CVE-2014-6271

GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock."  NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.
OS Command Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
debianCNA
---
---
CVEADP
---
---
CISA-ADPADP
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 99%
VendorProductVersion
gnubash
𝑥
≤ 4.3
aristaeos
4.9.0 ≤
𝑥
< 4.9.12
aristaeos
4.10.0 ≤
𝑥
< 4.10.9
aristaeos
4.11.0 ≤
𝑥
< 4.11.11
aristaeos
4.12.0 ≤
𝑥
< 4.12.9
aristaeos
4.13.0 ≤
𝑥
< 4.13.9
aristaeos
4.14.0 ≤
𝑥
< 4.14.4f
qnapqts
𝑥
< 4.1.1
qnapqts
4.1.1
qnapqts
4.1.1:build_0927
mageiamageia
3.0
mageiamageia
4.0
redhatgluster_storage_server_for_on-premise
2.1
redhatvirtualization
3.4
redhatenterprise_linux
4.0
redhatenterprise_linux
5.0
redhatenterprise_linux
6.0
redhatenterprise_linux
7.0
redhatenterprise_linux_desktop
5.0
redhatenterprise_linux_desktop
6.0
redhatenterprise_linux_desktop
7.0
redhatenterprise_linux_eus
5.9
redhatenterprise_linux_eus
6.4
redhatenterprise_linux_eus
6.5
redhatenterprise_linux_eus
7.3
redhatenterprise_linux_eus
7.4
redhatenterprise_linux_eus
7.5
redhatenterprise_linux_eus
7.6
redhatenterprise_linux_eus
7.7
redhatenterprise_linux_for_ibm_z_systems
5.9_s390x:_s390x
redhatenterprise_linux_for_ibm_z_systems
6.4_s390x:_s390x
redhatenterprise_linux_for_ibm_z_systems
6.5_s390x:_s390x
redhatenterprise_linux_for_ibm_z_systems
7.3_s390x:_s390x
redhatenterprise_linux_for_ibm_z_systems
7.4_s390x:_s390x
redhatenterprise_linux_for_ibm_z_systems
7.5_s390x:_s390x
redhatenterprise_linux_for_ibm_z_systems
7.6_s390x:_s390x
redhatenterprise_linux_for_ibm_z_systems
7.7_s390x:_s390x
redhatenterprise_linux_for_power_big_endian
5.0_ppc:_ppc
redhatenterprise_linux_for_power_big_endian
5.9_ppc:_ppc
redhatenterprise_linux_for_power_big_endian
6.0_ppc64:_ppc64
redhatenterprise_linux_for_power_big_endian
6.4_ppc64:_ppc64
redhatenterprise_linux_for_power_big_endian
7.0_ppc64:_ppc64
redhatenterprise_linux_for_power_big_endian_eus
6.5_ppc64:_ppc64
redhatenterprise_linux_for_power_big_endian_eus
7.3_ppc64:_ppc64
redhatenterprise_linux_for_power_big_endian_eus
7.4_ppc64:_ppc64
redhatenterprise_linux_for_power_big_endian_eus
7.5_ppc64:_ppc64
redhatenterprise_linux_for_power_big_endian_eus
7.6_ppc64:_ppc64
redhatenterprise_linux_for_power_big_endian_eus
7.7_ppc64:_ppc64
redhatenterprise_linux_for_scientific_computing
6.0
redhatenterprise_linux_for_scientific_computing
7.0
redhatenterprise_linux_server
5.0
redhatenterprise_linux_server
6.0
redhatenterprise_linux_server
7.0
redhatenterprise_linux_server_aus
5.6
redhatenterprise_linux_server_aus
5.9
redhatenterprise_linux_server_aus
6.2
redhatenterprise_linux_server_aus
6.4
redhatenterprise_linux_server_aus
6.5
redhatenterprise_linux_server_aus
7.3
redhatenterprise_linux_server_aus
7.4
redhatenterprise_linux_server_aus
7.6
redhatenterprise_linux_server_aus
7.7
redhatenterprise_linux_server_from_rhui
5.0
redhatenterprise_linux_server_from_rhui
6.0
redhatenterprise_linux_server_from_rhui
7.0
redhatenterprise_linux_server_tus
6.5
redhatenterprise_linux_server_tus
7.3
redhatenterprise_linux_server_tus
7.6
redhatenterprise_linux_server_tus
7.7
redhatenterprise_linux_workstation
5.0
redhatenterprise_linux_workstation
6.0
redhatenterprise_linux_workstation
7.0
susestudio_onsite
1.3
opensuseopensuse
12.3
opensuseopensuse
13.1
opensuseopensuse
13.2
debiandebian_linux
7.0
ibminfosphere_guardium_database_activity_monitoring
8.2
ibminfosphere_guardium_database_activity_monitoring
9.0
ibminfosphere_guardium_database_activity_monitoring
9.1
ibmpureapplication_system
1.0.0.0 ≤
𝑥
≤ 1.0.0.4
ibmpureapplication_system
1.1.0.0 ≤
𝑥
≤ 1.1.0.4
ibmpureapplication_system
2.0.0.0
ibmqradar_risk_manager
7.1.0
ibmqradar_security_information_and_event_manager
7.1.0
ibmqradar_security_information_and_event_manager
7.1.0:mr1
ibmqradar_security_information_and_event_manager
7.1.0:mr2
ibmqradar_security_information_and_event_manager
7.1.1
ibmqradar_security_information_and_event_manager
7.1.1:p1
ibmqradar_security_information_and_event_manager
7.1.1:p2
ibmqradar_security_information_and_event_manager
7.1.1:p3
ibmqradar_security_information_and_event_manager
7.1.2
ibmqradar_security_information_and_event_manager
7.1.2:p1
ibmqradar_security_information_and_event_manager
7.1.2:p10
ibmqradar_security_information_and_event_manager
7.1.2:p11
ibmqradar_security_information_and_event_manager
7.1.2:p12
