (Shellshock)	Nessus	Misc.	critical
78693	Cisco NX-OS GNU Bash Environment Variable Command Injection Vulnerability (cisco-sa-20140926-bash) (Shellshock)	Nessus	CISCO	critical
78596	Cisco TelePresence Video Communication Server Bash Remote Code Execution (Shellshock)	Nessus	CISCO	critical
78508	VMware vCenter Server Appliance Bash Remote Code Execution (VMSA-2014-0010) (Shellshock)	Nessus	Misc.	critical
78395	Oracle third party patch update : bash_2014_10_07	Nessus	Solaris Local Security Checks	critical
78362	Amazon Linux AMI : bash (ALAS-2014-419)	Nessus	Amazon Linux Local Security Checks	critical
78197	F5 Networks BIG-IP : Multiple GNU Bash vulnerabilities (SOL15629) (Shellshock)	Nessus	F5 Networks Local Security Checks	critical
78115	openSUSE Security Update : bash (openSUSE-SU-2014:1254-1) (deprecated)	Nessus	SuSE Local Security Checks	critical
78060	GLSA-201410-01 : Bash: Multiple vulnerabilities (Shellshock)	Nessus	Gentoo Local Security Checks	critical
78039	FreeBSD : rt42 -- vulnerabilities related to shellshock (81e2b308-4a6c-11e4-b711-6805ca0b3d42)	Nessus	FreeBSD Local Security Checks	critical
78025	VMSA-2014-0010 : VMware product updates address critical Bash security vulnerabilities (Shellshock)	Nessus	VMware ESX Local Security Checks	critical
78002	FreeBSD : bash -- out-of-bounds memory access in parser (4a4e9f88-491c-11e4-ae2c-c80aa9043978)	Nessus	FreeBSD Local Security Checks	critical
77967	openSUSE Security Update : bash (openSUSE-SU-2014:1242-1) (Shellshock)	Nessus	SuSE Local Security Checks	critical
77966	openSUSE Security Update : bash (openSUSE-SU-2014:1229-1) (Shellshock)	Nessus	SuSE Local Security Checks	critical
77961	Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS : bash vulnerabilities (USN-2364-1)	Nessus	Ubuntu Local Security Checks	critical
77958	SuSE 11.3 Security Update : bash (SAT Patch Number 9780)	Nessus	SuSE Local Security Checks	critical
77951	Oracle Linux 5 / 6 / 7 : bash (ELSA-2014-1306)	Nessus	Oracle Linux Local Security Checks	critical
77950	Mandriva Linux Security Advisory : bash (MDVSA-2014:190)	Nessus	Mandriva Local Security Checks	critical
77895	RHEL 5 / 6 / 7 : bash (RHSA-2014:1306)	Nessus	Red Hat Local Security Checks	critical
77879	CentOS 5 / 6 / 7 : bash (CESA-2014:1306)	Nessus	CentOS Local Security Checks	critical

CVE-2014-7186

HIGH

Description

References

Details

Risk Information

CVSS v2.0

Vulnerable Software

Configuration 1

Tenable Plugins

critical

critical

critical

high

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical