CVE-2014-6277

27.09.2014, 22:55

GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access, and untrusted-pointer read and write operations) via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271 and CVE-2014-7169.

OS Command Injection

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	10 UNKNOWN	NETWORK	LOW		AV:N/AC:L/Au:N/C:C/I:C/A:C
debian	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 99%

Vendor	Product	Version
gnu	bash	1.14.0
gnu	bash	1.14.1
gnu	bash	1.14.2
gnu	bash	1.14.3
gnu	bash	1.14.4
gnu	bash	1.14.5
gnu	bash	1.14.6
gnu	bash	1.14.7
gnu	bash	2.0
gnu	bash	2.01
gnu	bash	2.01.1
gnu	bash	2.02
gnu	bash	2.02.1
gnu	bash	2.03
gnu	bash	2.04
gnu	bash	2.05
gnu	bash	2.05:a
gnu	bash	2.05:b
gnu	bash	3.0
gnu	bash	3.0.16
gnu	bash	3.1
gnu	bash	3.2
gnu	bash	3.2.48
gnu	bash	4.0
gnu	bash	4.0:rc1
gnu	bash	4.1
gnu	bash	4.2
gnu	bash	4.3

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

bash

bullseye	5.1-2+deb11u1 fixed
bookworm	5.2.15-2 fixed
sid	5.2.32-1 fixed
trixie	5.2.32-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

bash

trusty	Fixed 4.3-7ubuntu1.5 released
precise	Fixed 4.2-2ubuntu2.6 released
lucid	Fixed 4.1-2ubuntu3.5 released

Known Exploits!

Common Weakness Enumeration

CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The software constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

References

http://jvn.jp/en/jp/JVN55667175/index.html

http://jvndb.jvn.jp/jvndb/JVNDB-2014-000126

http://lcamtuf.blogspot.com/2014/09/bash-bug-apply-unofficial-patch-now.html

http://lcamtuf.blogspot.com/2014/10/bash-bug-how-we-finally-cracked.html

http://linux.oracle.com/errata/ELSA-2014-3093

http://linux.oracle.com/errata/ELSA-2014-3094

http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html

http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html

http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00004.html

http://lists.opensuse.org/opensuse-updates/2014-10/msg00025.html

http://marc.info/?l=bugtraq&m=141330468527613&w=2

http://marc.info/?l=bugtraq&m=141345648114150&w=2

http://marc.info/?l=bugtraq&m=141383026420882&w=2

http://marc.info/?l=bugtraq&m=141383081521087&w=2

http://marc.info/?l=bugtraq&m=141383196021590&w=2

http://marc.info/?l=bugtraq&m=141383244821813&w=2

http://marc.info/?l=bugtraq&m=141383304022067&w=2

http://marc.info/?l=bugtraq&m=141383353622268&w=2

http://marc.info/?l=bugtraq&m=141383465822787&w=2

http://marc.info/?l=bugtraq&m=141450491804793&w=2

http://marc.info/?l=bugtraq&m=141576728022234&w=2

http://marc.info/?l=bugtraq&m=141577137423233&w=2

http://marc.info/?l=bugtraq&m=141577241923505&w=2

http://marc.info/?l=bugtraq&m=141577297623641&w=2

http://marc.info/?l=bugtraq&m=141585637922673&w=2

http://marc.info/?l=bugtraq&m=141879528318582&w=2

http://marc.info/?l=bugtraq&m=141879528318582&w=2

http://marc.info/?l=bugtraq&m=142118135300698&w=2

http://marc.info/?l=bugtraq&m=142118135300698&w=2

http://marc.info/?l=bugtraq&m=142118135300698&w=2

http://marc.info/?l=bugtraq&m=142289270617409&w=2

http://marc.info/?l=bugtraq&m=142289270617409&w=2

http://marc.info/?l=bugtraq&m=142358026505815&w=2

http://marc.info/?l=bugtraq&m=142358026505815&w=2

http://marc.info/?l=bugtraq&m=142358078406056&w=2

http://marc.info/?l=bugtraq&m=142721162228379&w=2

http://marc.info/?l=bugtraq&m=142721162228379&w=2

http://packetstormsecurity.com/files/128567/CA-Technologies-GNU-Bash-Shellshock.html