ibmqradar_security_information_and_event_manager
7.1.2:p13
ibmqradar_security_information_and_event_manager
7.1.2:p2
ibmqradar_security_information_and_event_manager
7.1.2:p3
ibmqradar_security_information_and_event_manager
7.1.2:p4
ibmqradar_security_information_and_event_manager
7.1.2:p5
ibmqradar_security_information_and_event_manager
7.1.2:p6
ibmqradar_security_information_and_event_manager
7.1.2:p7
ibmqradar_security_information_and_event_manager
7.1.2:p8
ibmqradar_security_information_and_event_manager
7.1.2:p9
ibmqradar_security_information_and_event_manager
7.2
ibmqradar_security_information_and_event_manager
7.2.0
ibmqradar_security_information_and_event_manager
7.2.0:p1
ibmqradar_security_information_and_event_manager
7.2.0:p2
ibmqradar_security_information_and_event_manager
7.2.0:p3
ibmqradar_security_information_and_event_manager
7.2.1
ibmqradar_security_information_and_event_manager
7.2.1:p1
ibmqradar_security_information_and_event_manager
7.2.1:p2
ibmqradar_security_information_and_event_manager
7.2.1:p3
ibmqradar_security_information_and_event_manager
7.2.2
ibmqradar_security_information_and_event_manager
7.2.2:p1
ibmqradar_security_information_and_event_manager
7.2.2:p2
ibmqradar_security_information_and_event_manager
7.2.2:p3
ibmqradar_security_information_and_event_manager
7.2.2:p4
ibmqradar_security_information_and_event_manager
7.2.3
ibmqradar_security_information_and_event_manager
7.2.3:p1
ibmqradar_security_information_and_event_manager
7.2.3:p2
ibmqradar_security_information_and_event_manager
7.2.3:p3
ibmqradar_security_information_and_event_manager
7.2.3:p4
ibmqradar_security_information_and_event_manager
7.2.4
ibmqradar_security_information_and_event_manager
7.2.4:p1
ibmqradar_security_information_and_event_manager
7.2.4:p2
ibmqradar_security_information_and_event_manager
7.2.4:p3
ibmqradar_security_information_and_event_manager
7.2.4:p4
ibmqradar_security_information_and_event_manager
7.2.4:p5
ibmqradar_security_information_and_event_manager
7.2.4:p6
ibmqradar_security_information_and_event_manager
7.2.5
ibmqradar_security_information_and_event_manager
7.2.5:p1
ibmqradar_security_information_and_event_manager
7.2.5:p2
ibmqradar_security_information_and_event_manager
7.2.5:p3
ibmqradar_security_information_and_event_manager
7.2.5:p4
ibmqradar_security_information_and_event_manager
7.2.5:p5
ibmqradar_security_information_and_event_manager
7.2.5:p6
ibmqradar_security_information_and_event_manager
7.2.6
ibmqradar_security_information_and_event_manager
7.2.6:p1
ibmqradar_security_information_and_event_manager
7.2.6:p2
ibmqradar_security_information_and_event_manager
7.2.6:p3
ibmqradar_security_information_and_event_manager
7.2.6:p4
ibmqradar_security_information_and_event_manager
7.2.6:p5
ibmqradar_security_information_and_event_manager
7.2.6:p6
ibmqradar_security_information_and_event_manager
7.2.6:p7
ibmqradar_security_information_and_event_manager
7.2.7
ibmqradar_security_information_and_event_manager
7.2.7:p1
ibmqradar_security_information_and_event_manager
7.2.7:p2
ibmqradar_security_information_and_event_manager
7.2.7:p3
ibmqradar_security_information_and_event_manager
7.2.7:p4
ibmqradar_security_information_and_event_manager
7.2.8
ibmqradar_security_information_and_event_manager
7.2.8:p1
ibmqradar_security_information_and_event_manager
7.2.8:p10
ibmqradar_security_information_and_event_manager
7.2.8:p11
ibmqradar_security_information_and_event_manager
7.2.8:p12
ibmqradar_security_information_and_event_manager
7.2.8:p13
ibmqradar_security_information_and_event_manager
7.2.8:p14
ibmqradar_security_information_and_event_manager
7.2.8:p15
ibmqradar_security_information_and_event_manager
7.2.8:p16
ibmqradar_security_information_and_event_manager
7.2.8:p2
ibmqradar_security_information_and_event_manager
7.2.8:p3
ibmqradar_security_information_and_event_manager
7.2.8:p4
ibmqradar_security_information_and_event_manager
7.2.8:p5
ibmqradar_security_information_and_event_manager
7.2.8:p6
ibmqradar_security_information_and_event_manager
7.2.8:p7
ibmqradar_security_information_and_event_manager
7.2.8:p8
ibmqradar_security_information_and_event_manager
7.2.8:p9
ibmqradar_security_information_and_event_manager
7.2.8.15
ibmqradar_security_information_and_event_manager
7.2.9
ibmqradar_vulnerability_manager
7.2.0
ibmqradar_vulnerability_manager
7.2.1
ibmqradar_vulnerability_manager
