VAR-201409-0366
Vulnerability from variot - Updated: 2026-03-07 23:15GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access, and untrusted-pointer read and write operations) via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271 and CVE-2014-7169. QNAP Systems, Inc. Provided by QTS teeth, Turbo NAS for OS is. QTS for, GNU Bash Vulnerability (JVNVU#97219505) caused by OS Command injection vulnerability (CWE-78) Exists. This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : University of Electro-Communications Wakisaka Yuki MrAny application permission OS The command may be executed. An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.
NOTE: This vulnerability can only be exploited if the attacker already has valid administrative login credentials.
Existing users may upgrade to HP OneView version 1.20 using the Update Appliance feature in HP OneView.
Go to the HP Software Depot site at http://www.software.hp.com and search for HP OneView. Good morning! This is kinda long.
== Background ==
If you are not familiar with the original bash function export vulnerability (CVE-2014-6271), you may want to have a look at this article:
http://lcamtuf.blogspot.com/2014/09/quick-notes-about-bash-bug-its-impact.html
Well, long story short: the initial maintainer-provided patch for this issue [1] (released on September 24) is conclusively broken.
After nagging people to update for a while [5] [7], I wanted to share the technical details of two previously non-public issues which may be used to circumvent the original patch: CVE-2014-6277 and CVE-2014-6278.
Note that the issues discussed here are separate from the three probably less severe problems publicly disclosed earlier on: Tavis' limited-exploitability EOL bug (CVE-2014-7169) and two likely non-exploitable one-off issues found by Florian Weimer and Todd Sabin (CVE-2014-7186 and CVE-2014-7187).
== Required actions ==
If you have installed just the September 24 patch [1], or that and the follow-up September 26 patch for CVE-2014-7169 [2], you are likely still vulnerable to RCE and need to update ASAP, as discussed in [5].
You are safe if you have installed the unofficial function prefix patch from Florian Weimer [3], or its upstream variant released on September 28 [4]. The patch does not eliminate the problems, but shields the underlying parser from untrusted inputs under normal circumstances.
Note: over the past few days, Florian's patch has been picked up by major Linux distros (Red Hat, Debian, SUSE, etc), so there is a reasonable probability that you are in good shape. To test, execute this command from within a bash shell:
foo='() { echo not patched; }' bash -c foo
If you see "not patched", you probably want upgrade immediately. If you see "bash: foo: command not found", you're OK.
== Vulnerability details: CVE-2014-6277 (the more involved one) ==
The following function definition appearing in the value of any environmental variable passed to bash will lead to an attempt to dereference attacker-controlled pointers (provided that the targeted instance of bash is protected only with the original patches [1][2] and does not include Florian's fix):
() { x() { ; }; x() { ; } <<a; }
A more complete example leading to a deref of 0x41414141 would be:
HTTP_COOKIE="() { x() { ; }; x() { ; } <<perl -e '{print
"A"x1000}'; }" bash -c :
bash[25662]: segfault at 41414141 ip 00190d96 sp bfbe6354 error 4 in libc-2.12.so[110000+191000]
(If you are seeing 0xdfdfdfdf, see note later on).
The issue is caused by an uninitialized here_doc_eof field in a REDIR struct originally created in make_redirection(). The initial segv will happen due to an attempt to read and then copy a string to a new buffer through a macro that expands to:
strcpy (xmalloc (1 + strlen (redirect->here_doc_eof)), (redirect->here_doc_eof))
This appears to be exploitable in at least one way: if here_doc_eof is chosen by the attacker to point in the vicinity of the current stack pointer, the apparent contents of the string - and therefore its length - may change between stack-based calls to xmalloc() and strcpy() as a natural consequence of an attempt to pass parameters and create local variables. Such a mid-macro switch will result in an out-of-bounds write to the newly-allocated memory.
A simple conceptual illustration of this attack vector would be:
-- snip! -- char* result; int len_alloced;
main(int argc, char** argv) {
/ The offset will be system- and compiler-specific /; char* ptr = &ptr - 9;
result = strcpy (malloc(100 + (len_alloced = strlen(ptr))), ptr);
printf("requested memory = %d\n" "copied text = %d\n", len_alloced + 1, strlen(result) + 1);
} -- snip! --
When compiled with the -O2 flag used for bash, on one test system, this produces:
requested memory = 2 copied text = 28
This can lead to heap corruption, with multiple writes possible per payload by simply increasing the number of malformed here-docs. The consequences should be fairly clear.
[ There is also a latter call to free() on here_doc_eof in dispose_cmd.c, but because of the simultaneous discovery of the much simpler bug '78 discussed in the next section, I have not spent a whole lot of time trying to figure out how to get to that path. ]
Perhaps notably, the ability to specify attacker-controlled addresses hinges on the state of --enable-bash-malloc and --enable-mem-scramble compile-time flags; if both are enabled, the memory returned by xmalloc() will be initialized to 0xdf, making the prospect of exploitation more speculative (essentially depending on whether the stack or any other memory region can be grown to overlap with 0xdfdfdfdf). That said, many Linux distributions disable one or both flags and are vulnerable out-of-the-box. It is also of note that relatively few distributions compile bash as PIE, so there is little consolation to be found in ASLR.
Similarly to the original vulnerability, this issue can be usually triggered remotely through web servers such as Apache (provided that they invoke CGI scripts or PHP / Python / Perl / C / Java servlets that rely on system() or popen()-type libcalls); through DHCP clients; and through some MUAs and MTAs. For a more detailed discussion of the exposed attack surface, refer to [6].
== Vulnerability details: CVE-2014-6278 (the "back to the '90s" one) ==
The following function definition appearing in the value of any environmental variable passed to bash 4.2 or 4.3 will lead to straightforward put-your-command-here RCE (again, provided that the targeted instance is not protected with Florian's patch):
() { ; } >[$($())] { echo hi mom; id; }
A complete example looks like this:
HTTP_COOKIE='() { ; } >[$($())] { echo hi mom; id; }' bash -c :
...or:
GET /some/script.cgi HTTP/1.0 User-Agent: () { ; } >[$($())] { id >/tmp/hi_mom; }
Note that the PoC does not work as-is in more ancient versions of bash, such as 2.x or 3.x; it might have been introduced with xparse_dolparen() starting with bash 4.2 patch level 12 few years back, but I have not investigated this in a lot of detail. Florian's patch is strongly recommended either way.
The attack surface through which this flaw may be triggered is roughly similar to that for CVE-2014-6277 and the original bash bug [6].
== Additional info ==
Both of these issues were identified in an automated fashion with american fuzzy lop:
https://code.google.com/p/american-fuzzy-lop
The out-of-the-box fuzzer was seeded with a minimal valid function definition ("() { foo() { foo; }; >bar; }") and allowed to run for a couple of hours on a single core.
In addition to the issues discussed above, the fuzzer also hit three of the four previously-reported CVEs.
I initially shared the findings privately with vendors, but because of the intense scrutiny that this codebase is under, the ease of reproducing these results with an open-source fuzzer, and the now-broad availability of upstream mitigations, there seems to be relatively little value in continued secrecy.
== References ==
[1] http://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-025 [2] http://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-026 [3] http://www.openwall.com/lists/oss-security/2014/09/25/13 [4] http://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-027 [5] http://lcamtuf.blogspot.com/2014/09/bash-bug-apply-unofficial-patch-now.html [6] http://lcamtuf.blogspot.com/2014/09/quick-notes-about-bash-bug-its-impact.html [7] http://www.pcworld.com/article/2688932/improved-patch-tackles-new-shellshock-attack-vectors.html
PS. There are no other bugs in bash.
