GNU Bash Environment Variable Handling Code Injection (Shellshock)

Critical Web Application Scanning Plugin ID 112578

Synopsis

GNU Bash Environment Variable Handling Code Injection (Shellshock)

Description

The remote web server is affected by a command injection vulnerability in GNU Bash known as Shellshock. The vulnerability is due to the processing of trailing strings after function definitions in the values of environment variables. This allows a remote attacker to execute arbitrary code via environment variable manipulation depending on the configuration of the system.

Solution

Apply the referenced patches to address both CVE-2014-6271 (Shellshock original vulnerability) and CVE-2014-6278 which is a bypass for the CVE-2014-6271 fix.

See Also

https://en.wikipedia.org/wiki/Shellshock_(software_bug)

https://blog.cloudflare.com/inside-shellshock/

https://www.troyhunt.com/everything-you-need-to-know-about2/

https://owasp.org/www-pdf-archive/Shellshock_-_Tudor_Enache.pdf

https://seclists.org/oss-sec/2014/q3/650

Plugin Details

Severity: Critical

ID: 112578

Type: remote

Published: 2020/09/10

Updated: 2020/09/10

Scan Template: api, scan, pci

Risk Information

Risk Factor: Critical

CVSS v2.0

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS v3.0

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vulnerability Information

Exploit Available: true

Patch Publication Date: 2014/09/24

Vulnerability Publication Date: 2014/09/24

Reference Information

CVE: CVE-2014-6271, CVE-2014-6278

BID: 70103, 70166