7.2.2
ibmqradar_vulnerability_manager
7.2.3
ibmqradar_vulnerability_manager
7.2.4
ibmqradar_vulnerability_manager
7.2.6:p1
ibmqradar_vulnerability_manager
7.2.6:p2
ibmqradar_vulnerability_manager
7.2.6:p3
ibmqradar_vulnerability_manager
7.2.6:p4
ibmqradar_vulnerability_manager
7.2.6:p5
ibmqradar_vulnerability_manager
7.2.6:p6
ibmqradar_vulnerability_manager
7.2.6:p7
ibmqradar_vulnerability_manager
7.2.8
ibmqradar_vulnerability_manager
7.2.8:p1
ibmqradar_vulnerability_manager
7.2.8:p10
ibmqradar_vulnerability_manager
7.2.8:p11
ibmqradar_vulnerability_manager
7.2.8:p12
ibmqradar_vulnerability_manager
7.2.8:p13
ibmqradar_vulnerability_manager
7.2.8:p14
ibmqradar_vulnerability_manager
7.2.8:p15
ibmqradar_vulnerability_manager
7.2.8:p16
ibmqradar_vulnerability_manager
7.2.8:p17
ibmqradar_vulnerability_manager
7.2.8:p2
ibmqradar_vulnerability_manager
7.2.8:p3
ibmqradar_vulnerability_manager
7.2.8:p4
ibmqradar_vulnerability_manager
7.2.8:p5
ibmqradar_vulnerability_manager
7.2.8:p6
ibmqradar_vulnerability_manager
7.2.8:p7
ibmqradar_vulnerability_manager
7.2.8:p8
ibmqradar_vulnerability_manager
7.2.8:p9
ibmsmartcloud_entry_appliance
2.3.0
ibmsmartcloud_entry_appliance
2.4.0
ibmsmartcloud_entry_appliance
3.1.0
ibmsmartcloud_entry_appliance
3.2.0
ibmsmartcloud_provisioning
2.1.0
ibmsoftware_defined_network_for_virtual_environments
𝑥
< 1.2.1
ibmsoftware_defined_network_for_virtual_environments
𝑥
< 1.2.1
ibmsoftware_defined_network_for_virtual_environments
𝑥
< 1.2.1
ibmstarter_kit_for_cloud
2.2.0
ibmworkload_deployer
3.1.0 ≤
𝑥
≤ 3.1.0.7
ibmsecurity_access_manager_for_mobile_8.0_firmware
8.0.0.1
ibmsecurity_access_manager_for_mobile_8.0_firmware
8.0.0.2
ibmsecurity_access_manager_for_mobile_8.0_firmware
8.0.0.3
ibmsecurity_access_manager_for_mobile_8.0_firmware
8.0.0.5
ibmsecurity_access_manager_for_web_7.0_firmware
7.0.0.1
ibmsecurity_access_manager_for_web_7.0_firmware
7.0.0.2
ibmsecurity_access_manager_for_web_7.0_firmware
7.0.0.3
ibmsecurity_access_manager_for_web_7.0_firmware
7.0.0.4
ibmsecurity_access_manager_for_web_7.0_firmware
7.0.0.5
ibmsecurity_access_manager_for_web_7.0_firmware
7.0.0.6
ibmsecurity_access_manager_for_web_7.0_firmware
7.0.0.7
ibmsecurity_access_manager_for_web_7.0_firmware
7.0.0.8
ibmsecurity_access_manager_for_web_8.0_firmware
8.0.0.2
ibmsecurity_access_manager_for_web_8.0_firmware
8.0.0.3
ibmsecurity_access_manager_for_web_8.0_firmware
8.0.0.5
ibmstorwize_v7000_firmware
1.1.0.0 ≤
𝑥
< 1.4.3.5
ibmstorwize_v7000_firmware
1.5.0.0 ≤
𝑥
< 1.5.0.4
ibmstorwize_v7000_firmware
7.2.0.0 ≤
𝑥
< 7.2.0.9
ibmstorwize_v7000_firmware
7.3.0.0 ≤
𝑥
< 7.3.0.7
ibmstorwize_v5000_firmware
1.1.0.0 ≤
𝑥
< 7.1.0.11
ibmstorwize_v5000_firmware
7.2.0.0 ≤
𝑥
< 7.2.0.9
ibmstorwize_v5000_firmware
7.3.0.0 ≤
𝑥
< 7.3.0.7
ibmstorwize_v3700_firmware
1.1.0.0 ≤
𝑥
< 7.1.0.11
ibmstorwize_v3700_firmware
7.2.0.0 ≤
𝑥
< 7.2.0.9
ibmstorwize_v3700_firmware
7.3.0.0 ≤
𝑥
< 7.3.0.7
ibmstorwize_v3500_firmware
1.1.0.0 ≤
𝑥
< 7.1.0.11
ibmstorwize_v3500_firmware
7.2.0.0 ≤
𝑥
< 7.2.0.9
ibmstorwize_v3500_firmware
7.3.0.0 ≤
𝑥
< 7.3.0.7
ibmflex_system_v7000_firmware
1.1.0.0 ≤
𝑥
< 7.1.0.11
ibmflex_system_v7000_firmware
7.2.0.0 ≤
𝑥
< 7.2.0.9
ibmflex_system_v7000_firmware
7.3.0.0 ≤
𝑥
< 7.3.0.7
ibmsan_volume_controller_firmware
1.1.0.0 ≤
𝑥
< 7.1.0.11
ibmsan_volume_controller_firmware
7.2.0.0 ≤
𝑥
< 7.2.0.9
ibmsan_volume_controller_firmware
7.3.0.0 ≤
𝑥
< 7.3.0.7
ibmstn6500_firmware
3.8.0.0 ≤
𝑥
< 3.8.0.07
ibmstn6500_firmware
3.9.1.0 ≤
𝑥
< 3.9.1.08
ibmstn6500_firmware
4.1.2.0 ≤
𝑥
< 4.1.2.06
ibmstn6800_firmware
3.8.0.0 ≤
𝑥
< 3.8.0.07
ibmstn6800_firmware
3.9.1.0 ≤
𝑥
< 3.9.1.08
ibmstn6800_firmware
4.1.2.0 ≤
𝑥
< 4.1.2.06
ibmstn7800_firmware
3.8.0.0 ≤
𝑥
< 3.8.0.07
ibmstn7800_firmware
3.9.1.0 ≤
𝑥
< 3.9.1.08
ibmstn7800_firmware
4.1.2.0 ≤
𝑥
< 4.1.2.06
canonicalubuntu_linux
10.04
canonicalubuntu_linux
12.04
canonicalubuntu_linux
14.04
novellzenworks_configuration_management
10.3
novellzenworks_configuration_management
11.1
novellzenworks_configuration_management
11.2
novellzenworks_configuration_management
11.3.0
novellopen_enterprise_server
2.0:sp3
novellopen_enterprise_server
11.0:sp2
checkpointsecurity_gateway
𝑥
< r77.30
f5big-ip_access_policy_manager
10.1.0 ≤
𝑥
≤ 10.2.4
f5big-ip_access_policy_manager
11.0.0 ≤
𝑥
≤ 11.5.1
f5big-ip_access_policy_manager
11.6.0
f5big-ip_advanced_firewall_manager
11.3.0 ≤
𝑥
≤ 11.5.1
f5big-ip_advanced_firewall_manager
11.6.0