--------- FOLLOW UP -----------
Date: Wed, 01 Oct 2014 07:32:57 -0700 From fulldisclosure-bounces@seclists.org Wed Oct 1 14:37:33 2014 From: Paul Vixie paul@redbarn.org To: Michal Zalewski lcamtuf@coredump.cx Cc: "fulldisclosure@seclists.org" fulldisclosure@seclists.org Subject: Re: [FD] the other bash RCEs (CVE-2014-6277 and CVE-2014-6278)
michal, thank you for your incredibly informative report here. i have a minor correction.
Michal Zalewski lcamtuf@coredump.cx Wednesday, October 01, 2014 7:21 AM ...
Note: over the past few days, Florian's patch has been picked up by major Linux distros (Red Hat, Debian, SUSE, etc), so there is a reasonable probability that you are in good shape. To test, execute this command from within a bash shell:
foo='() { echo not patched; }' bash -c foo
this command need not be executed from within bash. the problem occurs when bash is run by the command, and the shell that runs the command can be anything. for example, on a system where i have deliberately not patched bash, where sh is "ash" (almquist shell):
$ foo='() { echo not patched; }' bash -c foo not patched
here's me testing it from within tcsh:
% env foo='() { echo not patched; }' bash -c foo not patched % (setenv foo '() { echo not patched; }'; bash -c foo) not patched
this is a minor issue, but i've found in matters of security bug reports, tests, and discussions, that any minor matter can lead to deep misunderstanding.
thanks again for your excellent report, and your continuing work on this issue.
vixie
.
Open the PXE Configuration Utility on the HP Insight Control server deployment window Select Linux Managed from the Boot Menu options Click the Edit button. Clicking the Edit button displays the Edit Shared Menu Option window Uncheck the x86 option in Operating System and Processor Options and click OK. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04487573
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c04487573 Version: 1
HPSBST03155 rev.1 - HP StoreFabric H-series switches running Bash Shell, Remote Code Execution
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2014-11-11 Last Updated: 2014-11-11
Potential Security Impact: Remote code execution
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY A potential security vulnerability has been identified with HP StoreFabric H-series switches running Bash Shell.
References:
CVE-2014-6271 CVE-2014-6277 CVE-2014-6278 CVE-2014-7169 CVE-2014-7186 CVE-2014-7187 SSRT101747
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. All HP StoreFabric H-series switches
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2014-6271 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2014-6277 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2014-6278 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2014-7169 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2014-7186 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2014-7187 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP is actively working on a firmware update to resolve the vulnerability in HP StoreFabric H-series switches. This bulletin will be revised when the update is available.
MITIGATION INFORMATION
HP recommends the following steps to reduce the risk of this
vulnerability:
- Place the HP StoreFabric H-series switch and other data center
critical infrastructure behind a firewall to disallow access from the Internet. - Change all HP StoreFabric switch default account passwords, including the root passwords, from the default factory passwords. - Examine the list of accounts, including ones on the switch and those existing on remote authentication servers such as RADIUS, LDAP, and TACAS+, to ensure only necessary personnel can gain access to HP StoreFabric H-series switches. Delete guest accounts and temporary accounts created for one-time usage needs. - To avoid possible exploit through the embedded web GUI, QuickTools, disable the web server with the following procedure:
NOTE: After completing this procedure, the user will not be able to
manage the switch using QuickTools.
1. Login to the Command Line Interface (CLI).
2. Execute the "admin start" command to enter into an admin session.
3. Execute the "set setup services" command and change setting for
EmbeddedGUIEnabled to "False".
HISTORY Version:1 (rev.1) - 11 November 2014 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX
Copyright 2014 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (GNU/Linux)
iEYEARECAAYFAlRih1AACgkQ4B86/C0qfVkTcACgxGfOP4MElysfECAvNJSqkgk2 LCAAn0YGgpGgh493pj4rgB8hPH0PETxo =X8Sm -----END PGP SIGNATURE----- .
HP Vertica AMI's and Virtual Machines prior to v7.1.1-0.
BACKGROUND
HP Vertica AMI's and Virtual Machines prior to v7.1.1-0 include a vulnerable version of the Bash shell.
HP has released the following updates to resolve this vulnerability for HP Vertica products.
Update to the latest VM image available at: https://my.vertica.com
For customers using the AMI version HP Vertica Analytics platform, please install the latest image available at Amazon. Under Step2: your ITRC operating systems - verify your operating system selections are checked and save.
To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
Copyright 2014 Hewlett-Packard Development Company, L.P.
This vulnerability allows users that have been granted access to a shell script to escalate privilege and execute unrestricted commands at the same security level as the Bash script. Patch and maintain Lightweight Directory Access Protocol (LDAP) and web servers. Use virus scanners, intrusion detection/prevention systems (IDS/IPS), and vulnerability scanners regularly
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "bash",
"scope": "eq",
"trust": 1.3,
"vendor": "gnu",
"version": "3.2.48"
},
{
"_id": null,
"model": "bash",
"scope": "eq",
"trust": 1.3,
"vendor": "gnu",
"version": "4.0"
},
{
"_id": null,
"model": "bash",
"scope": "eq",
"trust": 1.3,
"vendor": "gnu",
"version": "3.2"
},
{
"_id": null,
"model": "bash",
"scope": "eq",
"trust": 1.3,
"vendor": "gnu",
"version": "4.2"
},
{
"_id": null,
"model": "bash",
"scope": "eq",
"trust": 1.3,
"vendor": "gnu",
"version": "3.0.16"
},
{
"_id": null,
"model": "bash",
"scope": "eq",
"trust": 1.3,
"vendor": "gnu",
"version": "4.1"
},
{
"_id": null,
"model": "bash",
"scope": "eq",
"trust": 1.3,
"vendor": "gnu",
"version": "3.0"
},
{
"_id": null,
"model": "bash",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "1.14.0"
},
{
"_id": null,
"model": "bash",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "3.1"
},
{
"_id": null,
"model": "bash",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "1.14.6"
},
{
"_id": null,
"model": "bash",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "1.14.5"
},
{
"_id": null,
"model": "bash",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "2.04"
},
{
"_id": null,
"model": "bash",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "1.14.4"
},
{
"_id": null,
"model": "bash",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "2.01.1"
},
{
"_id": null,
"model": "bash",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "1.14.1"
},
{
"_id": null,
"model": "bash",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "1.14.2"
},
{
"_id": null,
"model": "bash",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "4.3"
},
{
"_id": null,
"model": "bash",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "1.14.3"
},
{
"_id": null,
"model": "bash",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "2.02.1"
},
{
"_id": null,
"model": "bash",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "2.02"
},
{
"_id": null,
"model": "bash",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "1.14.7"
},
{
"_id": null,
"model": "bash",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "2.03"
},
{
"_id": null,
"model": "bash",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "2.01"
},
{
"_id": null,
"model": "bash",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "2.05"
},
{
"_id": null,
"model": "bash",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "2.0"
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "apple",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "avaya",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "barracuda",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "blue coat",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "centos",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "check point",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "cygwin",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "debian gnu linux",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "dell computer",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "extreme",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "f5",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "fireeye",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "fortinet",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "gnu bash",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "gentoo linux",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "hewlett packard",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "juniper",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "mageia",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "mcafee",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "monroe",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "nec",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "niksun",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "novell",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "palo alto",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "qnap security",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "red hat",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "suse linux",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "slackware linux",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "sophos",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "trend micro",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ubuntu",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "vmware",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "xirrus",
