GNU Bash Environment Variable Handling Code Injection (Shellshock)

critical Web Application Scanning Plugin ID 112578

Language:

Synopsis

GNU Bash Environment Variable Handling Code Injection (Shellshock)

Description

The remote web server is affected by a command injection vulnerability in GNU Bash known as Shellshock. The vulnerability is due to the processing of trailing strings after function definitions in the values of environment variables. This allows a remote attacker to execute arbitrary code via environment variable manipulation depending on the configuration of the system.

Solution

Apply the referenced patches to address both CVE-2014-6271 (Shellshock original vulnerability) and CVE-2014-6278 which is a bypass for the CVE-2014-6271 fix.

See Also

https://en.wikipedia.org/wiki/Shellshock_(software_bug)

https://blog.cloudflare.com/inside-shellshock/

https://www.troyhunt.com/everything-you-need-to-know-about2/

https://owasp.org/www-pdf-archive/Shellshock_-_Tudor_Enache.pdf

https://seclists.org/oss-sec/2014/q3/650

Plugin Details

Severity: Critical

ID: 112578

Type: remote

Published: 9/10/2020

Updated: 9/7/2021

Scan Template: pci, api, scan

Risk Information

VPR

Risk Factor: Critical

Score: 9.5

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2014-6271

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS Score Source: CVE-2014-6278

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 9/24/2014

Vulnerability Publication Date: 9/24/2014

Reference Information

CVE: CVE-2014-6278, CVE-2014-6271