f5big-ip_analytics
11.0.0 ≤
𝑥
≤ 11.5.1
f5big-ip_analytics
11.6.0
f5big-ip_application_acceleration_manager
11.4.0 ≤
𝑥
≤ 11.5.1
f5big-ip_application_acceleration_manager
11.6.0
f5big-ip_application_security_manager
10.0.0 ≤
𝑥
≤ 10.2.4
f5big-ip_application_security_manager
11.0.0 ≤
𝑥
≤ 11.5.1
f5big-ip_application_security_manager
11.6.0
f5big-ip_edge_gateway
10.1.0 ≤
𝑥
≤ 10.2.4
f5big-ip_edge_gateway
11.0.0 ≤
𝑥
≤ 11.3.0
f5big-ip_global_traffic_manager
10.0.0 ≤
𝑥
≤ 10.2.4
f5big-ip_global_traffic_manager
11.0.0 ≤
𝑥
≤ 11.5.1
f5big-ip_global_traffic_manager
11.6.0
f5big-ip_link_controller
10.0.0 ≤
𝑥
≤ 10.2.4
f5big-ip_link_controller
11.0.0 ≤
𝑥
≤ 11.5.1
f5big-ip_link_controller
11.6.0
f5big-ip_local_traffic_manager
10.0.0 ≤
𝑥
≤ 10.2.4
f5big-ip_local_traffic_manager
11.0.0 ≤
𝑥
≤ 11.5.1
f5big-ip_local_traffic_manager
11.6.0
f5big-ip_policy_enforcement_manager
11.3.0 ≤
𝑥
≤ 11.5.1
f5big-ip_policy_enforcement_manager
11.6.0
f5big-ip_protocol_security_module
10.0.0 ≤
𝑥
≤ 10.2.4
f5big-ip_protocol_security_module
11.0.0 ≤
𝑥
≤ 11.4.1
f5big-ip_wan_optimization_manager
10.0.0 ≤
𝑥
≤ 10.2.4
f5big-ip_wan_optimization_manager
11.0.0 ≤
𝑥
≤ 11.3.0
f5big-ip_webaccelerator
10.0.0 ≤
𝑥
≤ 10.2.4
f5big-ip_webaccelerator
11.0.0 ≤
𝑥
≤ 11.3.0
f5big-iq_cloud
4.0.0 ≤
𝑥
≤ 4.4.0
f5big-iq_device
4.2.0 ≤
𝑥
≤ 4.4.0
f5big-iq_security
4.0.0 ≤
𝑥
≤ 4.4.0
f5enterprise_manager
2.1.0 ≤
𝑥
≤ 2.3.0
f5enterprise_manager
3.0.0 ≤
𝑥
≤ 3.1.1
f5traffix_signaling_delivery_controller
4.0.0 ≤
𝑥
≤ 4.0.5
f5traffix_signaling_delivery_controller
3.3.2
f5traffix_signaling_delivery_controller
3.4.1
f5traffix_signaling_delivery_controller
3.5.1
f5traffix_signaling_delivery_controller
4.1.0
f5arx_firmware
6.0.0 ≤
𝑥
≤ 6.4.0
citrixnetscaler_sdx_firmware
𝑥
< 9.3.67.5r1
citrixnetscaler_sdx_firmware
10 ≤
𝑥
< 10.1.129.11r1
citrixnetscaler_sdx_firmware
10.5 ≤
𝑥
< 10.5.52.11r1
applemac_os_x
10.0.0 ≤
𝑥
< 10.10.0
vmwarevcenter_server_appliance
5.0
vmwarevcenter_server_appliance
5.0:update_1
vmwarevcenter_server_appliance
5.0:update_2
vmwarevcenter_server_appliance
5.1
vmwarevcenter_server_appliance
5.1:update_1
vmwarevcenter_server_appliance
5.1:update_2
vmwarevcenter_server_appliance
5.5
vmwarevcenter_server_appliance
5.5:update_1
vmwareesx
4.0
vmwareesx
4.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
bash
bullseye
5.1-2+deb11u1
fixed
bookworm
5.2.15-2
fixed
sid
5.2.32-1
fixed
trixie
5.2.32-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
bash
trusty
Fixed 4.3-7ubuntu1.1
released
precise
Fixed 4.2-2ubuntu2.2
released
lucid
Fixed 4.1-2ubuntu3.1
released
Common Weakness Enumeration
Vulnerability Media Exposure
References
http://advisories.mageia.org/MGASA-2014-0388.html
http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html
http://jvn.jp/en/jp/JVN55667175/index.html
http://jvndb.jvn.jp/jvndb/JVNDB-2014-000126
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10673
http://lcamtuf.blogspot.com/2014/09/quick-notes-about-bash-bug-its-impact.html
http://linux.oracle.com/errata/ELSA-2014-1293.html
http://linux.oracle.com/errata/ELSA-2014-1294.html
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00028.html
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00029.html
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00034.html
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00037.html
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00040.html
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00044.html
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00049.html
http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00004.html
http://lists.opensuse.org/opensuse-updates/2014-10/msg00023.html
http://lists.opensuse.org/opensuse-updates/2014-10/msg00025.html
http://marc.info/?l=bugtraq&m=141216207813411&w=2
http://marc.info/?l=bugtraq&m=141216668515282&w=2
http://marc.info/?l=bugtraq&m=141235957116749&w=2
http://marc.info/?l=bugtraq&m=141319209015420&w=2
http://marc.info/?l=bugtraq&m=141330425327438&w=2
http://marc.info/?l=bugtraq&m=141330468527613&w=2
http://marc.info/?l=bugtraq&m=141345648114150&w=2
http://marc.info/?l=bugtraq&m=141383026420882&w=2
http://marc.info/?l=bugtraq&m=141383081521087&w=2
http://marc.info/?l=bugtraq&m=141383138121313&w=2
http://marc.info/?l=bugtraq&m=141383196021590&w=2
http://marc.info/?l=bugtraq&m=141383244821813&w=2
http://marc.info/?l=bugtraq&m=141383304022067&w=2
http://marc.info/?l=bugtraq&m=141383353622268&w=2