"version": null
},
{
"_id": null,
"model": "qts",
"scope": "lte",
"trust": 0.8,
"vendor": "qnap",
"version": "4.1.1 build 0927 and earlier"
},
{
"_id": null,
"model": "qts",
"scope": "eq",
"trust": 0.8,
"vendor": "qnap",
"version": null
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.1.1"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.2"
},
{
"_id": null,
"model": "ip deskphone",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "96x16.2"
},
{
"_id": null,
"model": "colorqube",
"scope": "eq",
"trust": 0.3,
"vendor": "xerox",
"version": "9302"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.0.4"
},
{
"_id": null,
"model": "network analysis module",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.2"
},
{
"_id": null,
"model": "workcentre",
"scope": "eq",
"trust": 0.3,
"vendor": "xerox",
"version": "7228"
},
{
"_id": null,
"model": "email gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "7.0"
},
{
"_id": null,
"model": "bash",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "3.00.0(2)"
},
{
"_id": null,
"model": "workcentre",
"scope": "eq",
"trust": 0.3,
"vendor": "xerox",
"version": "7238"
},
{
"_id": null,
"model": "digital media manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.0"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.9"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5"
},
{
"_id": null,
"model": "hat enterprise linux long life server",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "5.6"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.7"
},
{
"_id": null,
"model": "email gateway hotfix",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "6.7.21"
},
{
"_id": null,
"model": "directory pro",
"scope": "eq",
"trust": 0.3,
"vendor": "cosmicperl",
"version": "10.0.3"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2"
},
{
"_id": null,
"model": "emergency responder",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1.1"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.1"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.4"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.1"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.03"
},
{
"_id": null,
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.3"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.1"
},
{
"_id": null,
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.9"
},
{
"_id": null,
"model": "bash",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "3.1.4"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.8"
},
{
"_id": null,
"model": "colorqube",
"scope": "eq",
"trust": 0.3,
"vendor": "xerox",
"version": "9301"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.1.4"
},
{
"_id": null,
"model": "phaser",
"scope": "eq",
"trust": 0.3,
"vendor": "xerox",
"version": "78000"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.1.3"
},
{
"_id": null,
"model": "hat enterprise linux hpc node",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "6"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.4"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.2"
},
{
"_id": null,
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"_id": null,
"model": "ds8000",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"_id": null,
"model": "unified ip phone",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.8"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.3"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.0"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.1.5"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.7"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.4"
},
{
"_id": null,
"model": "ip deskphone",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "96x16"
},
{
"_id": null,
"model": "bash rc1",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "4.0"
},
{
"_id": null,
"model": "workcentre",
"scope": "eq",
"trust": 0.3,
"vendor": "xerox",
"version": "7232"
},
{
"_id": null,
"model": "hat enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "5"
},
{
"_id": null,
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2"
},
{
"_id": null,
"model": "workcentre",
"scope": "eq",
"trust": 0.3,
"vendor": "xerox",
"version": "7242"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.3"
},
{
"_id": null,
"model": "digital media manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.8"
},
{
"_id": null,
"model": "phaser",
"scope": "eq",
"trust": 0.3,
"vendor": "xerox",
"version": "67000"
},
{
"_id": null,
"model": "colorqube",
"scope": "eq",
"trust": 0.3,
"vendor": "xerox",
"version": "9393"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.5"
},
{
"_id": null,
"model": "gss 4492r global site selector",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.0.1"
},
{
"_id": null,
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.6"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.3"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.10"
},
{
"_id": null,
"model": "wide area application services",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"_id": null,
"model": "colorqube",
"scope": "eq",
"trust": 0.3,
"vendor": "xerox",
"version": "9303"
},
{
"_id": null,
"model": "hat enterprise linux workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "6"
},
{
"_id": null,
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"_id": null,
"model": "email gateway hotfix",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "6.7.22"
},
{
"_id": null,
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"_id": null,
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.2"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.1.2"
},
{
"_id": null,
"model": "workcentre",
"scope": "eq",
"trust": 0.3,
"vendor": "xerox",
"version": "7235"
},
{
"_id": null,
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.1"
},
{
"_id": null,
"model": "email gateway patch",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "7.01"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.4"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.5"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.6"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.6"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.2"
},
{
"_id": null,
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"_id": null,
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"_id": null,
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.1"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.4"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.6"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.7"
},
{
"_id": null,
"model": "workcentre",
"scope": "eq",
"trust": 0.3,
"vendor": "xerox",
"version": "7245"
},
{
"_id": null,
"model": "unified contact center express",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"_id": null,
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "11"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.0.2"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5.0"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.8"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.1"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.7"
},
{
"_id": null,
"model": "show and share",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5(2)"
},
{
"_id": null,
"model": "mds",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"_id": null,
"model": "enterprise linux client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.5"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.5"
},
{
"_id": null,
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1"
},
{
"_id": null,
"model": "hat enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "6"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.4"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.3"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.1"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.3"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.2"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.2"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.3"
},
{
"_id": null,
"model": "insight control",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.11"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.1"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#252743"
