Vulnerability Name:

CVE-2014-6271

Assigned:2014-09-09
Published:2014-09-24
Updated:2017-10-04
Summary:GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.
CVSS v3 Severity:10.0 Critical (CCN CVSS v3 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
8.3 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
8.3 High (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
7.5 High (REDHAT CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
6.2 Medium (REDHAT Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:F/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-78
References:Source: CONFIRM
Type: UNKNOWN
http://advisories.mageia.org/MGASA-2014-0388.html

Source: APPLE
Type: UNKNOWN
APPLE-SA-2014-10-16-1

Source: JVN
Type: VENDOR_ADVISORY
JVN#55667175

Source: JVNDB
Type: VENDOR_ADVISORY
JVNDB-2014-000126

Source: CONFIRM
Type: UNKNOWN
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10673

Source: MISC
Type: UNKNOWN
http://lcamtuf.blogspot.com/2014/09/quick-notes-about-bash-bug-its-impact.html

Source: CONFIRM
Type: UNKNOWN
http://linux.oracle.com/errata/ELSA-2014-1293.html

Source: CONFIRM
Type: UNKNOWN
http://linux.oracle.com/errata/ELSA-2014-1294.html

Source: SUSE
Type: UNKNOWN
SUSE-SU-2014:1212

Source: SUSE
Type: UNKNOWN
SUSE-SU-2014:1213

Source: SUSE
Type: UNKNOWN
SUSE-SU-2014:1223

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2014:1226

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2014:1238

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2014:1254

Source: SUSE
Type: UNKNOWN
SUSE-SU-2014:1260

Source: SUSE
Type: UNKNOWN
SUSE-SU-2014:1287

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2014:1308

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2014:1310

Source: HP
Type: UNKNOWN
HPSBGN03117

Source: HP
Type: UNKNOWN
HPSBHF03119

Source: HP
Type: UNKNOWN
HPSBHF03124

Source: HP
Type: UNKNOWN
HPSBST03122

Source: HP
Type: UNKNOWN
HPSBMU03133

Source: HP
Type: UNKNOWN
HPSBGN03138

Source: HP
Type: UNKNOWN
HPSBHF03125

Source: HP
Type: UNKNOWN
HPSBMU03143

Source: HP
Type: UNKNOWN
HPSBMU03144

Source: HP
Type: UNKNOWN
HPSBST03131

Source: HP
Type: UNKNOWN
HPSBST03129

Source: HP
Type: UNKNOWN
HPSBGN03142

Source: HP
Type: UNKNOWN
HPSBGN03141

Source: HP
Type: UNKNOWN
HPSBHF03146

Source: HP
Type: UNKNOWN
HPSBHF03145

Source: HP
Type: UNKNOWN
HPSBST03157

Source: HP
Type: UNKNOWN
HPSBST03155

Source: HP
Type: UNKNOWN
HPSBMU03165

Source: HP
Type: UNKNOWN
HPSBST03181

Source: HP
Type: UNKNOWN
HPSBST03154

Source: HP
Type: UNKNOWN
HPSBMU03182

Source: HP
Type: UNKNOWN
HPSBST03148

Source: HP
Type: UNKNOWN
SSRT101827

Source: HP
Type: UNKNOWN
SSRT101711

Source: HP
Type: UNKNOWN
SSRT101868

Source: HP
Type: UNKNOWN
SSRT101742

Source: HP
Type: UNKNOWN
HPSBMU03246

Source: HP
Type: UNKNOWN
HPSBST03265

Source: HP
Type: UNKNOWN
SSRT101816

Source: HP
Type: UNKNOWN
SSRT101819

Source: HP
Type: UNKNOWN
HPSBST03195

Source: MISC
Type: UNKNOWN
http://packetstormsecurity.com/files/128517/VMware-Security-Advisory-2014-0010.html

Source: MISC
Type: UNKNOWN
http://packetstormsecurity.com/files/128567/CA-Technologies-GNU-Bash-Shellshock.html

Source: MISC
Type: UNKNOWN
http://packetstormsecurity.com/files/128573/Apache-mod_cgi-Remote-Command-Execution.html

Source: MISC
Type: UNKNOWN
http://packetstormsecurity.com/files/137376/IPFire-Bash-Environment-Variable-Injection-Shellshock.html

Source: REDHAT
Type: UNKNOWN
RHSA-2014:1293

Source: REDHAT
Type: UNKNOWN
RHSA-2014:1294

Source: REDHAT
Type: UNKNOWN
RHSA-2014:1295

Source: REDHAT
Type: UNKNOWN
RHSA-2014:1354

Source: FULLDISC
Type: UNKNOWN
20141001 FW: NEW VMSA-2014-0010 - VMware product updates address critical Bash security vulnerabilities

Source: SECUNIA
Type: UNKNOWN
59272

Source: SECUNIA
Type: UNKNOWN
61542

Source: SECUNIA
Type: UNKNOWN
61547

Source: SECUNIA
Type: UNKNOWN
62228

Source: CONFIRM
Type: UNKNOWN
http://support.apple.com/kb/HT6495

Source: CONFIRM
Type: UNKNOWN
http://support.novell.com/security/cve/CVE-2014-6271.html