http://marc.info/?l=bugtraq&m=141383465822787&w=2
http://marc.info/?l=bugtraq&m=141450491804793&w=2
http://marc.info/?l=bugtraq&m=141576728022234&w=2
http://marc.info/?l=bugtraq&m=141577137423233&w=2
http://marc.info/?l=bugtraq&m=141577241923505&w=2
http://marc.info/?l=bugtraq&m=141577297623641&w=2
http://marc.info/?l=bugtraq&m=141585637922673&w=2
http://marc.info/?l=bugtraq&m=141694386919794&w=2
http://marc.info/?l=bugtraq&m=141879528318582&w=2
http://marc.info/?l=bugtraq&m=141879528318582&w=2
http://marc.info/?l=bugtraq&m=141879528318582&w=2
http://marc.info/?l=bugtraq&m=141879528318582&w=2
http://marc.info/?l=bugtraq&m=142113462216480&w=2
http://marc.info/?l=bugtraq&m=142113462216480&w=2
http://marc.info/?l=bugtraq&m=142113462216480&w=2
http://marc.info/?l=bugtraq&m=142113462216480&w=2
http://marc.info/?l=bugtraq&m=142118135300698&w=2
http://marc.info/?l=bugtraq&m=142118135300698&w=2
http://marc.info/?l=bugtraq&m=142118135300698&w=2
http://marc.info/?l=bugtraq&m=142118135300698&w=2
http://marc.info/?l=bugtraq&m=142118135300698&w=2
http://marc.info/?l=bugtraq&m=142118135300698&w=2
http://marc.info/?l=bugtraq&m=142118135300698&w=2
http://marc.info/?l=bugtraq&m=142118135300698&w=2
http://marc.info/?l=bugtraq&m=142118135300698&w=2
http://marc.info/?l=bugtraq&m=142358026505815&w=2
http://marc.info/?l=bugtraq&m=142358026505815&w=2
http://marc.info/?l=bugtraq&m=142358026505815&w=2
http://marc.info/?l=bugtraq&m=142358026505815&w=2
http://marc.info/?l=bugtraq&m=142358078406056&w=2
http://marc.info/?l=bugtraq&m=142546741516006&w=2
http://marc.info/?l=bugtraq&m=142719845423222&w=2
http://marc.info/?l=bugtraq&m=142719845423222&w=2
http://marc.info/?l=bugtraq&m=142719845423222&w=2
http://marc.info/?l=bugtraq&m=142719845423222&w=2
http://marc.info/?l=bugtraq&m=142721162228379&w=2
http://marc.info/?l=bugtraq&m=142721162228379&w=2
http://marc.info/?l=bugtraq&m=142721162228379&w=2
http://marc.info/?l=bugtraq&m=142721162228379&w=2
http://marc.info/?l=bugtraq&m=142805027510172&w=2
http://packetstormsecurity.com/files/128517/VMware-Security-Advisory-2014-0010.html
http://packetstormsecurity.com/files/128567/CA-Technologies-GNU-Bash-Shellshock.html
http://packetstormsecurity.com/files/128573/Apache-mod_cgi-Remote-Command-Execution.html
http://packetstormsecurity.com/files/137376/IPFire-Bash-Environment-Variable-Injection-Shellshock.html
http://packetstormsecurity.com/files/161107/SonicWall-SSL-VPN-Shellshock-Remote-Code-Execution.html
http://rhn.redhat.com/errata/RHSA-2014-1293.html
http://rhn.redhat.com/errata/RHSA-2014-1294.html
http://rhn.redhat.com/errata/RHSA-2014-1295.html
http://rhn.redhat.com/errata/RHSA-2014-1354.html
http://seclists.org/fulldisclosure/2014/Oct/0
http://secunia.com/advisories/58200
http://secunia.com/advisories/59272
http://secunia.com/advisories/59737
http://secunia.com/advisories/59907
http://secunia.com/advisories/60024
http://secunia.com/advisories/60034
http://secunia.com/advisories/60044
http://secunia.com/advisories/60055
http://secunia.com/advisories/60063
http://secunia.com/advisories/60193
http://secunia.com/advisories/60325
http://secunia.com/advisories/60433
http://secunia.com/advisories/60947
http://secunia.com/advisories/61065
http://secunia.com/advisories/61128
http://secunia.com/advisories/61129
http://secunia.com/advisories/61188
http://secunia.com/advisories/61283
http://secunia.com/advisories/61287
http://secunia.com/advisories/61291
http://secunia.com/advisories/61312
http://secunia.com/advisories/61313
http://secunia.com/advisories/61328
http://secunia.com/advisories/61442
http://secunia.com/advisories/61471
http://secunia.com/advisories/61485
http://secunia.com/advisories/61503
http://secunia.com/advisories/61542
http://secunia.com/advisories/61547
http://secunia.com/advisories/61550
http://secunia.com/advisories/61552
http://secunia.com/advisories/61565
http://secunia.com/advisories/61603
http://secunia.com/advisories/61633
http://secunia.com/advisories/61641
http://secunia.com/advisories/61643
http://secunia.com/advisories/61654
http://secunia.com/advisories/61676
http://secunia.com/advisories/61700
http://secunia.com/advisories/61703
http://secunia.com/advisories/61711
http://secunia.com/advisories/61715
http://secunia.com/advisories/61780
http://secunia.com/advisories/61816
http://secunia.com/advisories/61855
http://secunia.com/advisories/61857