},
{
"db": "BID",
"id": "70165"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-000126"
},
{
"db": "NVD",
"id": "CVE-2014-6277"
}
]
},
"credits": {
"_id": null,
"data": "HP",
"sources": [
{
"db": "PACKETSTORM",
"id": "128716"
},
{
"db": "PACKETSTORM",
"id": "129932"
},
{
"db": "PACKETSTORM",
"id": "128753"
},
{
"db": "PACKETSTORM",
"id": "129067"
},
{
"db": "PACKETSTORM",
"id": "128666"
},
{
"db": "PACKETSTORM",
"id": "128763"
},
{
"db": "PACKETSTORM",
"id": "129095"
},
{
"db": "PACKETSTORM",
"id": "128762"
},
{
"db": "PACKETSTORM",
"id": "130196"
},
{
"db": "PACKETSTORM",
"id": "130335"
},
{
"db": "PACKETSTORM",
"id": "129073"
},
{
"db": "PACKETSTORM",
"id": "129617"
},
{
"db": "PACKETSTORM",
"id": "128765"
}
],
"trust": 1.3
},
"cve": "CVE-2014-6277",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2014-6277",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2014-000126",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-6277",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2014-000126",
"trust": 0.8,
"value": "High"
},
{
"author": "VULMON",
"id": "CVE-2014-6277",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2014-6277"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-000126"
},
{
"db": "NVD",
"id": "CVE-2014-6277"
}
]
},
"description": {
"_id": null,
"data": "GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access, and untrusted-pointer read and write operations) via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271 and CVE-2014-7169. QNAP Systems, Inc. Provided by QTS teeth, Turbo NAS for OS is. QTS for, GNU Bash Vulnerability (JVNVU#97219505) caused by OS Command injection vulnerability (CWE-78) Exists. This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : University of Electro-Communications Wakisaka Yuki MrAny application permission OS The command may be executed. \nAn attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. \n\nNOTE: This vulnerability can only be exploited if the attacker already has\nvalid administrative login credentials. \n\nExisting users may upgrade to HP OneView version 1.20 using the Update\nAppliance feature in HP OneView. \n\nGo to the HP Software Depot site at http://www.software.hp.com and search for\nHP OneView. Good morning! This is kinda long. \n\n== Background ==\n\nIf you are not familiar with the original bash function export\nvulnerability (CVE-2014-6271), you may want to have a look at this\narticle:\n\nhttp://lcamtuf.blogspot.com/2014/09/quick-notes-about-bash-bug-its-impact.html\n\nWell, long story short: the initial maintainer-provided patch for this\nissue [1] (released on September 24) is *conclusively* broken. \n\nAfter nagging people to update for a while [5] [7], I wanted to share\nthe technical details of two previously non-public issues which may be\nused to circumvent the original patch: CVE-2014-6277 and\nCVE-2014-6278. \n\nNote that the issues discussed here are separate from the three\nprobably less severe problems publicly disclosed earlier on: Tavis\u0027\nlimited-exploitability EOL bug (CVE-2014-7169) and two likely\nnon-exploitable one-off issues found by Florian Weimer and Todd Sabin\n(CVE-2014-7186 and CVE-2014-7187). \n\n== Required actions ==\n\nIf you have installed just the September 24 patch [1], or that and the\nfollow-up September 26 patch for CVE-2014-7169 [2], you are likely\nstill vulnerable to RCE and need to update ASAP, as discussed in [5]. \n\nYou are safe if you have installed the unofficial function prefix\npatch from Florian Weimer [3], or its upstream variant released on\nSeptember 28 [4]. The patch does not eliminate the problems, but\nshields the underlying parser from untrusted inputs under normal\ncircumstances. \n\nNote: over the past few days, Florian\u0027s patch has been picked up by\nmajor Linux distros (Red Hat, Debian, SUSE, etc), so there is a\nreasonable probability that you are in good shape. To test, execute\nthis command from within a bash shell:\n\nfoo=\u0027() { echo not patched; }\u0027 bash -c foo\n\nIf you see \"not patched\", you probably want upgrade immediately. If\nyou see \"bash: foo: command not found\", you\u0027re OK. \n\n== Vulnerability details: CVE-2014-6277 (the more involved one) ==\n\nThe following function definition appearing in the value of any\nenvironmental variable passed to bash will lead to an attempt to\ndereference attacker-controlled pointers (provided that the targeted\ninstance of bash is protected only with the original patches [1][2]\nand does not include Florian\u0027s fix):\n\n() { x() { _; }; x() { _; } \u003c\u003ca; }\n\nA more complete example leading to a deref of 0x41414141 would be:\n\nHTTP_COOKIE=\"() { x() { _; }; x() { _; } \u003c\u003c`perl -e \u0027{print\n\"A\"x1000}\u0027`; }\" bash -c :\n\nbash[25662]: segfault at 41414141 ip 00190d96 sp bfbe6354 error 4 in\nlibc-2.12.so[110000+191000]\n\n(If you are seeing 0xdfdfdfdf, see note later on). \n\nThe issue is caused by an uninitialized here_doc_eof field in a REDIR\nstruct originally created in make_redirection(). The initial segv will\nhappen due to an attempt to read and then copy a string to a new\nbuffer through a macro that expands to:\n\nstrcpy (xmalloc (1 + strlen (redirect-\u003ehere_doc_eof)), (redirect-\u003ehere_doc_eof))\n\nThis appears to be exploitable in at least one way: if here_doc_eof is\nchosen by the attacker to point in the vicinity of the current stack\npointer, the apparent contents of the string - and therefore its\nlength - may change between stack-based calls to xmalloc() and\nstrcpy() as a natural consequence of an attempt to pass parameters and\ncreate local variables. Such a mid-macro switch will result in an\nout-of-bounds write to the newly-allocated memory. \n\nA simple conceptual illustration of this attack vector would be:\n\n-- snip! --\nchar* result;\nint len_alloced;\n\nmain(int argc, char** argv) {\n\n /* The offset will be system- and compiler-specific */;\n char* ptr = \u0026ptr - 9;\n\n result = strcpy (malloc(100 + (len_alloced = strlen(ptr))), ptr);\n\n printf(\"requested memory = %d\\n\"\n \"copied text = %d\\n\", len_alloced + 1, strlen(result) + 1);\n\n}\n-- snip! --\n\nWhen compiled with the -O2 flag used for bash, on one test system,\nthis produces:\n\nrequested memory = 2\ncopied text = 28\n\nThis can lead to heap corruption, with multiple writes possible per\npayload by simply increasing the number of malformed here-docs. The\nconsequences should be fairly clear. \n\n[ There is also a latter call to free() on here_doc_eof in\ndispose_cmd.c, but because of the simultaneous discovery of the much\nsimpler bug \u002778 discussed in the next section, I have not spent a\nwhole lot of time trying to figure out how to get to that path. ]\n\nPerhaps notably, the ability to specify attacker-controlled addresses\nhinges on the state of --enable-bash-malloc and --enable-mem-scramble\ncompile-time flags; if both are enabled, the memory returned by\nxmalloc() will be initialized to 0xdf, making the prospect of\nexploitation more speculative (essentially depending on whether the\nstack or any other memory region can be grown to overlap with\n0xdfdfdfdf). That said, many Linux distributions disable one or both\nflags and are vulnerable out-of-the-box. It is also of note that\nrelatively few distributions compile bash as PIE, so there is little\nconsolation to be found in ASLR. \n\nSimilarly to the original vulnerability, this issue can be usually\ntriggered remotely through web servers such as Apache (provided that\nthey invoke CGI scripts or PHP / Python / Perl / C / Java servlets\nthat rely on system() or popen()-type libcalls); through DHCP clients;\nand through some MUAs and MTAs. For a more detailed discussion of the\nexposed attack surface, refer to [6]. \n\n== Vulnerability details: CVE-2014-6278 (the \"back to the \u002790s\" one) ==\n\nThe following function definition appearing in the value of any\nenvironmental variable passed to bash 4.2 or 4.3 will lead to\nstraightforward put-your-command-here RCE (again, provided that the\ntargeted instance is not protected with Florian\u0027s patch):\n\n() { _; } \u003e_[$($())] { echo hi mom; id; }\n\nA complete example looks like this:\n\nHTTP_COOKIE=\u0027() { _; } \u003e_[$($())] { echo hi mom; id; }\u0027 bash -c :\n\n...or:\n\nGET /some/script.cgi HTTP/1.0\nUser-Agent: () { _; } \u003e_[$($())] { id \u003e/tmp/hi_mom; }\n\nNote that the PoC does not work as-is in more ancient versions of\nbash, such as 2.x or 3.x; it might have been introduced with\nxparse_dolparen() starting with bash 4.2 patch level 12 few years\nback, but I have not investigated this in a lot of detail. Florian\u0027s\npatch is strongly recommended either way. \n\nThe attack surface through which this flaw may be triggered is roughly\nsimilar to that for CVE-2014-6277 and the original bash bug [6]. \n\n== Additional info ==\n\nBoth of these issues were identified in an automated fashion with\namerican fuzzy lop:\n\nhttps://code.google.com/p/american-fuzzy-lop\n\nThe out-of-the-box fuzzer was seeded with a minimal valid function\ndefinition (\"() { foo() { foo; }; \u003ebar; }\") and allowed to run for