Source: CISCO
Type: UNKNOWN
20140926 GNU Bash Environmental Variable Command Injection Vulnerability

Source: CONFIRM
Type: UNKNOWN
http://www-01.ibm.com/support/docview.wss?uid=isg3T1021272

Source: CONFIRM
Type: UNKNOWN
http://www-01.ibm.com/support/docview.wss?uid=isg3T1021279

Source: CONFIRM
Type: UNKNOWN
http://www-01.ibm.com/support/docview.wss?uid=isg3T1021361

Source: CONFIRM
Type: UNKNOWN
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004879

Source: CONFIRM
Type: UNKNOWN
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004897

Source: CONFIRM
Type: UNKNOWN
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004898

Source: CONFIRM
Type: UNKNOWN
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004915

Source: CONFIRM
Type: UNKNOWN
http://www-01.ibm.com/support/docview.wss?uid=swg21685541

Source: CONFIRM
Type: UNKNOWN
http://www-01.ibm.com/support/docview.wss?uid=swg21685604

Source: CONFIRM
Type: UNKNOWN
http://www-01.ibm.com/support/docview.wss?uid=swg21685733

Source: CONFIRM
Type: UNKNOWN
http://www-01.ibm.com/support/docview.wss?uid=swg21685749

Source: CONFIRM
Type: UNKNOWN
http://www-01.ibm.com/support/docview.wss?uid=swg21685914

Source: CONFIRM
Type: UNKNOWN
http://www-01.ibm.com/support/docview.wss?uid=swg21686084

Source: CONFIRM
Type: UNKNOWN
http://www-01.ibm.com/support/docview.wss?uid=swg21686131

Source: CONFIRM
Type: UNKNOWN
http://www-01.ibm.com/support/docview.wss?uid=swg21686246

Source: CONFIRM
Type: UNKNOWN
http://www-01.ibm.com/support/docview.wss?uid=swg21686445

Source: CONFIRM
Type: UNKNOWN
http://www-01.ibm.com/support/docview.wss?uid=swg21686447

Source: CONFIRM
Type: UNKNOWN
http://www-01.ibm.com/support/docview.wss?uid=swg21686479

Source: CONFIRM
Type: UNKNOWN
http://www-01.ibm.com/support/docview.wss?uid=swg21686494

Source: CONFIRM
Type: UNKNOWN
http://www-01.ibm.com/support/docview.wss?uid=swg21687079

Source: CONFIRM
Type: UNKNOWN
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096315

Source: DEBIAN
Type: UNKNOWN
DSA-3032

Source: CERT-VN
Type: UNKNOWN
VU#252743

Source: MANDRIVA
Type: UNKNOWN
MDVSA-2015:164

Source: CONFIRM
Type: UNKNOWN
http://www.novell.com/support/kb/doc.php?id=7015701

Source: CONFIRM
Type: UNKNOWN
http://www.novell.com/support/kb/doc.php?id=7015721

Source: CONFIRM
Type: UNKNOWN
http://www.oracle.com/technetwork/topics/security/bashcve-2014-7169-2317675.html

Source: CONFIRM
Type: UNKNOWN
http://www.qnap.com/i/en/support/con_show.php?cid=61

Source: BUGTRAQ
Type: UNKNOWN
20141001 NEW VMSA-2014-0010 - VMware product updates address critical Bash security vulnerabilities

Source: BID
Type: UNKNOWN
70103

Source: UBUNTU
Type: UNKNOWN
USN-2362-1

Source: CERT
Type: UNKNOWN
TA14-268A

Source: CONFIRM
Type: UNKNOWN
http://www.vmware.com/security/advisories/VMSA-2014-0010.html

Source: CONFIRM
Type: UNKNOWN
http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0

Source: CONFIRM
Type: UNKNOWN
https://access.redhat.com/articles/1200223

Source: CONFIRM
Type: UNKNOWN
https://access.redhat.com/node/1200223

Source: CONFIRM
Type: PATCH
https://bugzilla.redhat.com/show_bug.cgi?id=1141597

Source: XF
Type: UNKNOWN
bash-cve20146271-command-exec(96153)

Source: CONFIRM
Type: UNKNOWN
https://kb.bluecoat.com/index?page=content&id=SA82

Source: CONFIRM
Type: UNKNOWN
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10648

Source: CONFIRM
Type: UNKNOWN
https://kc.mcafee.com/corporate/index?page=content&id=SB10085

Source: CONFIRM
Type: UNKNOWN
https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/

Source: CONFIRM
Type: UNKNOWN
https://support.apple.com/kb/HT6535

Source: CONFIRM
Type: UNKNOWN
https://support.citrix.com/article/CTX200217

Source: CONFIRM
Type: UNKNOWN
https://support.citrix.com/article/CTX200223

Source: CONFIRM
Type: UNKNOWN
https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15629.html

Source: CONFIRM
Type: UNKNOWN
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk102673&src=securityAlerts