http://secunia.com/advisories/61873
http://secunia.com/advisories/62228
http://secunia.com/advisories/62312
http://secunia.com/advisories/62343
http://support.apple.com/kb/HT6495
http://support.novell.com/security/cve/CVE-2014-6271.html
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash
http://www-01.ibm.com/support/docview.wss?uid=isg3T1021272
http://www-01.ibm.com/support/docview.wss?uid=isg3T1021279
http://www-01.ibm.com/support/docview.wss?uid=isg3T1021361
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004879
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004897
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004898
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004915
http://www-01.ibm.com/support/docview.wss?uid=swg21685541
http://www-01.ibm.com/support/docview.wss?uid=swg21685604
http://www-01.ibm.com/support/docview.wss?uid=swg21685733
http://www-01.ibm.com/support/docview.wss?uid=swg21685749
http://www-01.ibm.com/support/docview.wss?uid=swg21685914
http://www-01.ibm.com/support/docview.wss?uid=swg21686084
http://www-01.ibm.com/support/docview.wss?uid=swg21686131
http://www-01.ibm.com/support/docview.wss?uid=swg21686246
http://www-01.ibm.com/support/docview.wss?uid=swg21686445
http://www-01.ibm.com/support/docview.wss?uid=swg21686447
http://www-01.ibm.com/support/docview.wss?uid=swg21686479
http://www-01.ibm.com/support/docview.wss?uid=swg21686494
http://www-01.ibm.com/support/docview.wss?uid=swg21687079
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096315
http://www.debian.org/security/2014/dsa-3032
http://www.kb.cert.org/vuls/id/252743
http://www.mandriva.com/security/advisories?name=MDVSA-2015:164
http://www.novell.com/support/kb/doc.php?id=7015701
http://www.novell.com/support/kb/doc.php?id=7015721
http://www.oracle.com/technetwork/topics/security/bashcve-2014-7169-2317675.html
http://www.qnap.com/i/en/support/con_show.php?cid=61
http://www.securityfocus.com/archive/1/533593/100/0/threaded
http://www.securityfocus.com/bid/70103
http://www.ubuntu.com/usn/USN-2362-1
http://www.us-cert.gov/ncas/alerts/TA14-268A
http://www.vmware.com/security/advisories/VMSA-2014-0010.html
http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0
https://access.redhat.com/articles/1200223
https://access.redhat.com/node/1200223
https://bugzilla.redhat.com/show_bug.cgi?id=1141597
https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes
https://kb.bluecoat.com/index?page=content&id=SA82
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10648
https://kc.mcafee.com/corporate/index?page=content&id=SB10085
https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/
https://support.apple.com/kb/HT6535
https://support.citrix.com/article/CTX200217
https://support.citrix.com/article/CTX200223
https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15629.html
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04497075
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04518183
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk102673&src=securityAlerts
https://www.arista.com/en/support/advisories-notices/security-advisories/1008-security-advisory-0006
https://www.exploit-db.com/exploits/34879/
https://www.exploit-db.com/exploits/37816/
https://www.exploit-db.com/exploits/38849/
https://www.exploit-db.com/exploits/39918/
https://www.exploit-db.com/exploits/40619/
https://www.exploit-db.com/exploits/40938/
https://www.exploit-db.com/exploits/42938/
https://www.suse.com/support/shellshock/
http://advisories.mageia.org/MGASA-2014-0388.html
http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html
http://jvn.jp/en/jp/JVN55667175/index.html
http://jvndb.jvn.jp/jvndb/JVNDB-2014-000126
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10673
http://lcamtuf.blogspot.com/2014/09/quick-notes-about-bash-bug-its-impact.html
http://linux.oracle.com/errata/ELSA-2014-1293.html
http://linux.oracle.com/errata/ELSA-2014-1294.html
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00028.html
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00029.html
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00034.html
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00037.html
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00040.html
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00044.html
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00049.html