a\ncouple of hours on a single core. \n\nIn addition to the issues discussed above, the fuzzer also hit three\nof the four previously-reported CVEs. \n\nI initially shared the findings privately with vendors, but because of\nthe intense scrutiny that this codebase is under, the ease of\nreproducing these results with an open-source fuzzer, and the\nnow-broad availability of upstream mitigations, there seems to be\nrelatively little value in continued secrecy. \n\n== References ==\n\n[1] http://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-025\n[2] http://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-026\n[3] http://www.openwall.com/lists/oss-security/2014/09/25/13\n[4] http://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-027\n[5] http://lcamtuf.blogspot.com/2014/09/bash-bug-apply-unofficial-patch-now.html\n[6] http://lcamtuf.blogspot.com/2014/09/quick-notes-about-bash-bug-its-impact.html\n[7] http://www.pcworld.com/article/2688932/improved-patch-tackles-new-shellshock-attack-vectors.html\n\nPS. There are no other bugs in bash. \n\n--------- FOLLOW UP -----------\n\nDate: Wed, 01 Oct 2014 07:32:57 -0700\nFrom fulldisclosure-bounces@seclists.org Wed Oct 1 14:37:33 2014\nFrom: Paul Vixie \u003cpaul@redbarn.org\u003e\nTo: Michal Zalewski \u003clcamtuf@coredump.cx\u003e\nCc: \"fulldisclosure@seclists.org\" \u003cfulldisclosure@seclists.org\u003e\nSubject: Re: [FD] the other bash RCEs (CVE-2014-6277 and CVE-2014-6278)\n\nmichal, thank you for your incredibly informative report here. i have a\nminor correction. \n\n\u003e Michal Zalewski \u003cmailto:lcamtuf@coredump.cx\u003e\n\u003e Wednesday, October 01, 2014 7:21 AM\n\u003e ... \n\u003e\n\u003e Note: over the past few days, Florian\u0027s patch has been picked up by\n\u003e major Linux distros (Red Hat, Debian, SUSE, etc), so there is a\n\u003e reasonable probability that you are in good shape. To test, execute\n\u003e this command from within a bash shell:\n\u003e\n\u003e foo=\u0027() { echo not patched; }\u0027 bash -c foo\n\nthis command need not be executed from within bash. the problem occurs\nwhen bash is run by the command, and the shell that runs the command can\nbe anything. for example, on a system where i have deliberately not\npatched bash, where sh is \"ash\" (almquist shell):\n\n\u003e $ foo=\u0027() { echo not patched; }\u0027 bash -c foo\n\u003e not patched \n\nhere\u0027s me testing it from within tcsh:\n\n\u003e % env foo=\u0027() { echo not patched; }\u0027 bash -c foo\n\u003e not patched\n\u003e % (setenv foo \u0027() { echo not patched; }\u0027; bash -c foo)\n\u003e not patched\n\nthis is a minor issue, but i\u0027ve found in matters of security bug\nreports, tests, and discussions, that any minor matter can lead to deep\nmisunderstanding. \n\nthanks again for your excellent report, and your continuing work on this\nissue. \n\nvixie\n\n. \n\nOpen the PXE Configuration Utility on the HP Insight Control server\ndeployment window\nSelect Linux Managed from the Boot Menu options\nClick the Edit button. Clicking the Edit button displays the Edit Shared Menu\nOption window\nUncheck the x86 option in Operating System and Processor Options and click\nOK. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c04487573\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c04487573\nVersion: 1\n\nHPSBST03155 rev.1 - HP StoreFabric H-series switches running Bash Shell,\nRemote Code Execution\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2014-11-11\nLast Updated: 2014-11-11\n\nPotential Security Impact: Remote code execution\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nA potential security vulnerability has been identified with HP StoreFabric\nH-series switches running Bash Shell. \n\nReferences:\n\n CVE-2014-6271\n CVE-2014-6277\n CVE-2014-6278\n CVE-2014-7169\n CVE-2014-7186\n CVE-2014-7187\n SSRT101747\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nAll HP StoreFabric H-series switches\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2014-6271 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2014-6277 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2014-6278 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2014-7169 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2014-7186 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2014-7187 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP is actively working on a firmware update to resolve the vulnerability in\nHP StoreFabric H-series switches. This bulletin will be revised when the\nupdate is available. \n\n MITIGATION INFORMATION\n\n HP recommends the following steps to reduce the risk of this\nvulnerability:\n\n - Place the HP StoreFabric H-series switch and other data center\ncritical infrastructure behind a firewall to disallow access from the\nInternet. \n - Change all HP StoreFabric switch default account passwords, including\nthe root passwords, from the default factory passwords. \n - Examine the list of accounts, including ones on the switch and those\nexisting on remote authentication servers such as RADIUS, LDAP, and TACAS+,\nto ensure only necessary personnel can gain access to HP StoreFabric H-series\nswitches. Delete guest accounts and temporary accounts created for one-time\nusage needs. \n - To avoid possible exploit through the embedded web GUI, QuickTools,\ndisable the web server with the following procedure:\n\n NOTE: After completing this procedure, the user will not be able to\nmanage the switch using QuickTools. \n\n 1. Login to the Command Line Interface (CLI). \n 2. Execute the \"admin start\" command to enter into an admin session. \n 3. Execute the \"set setup services\" command and change setting for\nEmbeddedGUIEnabled to \"False\". \n\nHISTORY\nVersion:1 (rev.1) - 11 November 2014 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2014 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v2.0.19 (GNU/Linux)\n\niEYEARECAAYFAlRih1AACgkQ4B86/C0qfVkTcACgxGfOP4MElysfECAvNJSqkgk2\nLCAAn0YGgpGgh493pj4rgB8hPH0PETxo\n=X8Sm\n-----END PGP SIGNATURE-----\n. \n\nHP Vertica AMI\u0027s and Virtual Machines prior to v7.1.1-0. \n\nBACKGROUND\n\nHP Vertica AMI\u0027s and Virtual Machines prior to v7.1.1-0 include a vulnerable\nversion of the Bash shell. \n\nHP has released the following updates to resolve this vulnerability for HP\nVertica products. \n\nUpdate to the latest VM image available at: https://my.vertica.com\n\nFor customers using the AMI version HP Vertica Analytics platform, please\ninstall the latest image available at Amazon. \nUnder Step2: your ITRC operating systems\n - verify your operating system selections are checked and save. \n\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php\nLog in on the web page: Subscriber\u0027s choice for Business: sign-in. \nOn the web page: Subscriber\u0027s Choice: your profile summary - use Edit Profile\nto update appropriate sections. HP is continually reviewing and enhancing the\nsecurity features of software products to provide customers with current\nsecure solutions. \n\n\"HP is broadly distributing this Security Bulletin in order to bring to the\nattention of users of the affected HP products the important security\ninformation contained in this Bulletin. HP recommends that all users\ndetermine the applicability of this information to their individual\nsituations and take appropriate action. HP does not warrant that this\ninformation is necessarily accurate or complete for all user situations and,\nconsequently, HP will not be responsible for any damages resulting from\nuser\u0027s use or disregard of the information provided in this Bulletin. To the\nextent permitted by law, HP disclaims all warranties, either express or\nimplied, including the warranties of merchantability and fitness for a\nparticular purpose, title and non-infringement.\"\n\nCopyright 2014 Hewlett-Packard Development Company, L.P. \n\nThis vulnerability allows users that have been granted access to a shell\nscript to escalate privilege and execute unrestricted commands at the same\nsecurity level as the Bash script. \nPatch and maintain Lightweight Directory Access Protocol (LDAP) and web\nservers. \nUse virus scanners, intrusion detection/prevention systems (IDS/IPS), and\nvulnerability scanners regularly",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-6277"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-000126"
},
{
"db": "CERT/CC",
"id": "VU#252743"
},
{
"db": "BID",
"id": "70165"
},
{
"db": "PACKETSTORM",
"id": "128716"
},
{
"db": "PACKETSTORM",
"id": "129932"
},
{
"db": "PACKETSTORM",
"id": "128753"
},
{
"db": "PACKETSTORM",
"id": "129067"
},
{
"db": "PACKETSTORM",
"id": "128520"
},
{
"db": "PACKETSTORM",
"id": "128666"
},
{
"db": "VULMON",
"id": "CVE-2014-6277"
},
{
"db": "PACKETSTORM",
"id": "129095"
},
{
"db": "PACKETSTORM",
"id": "128762"
},
{
"db": "PACKETSTORM",
"id": "130196"
},
{
"db": "PACKETSTORM",
"id": "130335"
},
{
"db": "PACKETSTORM",
"id": "129073"
},
{
"db": "PACKETSTORM",
"id": "129617"
},
{
"db": "PACKETSTORM",
"id": "128765"
},
{
"db": "PACKETSTORM",
"id": "128763"
}
],
"trust": 3.96
},
"exploit_availability": {
"_id": null,
"data": [
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=35081",