http://secunia.com/advisories/58200

http://secunia.com/advisories/59907

http://secunia.com/advisories/59961

http://secunia.com/advisories/60024

http://secunia.com/advisories/60034

http://secunia.com/advisories/60044

http://secunia.com/advisories/60055

http://secunia.com/advisories/60063

http://secunia.com/advisories/60193

http://secunia.com/advisories/60325

http://secunia.com/advisories/60433

http://secunia.com/advisories/61065

http://secunia.com/advisories/61128

http://secunia.com/advisories/61129

http://secunia.com/advisories/61283

http://secunia.com/advisories/61287

http://secunia.com/advisories/61291

http://secunia.com/advisories/61312

http://secunia.com/advisories/61313

http://secunia.com/advisories/61328

http://secunia.com/advisories/61442

http://secunia.com/advisories/61471

http://secunia.com/advisories/61485

http://secunia.com/advisories/61503

http://secunia.com/advisories/61550

http://secunia.com/advisories/61552

http://secunia.com/advisories/61565

http://secunia.com/advisories/61603

http://secunia.com/advisories/61633

http://secunia.com/advisories/61641

http://secunia.com/advisories/61643

http://secunia.com/advisories/61654

http://secunia.com/advisories/61703

http://secunia.com/advisories/61780

http://secunia.com/advisories/61816

http://secunia.com/advisories/61857

http://secunia.com/advisories/62312

http://secunia.com/advisories/62343

http://support.apple.com/HT204244

http://support.novell.com/security/cve/CVE-2014-6277.html

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash

http://www-01.ibm.com/support/docview.wss?uid=isg3T1021272

http://www-01.ibm.com/support/docview.wss?uid=isg3T1021279

http://www-01.ibm.com/support/docview.wss?uid=isg3T1021361

http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004879

http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004897

http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004898

http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004915

http://www-01.ibm.com/support/docview.wss?uid=swg21685541

http://www-01.ibm.com/support/docview.wss?uid=swg21685604

http://www-01.ibm.com/support/docview.wss?uid=swg21685733

http://www-01.ibm.com/support/docview.wss?uid=swg21685749

http://www-01.ibm.com/support/docview.wss?uid=swg21685914

http://www-01.ibm.com/support/docview.wss?uid=swg21686131

http://www-01.ibm.com/support/docview.wss?uid=swg21686246

http://www-01.ibm.com/support/docview.wss?uid=swg21686445

http://www-01.ibm.com/support/docview.wss?uid=swg21686479

http://www-01.ibm.com/support/docview.wss?uid=swg21686494

http://www-01.ibm.com/support/docview.wss?uid=swg21687079

http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096315

http://www.mandriva.com/security/advisories?name=MDVSA-2015:164

http://www.novell.com/support/kb/doc.php?id=7015721

http://www.oracle.com/technetwork/topics/security/bashcve-2014-7169-2317675.html

http://www.qnap.com/i/en/support/con_show.php?cid=61

http://www.ubuntu.com/usn/USN-2380-1

http://www.vmware.com/security/advisories/VMSA-2014-0010.html

https://kb.bluecoat.com/index?page=content&id=SA82

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10648

https://kc.mcafee.com/corporate/index?page=content&id=SB10085

https://support.apple.com/HT205267

https://support.citrix.com/article/CTX200217

https://support.citrix.com/article/CTX200223

https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15629.html

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04497075

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04518183

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk102673&src=securityAlerts

https://www.suse.com/support/shellshock/

http://jvn.jp/en/jp/JVN55667175/index.html

http://jvndb.jvn.jp/jvndb/JVNDB-2014-000126

http://lcamtuf.blogspot.com/2014/09/bash-bug-apply-unofficial-patch-now.html

http://lcamtuf.blogspot.com/2014/10/bash-bug-how-we-finally-cracked.html

http://linux.oracle.com/errata/ELSA-2014-3093

http://linux.oracle.com/errata/ELSA-2014-3094

http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html

http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html

http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00004.html

http://lists.opensuse.org/opensuse-updates/2014-10/msg00025.html

http://marc.info/?l=bugtraq&m=141330468527613&w=2

http://marc.info/?l=bugtraq&m=141345648114150&w=2

http://marc.info/?l=bugtraq&m=141383026420882&w=2

http://marc.info/?l=bugtraq&m=141383081521087&w=2

http://marc.info/?l=bugtraq&m=141383196021590&w=2

http://marc.info/?l=bugtraq&m=141383244821813&w=2

http://marc.info/?l=bugtraq&m=141383304022067&w=2

http://marc.info/?l=bugtraq&m=141383353622268&w=2