http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00004.html
http://lists.opensuse.org/opensuse-updates/2014-10/msg00023.html
http://lists.opensuse.org/opensuse-updates/2014-10/msg00025.html
http://marc.info/?l=bugtraq&m=141216207813411&w=2
http://marc.info/?l=bugtraq&m=141216668515282&w=2
http://marc.info/?l=bugtraq&m=141235957116749&w=2
http://marc.info/?l=bugtraq&m=141319209015420&w=2
http://marc.info/?l=bugtraq&m=141330425327438&w=2
http://marc.info/?l=bugtraq&m=141330468527613&w=2
http://marc.info/?l=bugtraq&m=141345648114150&w=2
http://marc.info/?l=bugtraq&m=141383026420882&w=2
http://marc.info/?l=bugtraq&m=141383081521087&w=2
http://marc.info/?l=bugtraq&m=141383138121313&w=2
http://marc.info/?l=bugtraq&m=141383196021590&w=2
http://marc.info/?l=bugtraq&m=141383244821813&w=2
http://marc.info/?l=bugtraq&m=141383304022067&w=2
http://marc.info/?l=bugtraq&m=141383353622268&w=2
http://marc.info/?l=bugtraq&m=141383465822787&w=2
http://marc.info/?l=bugtraq&m=141450491804793&w=2
http://marc.info/?l=bugtraq&m=141576728022234&w=2
http://marc.info/?l=bugtraq&m=141577137423233&w=2
http://marc.info/?l=bugtraq&m=141577241923505&w=2
http://marc.info/?l=bugtraq&m=141577297623641&w=2
http://marc.info/?l=bugtraq&m=141585637922673&w=2
http://marc.info/?l=bugtraq&m=141694386919794&w=2
http://marc.info/?l=bugtraq&m=141879528318582&w=2
http://marc.info/?l=bugtraq&m=141879528318582&w=2
http://marc.info/?l=bugtraq&m=141879528318582&w=2
http://marc.info/?l=bugtraq&m=141879528318582&w=2
http://marc.info/?l=bugtraq&m=142113462216480&w=2
http://marc.info/?l=bugtraq&m=142113462216480&w=2
http://marc.info/?l=bugtraq&m=142113462216480&w=2
http://marc.info/?l=bugtraq&m=142113462216480&w=2
http://marc.info/?l=bugtraq&m=142118135300698&w=2
http://marc.info/?l=bugtraq&m=142118135300698&w=2
http://marc.info/?l=bugtraq&m=142118135300698&w=2
http://marc.info/?l=bugtraq&m=142118135300698&w=2
http://marc.info/?l=bugtraq&m=142118135300698&w=2
http://marc.info/?l=bugtraq&m=142118135300698&w=2
http://marc.info/?l=bugtraq&m=142118135300698&w=2
http://marc.info/?l=bugtraq&m=142118135300698&w=2
http://marc.info/?l=bugtraq&m=142118135300698&w=2
http://marc.info/?l=bugtraq&m=142358026505815&w=2
http://marc.info/?l=bugtraq&m=142358026505815&w=2
http://marc.info/?l=bugtraq&m=142358026505815&w=2
http://marc.info/?l=bugtraq&m=142358026505815&w=2
http://marc.info/?l=bugtraq&m=142358078406056&w=2
http://marc.info/?l=bugtraq&m=142546741516006&w=2
http://marc.info/?l=bugtraq&m=142719845423222&w=2
http://marc.info/?l=bugtraq&m=142719845423222&w=2
http://marc.info/?l=bugtraq&m=142719845423222&w=2
http://marc.info/?l=bugtraq&m=142719845423222&w=2
http://marc.info/?l=bugtraq&m=142721162228379&w=2
http://marc.info/?l=bugtraq&m=142721162228379&w=2
http://marc.info/?l=bugtraq&m=142721162228379&w=2
http://marc.info/?l=bugtraq&m=142721162228379&w=2
http://marc.info/?l=bugtraq&m=142805027510172&w=2
http://packetstormsecurity.com/files/128517/VMware-Security-Advisory-2014-0010.html
http://packetstormsecurity.com/files/128567/CA-Technologies-GNU-Bash-Shellshock.html
http://packetstormsecurity.com/files/128573/Apache-mod_cgi-Remote-Command-Execution.html
http://packetstormsecurity.com/files/137376/IPFire-Bash-Environment-Variable-Injection-Shellshock.html
http://packetstormsecurity.com/files/161107/SonicWall-SSL-VPN-Shellshock-Remote-Code-Execution.html
http://rhn.redhat.com/errata/RHSA-2014-1293.html
http://rhn.redhat.com/errata/RHSA-2014-1294.html
http://rhn.redhat.com/errata/RHSA-2014-1295.html
http://rhn.redhat.com/errata/RHSA-2014-1354.html
http://seclists.org/fulldisclosure/2014/Oct/0
http://secunia.com/advisories/58200
http://secunia.com/advisories/59272
http://secunia.com/advisories/59737
http://secunia.com/advisories/59907
http://secunia.com/advisories/60024
http://secunia.com/advisories/60034
http://secunia.com/advisories/60044
http://secunia.com/advisories/60055
http://secunia.com/advisories/60063
http://secunia.com/advisories/60193
http://secunia.com/advisories/60325
http://secunia.com/advisories/60433
http://secunia.com/advisories/60947
http://secunia.com/advisories/61065
http://secunia.com/advisories/61128
http://secunia.com/advisories/61129
http://secunia.com/advisories/61188
http://secunia.com/advisories/61283
http://secunia.com/advisories/61287
http://secunia.com/advisories/61291
http://secunia.com/advisories/61312