"trust": 0.3,
"type": "exploit"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2014-6277"
}
]
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2014-6277",
"trust": 4.4
},
{
"db": "JVN",
"id": "JVN55667175",
"trust": 1.9
},
{
"db": "JVNDB",
"id": "JVNDB-2014-000126",
"trust": 1.9
},
{
"db": "CERT/CC",
"id": "VU#252743",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "60325",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "61065",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "61780",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "61603",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "61287",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "61643",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "60433",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "61565",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "61312",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "61703",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "61503",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "60034",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "60044",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "61328",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "59907",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "61129",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "60024",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "59961",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "61633",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "61128",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "61313",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "60055",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "61291",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "62343",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "61641",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "61857",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "61816",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "62312",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "60193",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "60063",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "58200",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "61654",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "61550",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "61283",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "61485",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "61471",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "61442",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "61552",
"trust": 1.1
},
{
"db": "MCAFEE",
"id": "SB10085",
"trust": 1.1
},
{
"db": "PACKETSTORM",
"id": "128567",
"trust": 1.1
},
{
"db": "JUNIPER",
"id": "JSA10648",
"trust": 1.1
},
{
"db": "JVN",
"id": "JVNVU97219505",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU97220341",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004431",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004433",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004476",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004399",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004410",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004432",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-14-269-01A",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-15-344-01",
"trust": 0.8
},
{
"db": "BID",
"id": "70165",
"trust": 0.3
},
{
"db": "EXPLOIT-DB",
"id": "35081",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2014-6277",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "128716",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "129932",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "128753",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "129067",
"trust": 0.1
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2014/09/25/13",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "128520",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "128666",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "128763",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "129095",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "128762",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "130196",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "130335",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "129073",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "129617",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "128765",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#252743"
},
{
"db": "VULMON",
"id": "CVE-2014-6277"
},
{
"db": "BID",
"id": "70165"
},
{
"db": "PACKETSTORM",
"id": "128716"
},
{
"db": "PACKETSTORM",
"id": "129932"
},
{
"db": "PACKETSTORM",
"id": "128753"
},
{
"db": "PACKETSTORM",
"id": "129067"
},
{
"db": "PACKETSTORM",
"id": "128520"
},
{
"db": "PACKETSTORM",
"id": "128666"
},
{
"db": "PACKETSTORM",
"id": "128763"
},
{
"db": "PACKETSTORM",
"id": "129095"
},
{
"db": "PACKETSTORM",
"id": "128762"
},
{
"db": "PACKETSTORM",
"id": "130196"
},
{
"db": "PACKETSTORM",
"id": "130335"
},
{
"db": "PACKETSTORM",
"id": "129073"
},
{
"db": "PACKETSTORM",
"id": "129617"
},
{
"db": "PACKETSTORM",
"id": "128765"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-000126"
},
{
"db": "NVD",
"id": "CVE-2014-6277"
}
]
},
"id": "VAR-201409-0366",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.3212341
},
"last_update_date": "2026-03-07T23:15:06.483000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Server/Client Products \u00a0bash Vulnerability (CVE-2014-6271,CVE-2014-7169 other ) About the impact of",
"trust": 0.8,
"url": "http://www.qnap.com/i/en/support/con_show.php?cid=61"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2014-6277"
},
{
"title": "Ubuntu Security Notice: bash vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-2380-1"
},
{
"title": "VMware Security Advisories: VMware product updates address critical Bash security vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=vmware_security_advisories\u0026qid=86cb6b3955e100fdc9667a7ca916c772"
},
{
"title": "Symantec Security Advisories: SA82 : GNU Bash Shellshock Command Injection Vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=2b57ceaadfde2a8b03482273e1fd21ea"
},
{
"title": "Apple: OS X Yosemite v10.10.2 and Security Update 2015-001",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=64cbe709a7be49c91d8a8b0f43621640"
},
{
"title": "Tenable Security Advisories: [R7] Tenable Appliance Affected by GNU bash \u0027Shellshock\u0027 Vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=TNS-2014-07"
},
{
"title": "Citrix Security Bulletins: Citrix XenServer Shellshock Security Update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins\u0026qid=64ae0aae8269062686789e3a3fa1d2bf"
},
{
"title": "Citrix Security Bulletins: Citrix Security Advisory for GNU Bash Shellshock Vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins\u0026qid=73443a6db89dc66fc6bcb49f85bfd1ab"
},
{
"title": "Apple: OS X El Capitan v10.11",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=e88bab658248444f5dffc23fd95859e7"
},
{
"title": "patch-bash-shellshock",
"trust": 0.1,
"url": "https://github.com/jdauphant/patch-bash-shellshock "
},
{
"title": "macosx-bash-92-shellshock-patched",
"trust": 0.1,
"url": "https://github.com/ido/macosx-bash-92-shellshock-patched "
},
{
"title": "w-test",
"trust": 0.1,
"url": "https://github.com/inspirion87/w-test "
},
{
"title": "shellshockFixOSX",
"trust": 0.1,
"url": "https://github.com/opragel/shellshockFixOSX "
},
{
"title": "shocktrooper",
"trust": 0.1,
"url": "https://github.com/EvanK/shocktrooper "
},
{
"title": "ShellShockHunter",
"trust": 0.1,
"url": "https://github.com/MrCl0wnLab/ShellShockHunter "
},
{
"title": "Xpl-SHELLSHOCK-Ch3ck",
"trust": 0.1,
"url": "https://github.com/googleinurl/Xpl-SHELLSHOCK-Ch3ck "
},
{
"title": "bashcheck",
"trust": 0.1,
"url": "https://github.com/hannob/bashcheck "
},
{
"title": "shellshocker-pocs",
"trust": 0.1,
"url": "https://github.com/mubix/shellshocker-pocs "
},
{
"title": "LinuxFlaw",
"trust": 0.1,
"url": "https://github.com/mudongliang/LinuxFlaw "
},
{
"title": "afl-cve",
"trust": 0.1,
"url": "https://github.com/mrash/afl-cve "
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/researcher-takes-wraps-off-two-undisclosed-shellshock-vulnerabilities-in-bash/108674/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2014-6277"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-000126"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "OS Command injection (CWE-78) [IPA evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-000126"
},
{
"db": "NVD",
"id": "CVE-2014-6277"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.0,
"url": "http://lcamtuf.blogspot.com/2014/09/bash-bug-apply-unofficial-patch-now.html"
},
{
"trust": 1.9,
"url": "https://kb.bluecoat.com/index?page=content\u0026id=sa82"
},
{
"trust": 1.9,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20140926-bash"
},
{
"trust": 1.9,
"url": "https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15629.html"
},
{
"trust": 1.9,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10085"