http://marc.info/?l=bugtraq&m=141383465822787&w=2

http://marc.info/?l=bugtraq&m=141450491804793&w=2

http://marc.info/?l=bugtraq&m=141576728022234&w=2

http://marc.info/?l=bugtraq&m=141577137423233&w=2

http://marc.info/?l=bugtraq&m=141577241923505&w=2

http://marc.info/?l=bugtraq&m=141577297623641&w=2

http://marc.info/?l=bugtraq&m=141585637922673&w=2

http://marc.info/?l=bugtraq&m=141879528318582&w=2

http://marc.info/?l=bugtraq&m=141879528318582&w=2

http://marc.info/?l=bugtraq&m=142118135300698&w=2

http://marc.info/?l=bugtraq&m=142118135300698&w=2

http://marc.info/?l=bugtraq&m=142118135300698&w=2

http://marc.info/?l=bugtraq&m=142289270617409&w=2

http://marc.info/?l=bugtraq&m=142289270617409&w=2

http://marc.info/?l=bugtraq&m=142358026505815&w=2

http://marc.info/?l=bugtraq&m=142358026505815&w=2

http://marc.info/?l=bugtraq&m=142358078406056&w=2

http://marc.info/?l=bugtraq&m=142721162228379&w=2

http://marc.info/?l=bugtraq&m=142721162228379&w=2

http://packetstormsecurity.com/files/128567/CA-Technologies-GNU-Bash-Shellshock.html

http://secunia.com/advisories/58200

http://secunia.com/advisories/59907

http://secunia.com/advisories/59961

http://secunia.com/advisories/60024

http://secunia.com/advisories/60034

http://secunia.com/advisories/60044

http://secunia.com/advisories/60055

http://secunia.com/advisories/60063

http://secunia.com/advisories/60193

http://secunia.com/advisories/60325

http://secunia.com/advisories/60433

http://secunia.com/advisories/61065

http://secunia.com/advisories/61128

http://secunia.com/advisories/61129

http://secunia.com/advisories/61283

http://secunia.com/advisories/61287

http://secunia.com/advisories/61291

http://secunia.com/advisories/61312

http://secunia.com/advisories/61313

http://secunia.com/advisories/61328

http://secunia.com/advisories/61442

http://secunia.com/advisories/61471

http://secunia.com/advisories/61485

http://secunia.com/advisories/61503

http://secunia.com/advisories/61550

http://secunia.com/advisories/61552

http://secunia.com/advisories/61565

http://secunia.com/advisories/61603

http://secunia.com/advisories/61633

http://secunia.com/advisories/61641

http://secunia.com/advisories/61643

http://secunia.com/advisories/61654

http://secunia.com/advisories/61703

http://secunia.com/advisories/61780

http://secunia.com/advisories/61816

http://secunia.com/advisories/61857

http://secunia.com/advisories/62312

http://secunia.com/advisories/62343

http://support.apple.com/HT204244

http://support.novell.com/security/cve/CVE-2014-6277.html

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash

http://www-01.ibm.com/support/docview.wss?uid=isg3T1021272

http://www-01.ibm.com/support/docview.wss?uid=isg3T1021279

http://www-01.ibm.com/support/docview.wss?uid=isg3T1021361

http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004879

http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004897

http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004898

http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004915

http://www-01.ibm.com/support/docview.wss?uid=swg21685541

http://www-01.ibm.com/support/docview.wss?uid=swg21685604

http://www-01.ibm.com/support/docview.wss?uid=swg21685733

http://www-01.ibm.com/support/docview.wss?uid=swg21685749

http://www-01.ibm.com/support/docview.wss?uid=swg21685914

http://www-01.ibm.com/support/docview.wss?uid=swg21686131

http://www-01.ibm.com/support/docview.wss?uid=swg21686246

http://www-01.ibm.com/support/docview.wss?uid=swg21686445

http://www-01.ibm.com/support/docview.wss?uid=swg21686479

http://www-01.ibm.com/support/docview.wss?uid=swg21686494

http://www-01.ibm.com/support/docview.wss?uid=swg21687079

http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096315

http://www.mandriva.com/security/advisories?name=MDVSA-2015:164

http://www.novell.com/support/kb/doc.php?id=7015721

http://www.oracle.com/technetwork/topics/security/bashcve-2014-7169-2317675.html

http://www.qnap.com/i/en/support/con_show.php?cid=61

http://www.ubuntu.com/usn/USN-2380-1

http://www.vmware.com/security/advisories/VMSA-2014-0010.html

https://kb.bluecoat.com/index?page=content&id=SA82

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10648

https://kc.mcafee.com/corporate/index?page=content&id=SB10085

https://support.apple.com/HT205267

https://support.citrix.com/article/CTX200217

https://support.citrix.com/article/CTX200223

https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15629.html

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04497075

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04518183

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk102673&src=securityAlerts

https://www.suse.com/support/shellshock/