Source: EXPLOIT-DB
Type: UNKNOWN
34879

Source: EXPLOIT-DB
Type: UNKNOWN
37816

Source: EXPLOIT-DB
Type: UNKNOWN
38849

Source: EXPLOIT-DB
Type: UNKNOWN
39918

Source: EXPLOIT-DB
Type: UNKNOWN
40619

Source: EXPLOIT-DB
Type: UNKNOWN
40938

Source: EXPLOIT-DB
Type: UNKNOWN
42938

Source: CONFIRM
Type: UNKNOWN
https://www.suse.com/support/shellshock/

Vulnerable Configuration:Configuration 1:
  • cpe:/a:gnu:bash:1.14.0:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:bash:1.14.1:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:bash:1.14.2:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:bash:1.14.3:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:bash:1.14.4:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:bash:1.14.5:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:bash:1.14.6:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:bash:1.14.7:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:bash:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:bash:2.01:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:bash:2.01.1:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:bash:2.02:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:bash:2.02.1:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:bash:2.03:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:bash:2.04:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:bash:2.05:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:bash:2.05:a:*:*:*:*:*:*
  • OR cpe:/a:gnu:bash:2.05:b:*:*:*:*:*:*
  • OR cpe:/a:gnu:bash:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:bash:3.0.16:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:bash:3.1:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:bash:3.2:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:bash:3.2.48:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:bash:4.0:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:bash:4.0:rc1:*:*:*:*:*:*
  • OR cpe:/a:gnu:bash:4.1:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:bash:4.2:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:bash:4.3:*:*:*:*:*:*:*

  • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:7:*:*:*:*:*:*:*

  • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

  • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:6:*:*:*:*:*:*:*

  • Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20146271
    V
    CVE-2014-6271
    2017-11-24
    oval:org.mitre.oval:def:27981
    P
    SUSE-SU-2014:1259-1 -- bash (important)
    2015-01-26
    oval:org.mitre.oval:def:27830
    P
    SUSE-SU-2014:1260-1 -- bash (critical)
    2015-01-26
    oval:org.mitre.oval:def:28331
    V
    VMware product updates address critical Bash security vulnerabilities
    2015-01-05
    oval:org.mitre.oval:def:26631
    P
    SUSE-SU-2014:1247-1 -- Security update for bash
    2014-12-01
    oval:org.mitre.oval:def:26685
    P
    ELSA-2014-1294 -- bash security update (Critical)
    2014-11-17
    oval:org.mitre.oval:def:26923
    P
    ELSA-2014-1293 -- bash security update (Critical)
    2014-11-17
    oval:org.mitre.oval:def:27118
    P
    ELSA-2014-1306 -- bash security update (Important)
    2014-11-17
    oval:org.mitre.oval:def:26665
    P
    DSA-3035-1 bash - security update
    2014-11-10
    oval:org.mitre.oval:def:26821
    P
    SUSE-SU-2014:1214-1 -- Security update for bash
    2014-11-10
    oval:org.mitre.oval:def:26539
    P
    USN-2362-1 -- bash vulnerability
    2014-11-10
    oval:org.mitre.oval:def:26764
    V
    Vulnerability affecting GNU Bash
    2014-11-10
    oval:org.mitre.oval:def:26642
    P
    DSA-3032-1 bash - security update
    2014-11-10
    oval:org.mitre.oval:def:26797
    P
    SUSE-SU-2014:1213-1 -- Security update for bash
    2014-11-10
    oval:org.mitre.oval:def:26521
    P
    RHSA-2014:1293: bash security update (Critical)
    2014-11-10
    oval:com.redhat.rhsa:def:20141293
    P
    RHSA-2014:1293: bash security update (Critical)
    2014-09-24
    oval:com.ubuntu.precise:def:20146271000
    V
    CVE-2014-6271 on Ubuntu 12.04 LTS (precise) - high.
    2014-09-24
    oval:com.ubuntu.trusty:def:20146271000
    V
    CVE-2014-6271 on Ubuntu 14.04 LTS (trusty) - high.
    2014-09-24
    BACK
    gnu bash 1.14.0
    gnu bash 1.14.1
    gnu bash 1.14.2
    gnu bash 1.14.3
    gnu bash 1.14.4
    gnu bash 1.14.5
    gnu bash 1.14.6
    gnu bash 1.14.7
    gnu bash 2.0
    gnu bash 2.01
    gnu bash 2.01.1
    gnu bash 2.02
    gnu bash 2.02.1
    gnu bash 2.03
    gnu bash 2.04
    gnu bash 2.05
    gnu bash 2.05 a
    gnu bash 2.05 b
    gnu bash 3.0
    gnu bash 3.0.16
    gnu bash 3.1
    gnu bash 3.2
    gnu bash 3.2.48
    gnu bash 4.0
    gnu bash 4.0 rc1
    gnu bash 4.1
    gnu bash 4.2
    gnu bash 4.3
    redhat enterprise_linux 7
    redhat enterprise_linux 5
    redhat enterprise_linux 6