},
{
"trust": 1.6,
"url": "https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-6277"
},
{
"trust": 1.3,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/"
},
{
"trust": 1.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-6271"
},
{
"trust": 1.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-6278"
},
{
"trust": 1.2,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
},
{
"trust": 1.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-7186"
},
{
"trust": 1.2,
"url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
},
{
"trust": 1.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-7169"
},
{
"trust": 1.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-7187"
},
{
"trust": 1.1,
"url": "https://www.suse.com/support/shellshock/"
},
{
"trust": 1.1,
"url": "http://support.novell.com/security/cve/cve-2014-6277.html"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/61641"
},
{
"trust": 1.1,
"url": "http://lcamtuf.blogspot.com/2014/10/bash-bug-how-we-finally-cracked.html"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/61485"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/59907"
},
{
"trust": 1.1,
"url": "http://www.ubuntu.com/usn/usn-2380-1"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/61654"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685749"
},
{
"trust": 1.1,
"url": "http://packetstormsecurity.com/files/128567/ca-technologies-gnu-bash-shellshock.html"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/61565"
},
{
"trust": 1.1,
"url": "http://www.novell.com/support/kb/doc.php?id=7015721"
},
{
"trust": 1.1,
"url": "http://www.vmware.com/security/advisories/vmsa-2014-0010.html"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/61643"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/61503"
},
{
"trust": 1.1,
"url": "https://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10648"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/topics/security/bashcve-2014-7169-2317675.html"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/61633"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/61552"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685914"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/61703"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/61283"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/61603"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1021272"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00004.html"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=141330468527613\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=141345648114150\u0026w=2"
},
{
"trust": 1.1,
"url": "https://support.citrix.com/article/ctx200217"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004879"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/60034"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/61816"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/61128"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/61313"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004898"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685733"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/61442"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/61287"
},
{
"trust": 1.1,
"url": "https://support.citrix.com/article/ctx200223"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1021279"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/60055"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/61129"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004897"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/61780"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686479"
},
{
"trust": 1.1,
"url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5096315"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685541"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/61471"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/61328"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004915"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/58200"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/61857"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/60193"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685604"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/61065"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/61550"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/60325"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686131"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/61312"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686494"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/60063"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/61291"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/60044"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686246"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686445"
},
{
"trust": 1.1,
"url": "https://supportcenter.checkpoint.com/supportcenter/portal?eventsubmit_dogoviewsolutiondetails=\u0026solutionid=sk102673\u0026src=securityalerts"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21687079"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1021361"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/60433"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/60024"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=141383353622268\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=141383304022067\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=141383244821813\u0026w=2"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-updates/2014-10/msg00025.html"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=141450491804793\u0026w=2"
},
{
"trust": 1.1,
"url": "http://jvn.jp/en/jp/jvn55667175/index.html"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=141383081521087\u0026w=2"
},
{
"trust": 1.1,
"url": "http://www.qnap.com/i/en/support/con_show.php?cid=61"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=141383026420882\u0026w=2"
},
{
"trust": 1.1,
"url": "http://jvndb.jvn.jp/jvndb/jvndb-2014-000126"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=141383196021590\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=141383465822787\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=141577137423233\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=141577241923505\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=141576728022234\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=141577297623641\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=141585637922673\u0026w=2"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/62312"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/59961"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/62343"
},
{
"trust": 1.1,
"url": "http://linux.oracle.com/errata/elsa-2014-3093"
},
{
"trust": 1.1,
"url": "http://linux.oracle.com/errata/elsa-2014-3094"
},
{
"trust": 1.1,
"url": "http://lists.apple.com/archives/security-announce/2015/jan/msg00003.html"
},
{
"trust": 1.1,
"url": "http://support.apple.com/ht204244"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=142358026505815\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=142358078406056\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=142289270617409\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=141879528318582\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=142118135300698\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=142721162228379\u0026w=2"
},
{
"trust": 1.1,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:164"
},
{
"trust": 1.1,
"url": "http://lists.apple.com/archives/security-announce/2015/sep/msg00008.html"
},
{
"trust": 1.1,
"url": "https://support.apple.com/ht205267"
},
{
"trust": 1.1,
"url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-c04518183"
},
{
"trust": 1.1,
"url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-c04497075"
},
{
"trust": 0.9,
"url": "http://lcamtuf.blogspot.com/2014/09/quick-notes-about-bash-bug-its-impact.html"
},
{
"trust": 0.9,
"url": "http://www.kb.cert.org/vuls/id/252743"
},
{
"trust": 0.8,
"url": "http://seclists.org/oss-sec/2014/q3/650"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/articles/1200223"
},
{
"trust": 0.8,
"url": "http://seclists.org/oss-sec/2014/q3/688"
},
{
"trust": 0.8,
"url": "http://seclists.org/oss-sec/2014/q3/685"
},
{
"trust": 0.8,
"url": "https://gist.github.com/anonymous/929d622f3b36b00c0be1"
},
{
"trust": 0.8,
"url": "https://www.dfranke.us/posts/2014-09-27-shell-shock-exploitation-vectors.html"
},
{
"trust": 0.8,
"url": "https://shellshocker.net/#"
},
{
"trust": 0.8,
"url": "http://support.apple.com/kb/ht6495"
},
{
"trust": 0.8,
"url": "https://www.barracuda.com/support/techalerts"
},
{
"trust": 0.8,
"url": "http://www.checkpoint.com/blog/protecting-shellshock/index.html"
},
{
"trust": 0.8,
"url": "http://securityadvisories.dlink.com/security/publication.aspx?name=sap10044"
},
{
"trust": 0.8,
"url": "https://www.debian.org/security/2014/dsa-3032"
},
{
"trust": 0.8,
"url": "http://learn.extremenetworks.com/rs/extreme/images/vn-2014-001-%20gnu%20bash%20threats%20-cve-2014-7169%20rev01.pdf"
},
{
"trust": 0.8,
