Palo Alto Networks PAN-OS < 5.0.15 / 5.1.x < 5.1.10 / 6.0.x < 6.0.6 / 6.1.x < 6.1.1 Bash Shell Remote Code Execution (Shellshock)

Critical Nessus Plugin ID 78587

Synopsis

The remote host is affected by a remote code execution vulnerability.

Description

The remote host is running a version of Palo Alto Networks PAN-OS prior to 5.0.15 / 5.1.10 / 6.0.6 / 6.1.1. It is, therefore, affected by a command injection vulnerability in GNU Bash known as Shellshock, which is due to the processing of trailing strings after function definitions in the values of environment variables. This allows a remote attacker to execute arbitrary code via environment variable manipulation depending on the configuration of the system.

Solution

Upgrade to PAN-OS version 5.0.15 / 5.1.10 / 6.0.6 / 6.1.1 or later.

See Also

https://securityadvisories.paloaltonetworks.com/Home/Detail/24

http://seclists.org/oss-sec/2014/q3/650

https://www.invisiblethreat.ca/post/shellshock/

Plugin Details

Severity: Critical

ID: 78587

File Name: palo_alto_PAN-SA-2014-0004.nasl

Version: $Revision: 1.11 $

Type: combined

Published: 2014/10/20

Modified: 2017/04/25

Dependencies: 72816

Risk Information

Risk Factor: Critical

CVSSv2

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:ND

Vulnerability Information

CPE: cpe:/o:paloaltonetworks:pan-os

Required KB Items: Host/Palo_Alto/Firewall/Version, Host/Palo_Alto/Firewall/Full_Version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2014/09/25

Vulnerability Publication Date: 2014/09/24

Exploitable With

Core Impact

Metasploit (Apache mod_cgi Bash Environment Variable Code Injection (Shellshock))

Reference Information

CVE: CVE-2014-6271, CVE-2014-7169

BID: 70103, 70137

CERT: 252743

IAVA: 2014-A-0142

EDB-ID: 34765, 34766, 34777