GNU Bash Environment Variable Handling Code Injection via ProFTPD (Shellshock)

high Nessus Plugin ID 77986

Language:

New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote FTP server is affected by a remote code execution vulnerability.

Description

The remote FTP server is affected by a remote code execution vulnerability due to an error in the Bash shell running on the remote host. A remote, unauthenticated attacker can execute arbitrary code on the remote host by sending a specially crafted request via the USER FTP command. The 'mod_exec' module exports the attacker-supplied username as an environment variable, which is then evaluated by Bash as code.

Solution

Apply the referenced patch.

See Also

http://www.proftpd.org/docs/contrib/mod_exec.html#ExecEnviron

http://seclists.org/oss-sec/2014/q3/650

http://www.nessus.org/u?dacf7829

https://www.invisiblethreat.ca/post/shellshock/

Plugin Details

Severity: High

ID: 77986

File Name: proftpd_bash_injection.nasl

Version: 1.23

Type: remote

Family: FTP

Published: 9/30/2014

Updated: 2/24/2021

Dependencies: ftpserver_detect_type_nd_version.nasl, ftp_starttls.nasl

Risk Information

CVSS Score Source: CVE-2014-7169

VPR

Risk Factor: Critical

Score: 9.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.7

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: E:H/RL:OF/RC:C

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 8.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: E:H/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:gnu:bash, cpe:/a:proftpd:proftpd

Excluded KB Items: global_settings/supplied_logins_only

Exploit Available: true

Exploit Ease: Exploits are available

Exploited by Nessus: true

Patch Publication Date: 9/24/2014

Vulnerability Publication Date: 9/24/2014

Exploitable With

Core Impact

Metasploit (Apache mod_cgi Bash Environment Variable Code Injection (Shellshock))

Reference Information

CVE: CVE-2014-6271, CVE-2014-7169

BID: 70103, 70137

CERT: 252743

IAVA: 2014-A-0142

EDB-ID: 34765, 34766, 34777