"url": "http://fedoramagazine.org/shellshock-update-bash-packages-that-resolve-cve-2014-6271-and-cve-2014-7169-available/"
},
{
"trust": 0.8,
"url": "http://www.fortiguard.com/advisory/fg-ir-14-030/"
},
{
"trust": 0.8,
"url": "http://www.gentoo.org/security/en/glsa/glsa-201409-09.xml"
},
{
"trust": 0.8,
"url": "http://alerts.hp.com/r?2.1.3kt.2zr.15ee22.l8mgqe..n.ghvs.8f9a.bw89mq%5f%5fdbosfqk0"
},
{
"trust": 0.8,
"url": "http://kb.juniper.net/jsa10648"
},
{
"trust": 0.8,
"url": "http://jpn.nec.com/security-info/av14-003.html"
},
{
"trust": 0.8,
"url": "http://support.novell.com/security/cve/cve-2014-6271.html"
},
{
"trust": 0.8,
"url": "https://www.suse.com/support/kb/doc.php?id=7015702"
},
{
"trust": 0.8,
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2014\u0026m=slackware-security.522193"
},
{
"trust": 0.8,
"url": "http://www.ubuntu.com/usn/usn-2362-1/"
},
{
"trust": 0.8,
"url": "http://kb.vmware.com/selfservice/microsites/search.do?language=en_us\u0026cmd=displaykc\u0026externalid=2090740"
},
{
"trust": 0.8,
"url": "http://pkgsrc.se/files.php?messageid=20140925202832.9ad9c98@cvs.netbsd.org"
},
{
"trust": 0.8,
"url": "http://jvn.jp/jp/jvn55667175/index.html"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu97219505/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu97220341/index.html"
},
{
"trust": 0.8,
"url": "http://jvndb.jvn.jp/ja/contents/2014/jvndb-2014-004399.html"
},
{
"trust": 0.8,
"url": "http://jvndb.jvn.jp/ja/contents/2014/jvndb-2014-004410.html"
},
{
"trust": 0.8,
"url": "http://jvndb.jvn.jp/ja/contents/2014/jvndb-2014-004431.html"
},
{
"trust": 0.8,
"url": "http://jvndb.jvn.jp/ja/contents/2014/jvndb-2014-004476.html"
},
{
"trust": 0.8,
"url": "http://jvndb.jvn.jp/ja/contents/2014/jvndb-2014-004432.html"
},
{
"trust": 0.8,
"url": "http://jvndb.jvn.jp/ja/contents/2014/jvndb-2014-004433.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-7169"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-6271"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-6277"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-6278"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-7186"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-7187"
},
{
"trust": 0.8,
"url": "https://www.ipa.go.jp/security/ciadr/vul/20140926-bash.html"
},
{
"trust": 0.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-344-01"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-269-01a"
},
{
"trust": 0.4,
"url": "https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetsea"
},
{
"trust": 0.3,
"url": "http://www.gnu.org/software/bash/"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2104-6277"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2104-6278"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/78.html"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/35081/"
},
{
"trust": 0.1,
"url": "https://security.archlinux.org/cve-2014-6277"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/2380-1/"
},
{
"trust": 0.1,
"url": "https://tmc.tippingpoint.com/"
},
{
"trust": 0.1,
"url": "http://www.software.hp.com"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3567"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3513"
},
{
"trust": 0.1,
"url": "https://h20392.www2.hp.com/portal/swdepot/displayproductinfo.do?productnumber"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3566"
},
{
"trust": 0.1,
"url": "http://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-026"
},
{
"trust": 0.1,
"url": "http://www.pcworld.com/article/2688932/improved-patch-tackles-new-shellshock-attack-vectors.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-6279"
},
{
"trust": 0.1,
"url": "https://code.google.com/p/american-fuzzy-lop"
},
{
"trust": 0.1,
"url": "http://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-027"
},
{
"trust": 0.1,
"url": "http://www.openwall.com/lists/oss-security/2014/09/25/13"
},
{
"trust": 0.1,
"url": "http://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-025"
},
{
"trust": 0.1,
"url": "http://support.openview.hp.com/selfsolve/document/km01194258"
},
{
"trust": 0.1,
"url": "http://support.openview.hp.com/selfsolve/document/km01194259"
},
{
"trust": 0.1,
"url": "http://h18013.www1.hp.com/products/servers/management/hpsim/download.html"
},
{
"trust": 0.1,
"url": "http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na\u0026langcode=useng"
},
{
"trust": 0.1,
"url": "http://www.itrc.hp.com/service/cki/secbullarchive.do"
},
{
"trust": 0.1,
"url": "https://my.vertica.com"
},
{
"trust": 0.1,
"url": "http://h30046.www3.hp.com/subsignin.php"
},
{
"trust": 0.1,
"url": "http://h20565.www2.hp.com/portal/site/hpsc/template.page/public/psi/swddetail"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#252743"
},
{
"db": "VULMON",
"id": "CVE-2014-6277"
},
{
"db": "BID",
"id": "70165"
},
{
"db": "PACKETSTORM",
"id": "128716"
},
{
"db": "PACKETSTORM",
"id": "129932"
},
{
"db": "PACKETSTORM",
"id": "128753"
},
{
"db": "PACKETSTORM",
"id": "129067"
},
{
"db": "PACKETSTORM",
"id": "128520"
},
{
"db": "PACKETSTORM",
"id": "128666"
},
{
"db": "PACKETSTORM",
"id": "128763"
},
{
"db": "PACKETSTORM",
"id": "129095"
},
{
"db": "PACKETSTORM",
"id": "128762"
},
{
"db": "PACKETSTORM",
"id": "130196"
},
{
"db": "PACKETSTORM",
"id": "130335"
},
{
"db": "PACKETSTORM",
"id": "129073"
},
{
"db": "PACKETSTORM",
"id": "129617"
},
{
"db": "PACKETSTORM",
"id": "128765"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-000126"
},
{
"db": "NVD",
"id": "CVE-2014-6277"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "CERT/CC",
"id": "VU#252743",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2014-6277",
"ident": null
},
{
"db": "BID",
"id": "70165",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "128716",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "129932",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "128753",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "129067",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "128520",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "128666",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "128763",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "129095",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "128762",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "130196",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "130335",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "129073",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "129617",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "128765",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2014-000126",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2014-6277",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2014-09-25T00:00:00",
"db": "CERT/CC",
"id": "VU#252743",
"ident": null
},
{
"date": "2014-09-27T00:00:00",
"db": "VULMON",
"id": "CVE-2014-6277",
"ident": null
},
{
"date": "2014-09-27T00:00:00",
"db": "BID",
"id": "70165",
"ident": null
},
{
"date": "2014-10-16T13:33:00",
"db": "PACKETSTORM",
"id": "128716",
"ident": null
},
{
"date": "2015-01-14T03:51:42",
"db": "PACKETSTORM",
"id": "129932",
"ident": null
},
{
"date": "2014-10-20T13:55:00",
"db": "PACKETSTORM",
"id": "128753",
"ident": null
},
{
"date": "2014-11-12T18:13:32",
"db": "PACKETSTORM",
"id": "129067",
"ident": null
},
{
"date": "2014-10-01T23:55:55",
"db": "PACKETSTORM",
"id": "128520",
"ident": null
},
{
"date": "2014-10-14T23:07:16",
"db": "PACKETSTORM",
"id": "128666",
"ident": null
},
{
"date": "2014-10-20T17:55:00",
"db": "PACKETSTORM",
"id": "128763",
"ident": null
},
{
"date": "2014-11-13T17:15:31",
"db": "PACKETSTORM",
"id": "129095",
"ident": null
},
{
"date": "2014-10-20T17:44:00",
"db": "PACKETSTORM",
"id": "128762",
"ident": null
},
{
"date": "2015-02-02T17:13:47",
"db": "PACKETSTORM",
"id": "130196",
"ident": null
},
{
"date": "2015-02-10T17:43:19",
"db": "PACKETSTORM",
"id": "130335",
"ident": null
},
{
"date": "2014-11-12T18:14:19",
"db": "PACKETSTORM",
"id": "129073",
"ident": null
},
{
"date": "2014-12-17T18:27:35",
"db": "PACKETSTORM",
"id": "129617",
"ident": null
},
{
"date": "2014-10-20T18:22:00",
"db": "PACKETSTORM",
"id": "128765",
"ident": null
},
{
"date": "2014-10-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-000126",
"ident": null
},
{
"date": "2014-09-27T22:55:02.660000",
"db": "NVD",
"id": "CVE-2014-6277",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2015-04-14T00:00:00",
"db": "CERT/CC",
"id": "VU#252743",
"ident": null
},
{
"date": "2018-08-09T00:00:00",
"db": "VULMON",
"id": "CVE-2014-6277",
"ident": null
},
{
"date": "2015-10-26T16:51:00",
"db": "BID",
"id": "70165",
"ident": null
},
{
"date": "2024-07-18T02:27:00",
"db": "JVNDB",
"id": "JVNDB-2014-000126",
"ident": null
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2014-6277",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "network",
"sources": [
{
"db": "BID",
"id": "70165"
}
],
"trust": 0.3
},
"title": {
"_id": null,
"data": "GNU Bash shell executes commands in exported functions in environment variables",
"sources": [
{
"db": "CERT/CC",
"id": "VU#252743"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "70165"
}
],
"trust": 0.3
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…