http://secunia.com/advisories/61313
http://secunia.com/advisories/61328
http://secunia.com/advisories/61442
http://secunia.com/advisories/61471
http://secunia.com/advisories/61485
http://secunia.com/advisories/61503
http://secunia.com/advisories/61542
http://secunia.com/advisories/61547
http://secunia.com/advisories/61550
http://secunia.com/advisories/61552
http://secunia.com/advisories/61565
http://secunia.com/advisories/61603
http://secunia.com/advisories/61633
http://secunia.com/advisories/61641
http://secunia.com/advisories/61643
http://secunia.com/advisories/61654
http://secunia.com/advisories/61676
http://secunia.com/advisories/61700
http://secunia.com/advisories/61703
http://secunia.com/advisories/61711
http://secunia.com/advisories/61715
http://secunia.com/advisories/61780
http://secunia.com/advisories/61816
http://secunia.com/advisories/61855
http://secunia.com/advisories/61857
http://secunia.com/advisories/61873
http://secunia.com/advisories/62228
http://secunia.com/advisories/62312
http://secunia.com/advisories/62343
http://support.apple.com/kb/HT6495
http://support.novell.com/security/cve/CVE-2014-6271.html
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash
http://www-01.ibm.com/support/docview.wss?uid=isg3T1021272
http://www-01.ibm.com/support/docview.wss?uid=isg3T1021279
http://www-01.ibm.com/support/docview.wss?uid=isg3T1021361
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004879
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004897
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004898
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004915
http://www-01.ibm.com/support/docview.wss?uid=swg21685541
http://www-01.ibm.com/support/docview.wss?uid=swg21685604
http://www-01.ibm.com/support/docview.wss?uid=swg21685733
http://www-01.ibm.com/support/docview.wss?uid=swg21685749
http://www-01.ibm.com/support/docview.wss?uid=swg21685914
http://www-01.ibm.com/support/docview.wss?uid=swg21686084
http://www-01.ibm.com/support/docview.wss?uid=swg21686131
http://www-01.ibm.com/support/docview.wss?uid=swg21686246
http://www-01.ibm.com/support/docview.wss?uid=swg21686445
http://www-01.ibm.com/support/docview.wss?uid=swg21686447
http://www-01.ibm.com/support/docview.wss?uid=swg21686479
http://www-01.ibm.com/support/docview.wss?uid=swg21686494
http://www-01.ibm.com/support/docview.wss?uid=swg21687079
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096315
http://www.debian.org/security/2014/dsa-3032
http://www.kb.cert.org/vuls/id/252743
http://www.mandriva.com/security/advisories?name=MDVSA-2015:164
http://www.novell.com/support/kb/doc.php?id=7015701
http://www.novell.com/support/kb/doc.php?id=7015721
http://www.oracle.com/technetwork/topics/security/bashcve-2014-7169-2317675.html
http://www.qnap.com/i/en/support/con_show.php?cid=61
http://www.securityfocus.com/archive/1/533593/100/0/threaded
http://www.securityfocus.com/bid/70103
http://www.ubuntu.com/usn/USN-2362-1
http://www.us-cert.gov/ncas/alerts/TA14-268A
http://www.vmware.com/security/advisories/VMSA-2014-0010.html
http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0
https://access.redhat.com/articles/1200223
https://access.redhat.com/node/1200223
https://bugzilla.redhat.com/show_bug.cgi?id=1141597
https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes
https://kb.bluecoat.com/index?page=content&id=SA82
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10648
https://kc.mcafee.com/corporate/index?page=content&id=SB10085
https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/
https://support.apple.com/kb/HT6535
https://support.citrix.com/article/CTX200217
https://support.citrix.com/article/CTX200223
https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15629.html
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04497075
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04518183
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk102673&src=securityAlerts
https://www.arista.com/en/support/advisories-notices/security-advisories/1008-security-advisory-0006
https://www.exploit-db.com/exploits/34879/
https://www.exploit-db.com/exploits/37816/
https://www.exploit-db.com/exploits/38849/
https://www.exploit-db.com/exploits/39918/
https://www.exploit-db.com/exploits/40619/
https://www.exploit-db.com/exploits/40938/
https://www.exploit-db.com/exploits/42938/
https://www.suse.com/support/shellshock/