VAR-201409-1154
Vulnerability from variot - Updated: 2025-11-26 21:38GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary commands via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271, CVE-2014-7169, and CVE-2014-6277. GNU Bash is prone to remote code execution vulnerability. An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.
Note: HP and the switch vendor recommend running an active version of Fabric OS (FOS) listed on the HP Single Point of Connectivity Knowledge (SPOCK) website ( http://h20272.www2.hp.com/ ) and applying the work-around information provided in the MITIGATION INFORMATION section below to protect HP StoreFabric B-series switches from this vulnerability. - Utilize FOS password policy management to strengthen the complexity, age, and history requirements of switch account passwords. This bulletin will be revised when the update is available.
MITIGATION INFORMATION
HP recommends the following steps to reduce the risk of this
vulnerability:
- Place the HP StoreFabric H-series switch and other data center
critical infrastructure behind a firewall to disallow access from the Internet. - Change all HP StoreFabric switch default account passwords, including the root passwords, from the default factory passwords. - Examine the list of accounts, including ones on the switch and those existing on remote authentication servers such as RADIUS, LDAP, and TACAS+, to ensure only necessary personnel can gain access to HP StoreFabric H-series switches. Delete guest accounts and temporary accounts created for one-time usage needs. - To avoid possible exploit through the embedded web GUI, QuickTools, disable the web server with the following procedure:
NOTE: After completing this procedure, the user will not be able to
manage the switch using QuickTools. Login to the Command Line Interface (CLI). Execute the "admin start" command to enter into an admin session. Execute the "set setup services" command and change setting for EmbeddedGUIEnabled to "False". No other firmware stream updates are planned beyond the NX-OS 5.x and 6.x versions listed below for the MDS products. This software versions 6.2(9a) has included the fixes for the vulnerability in HP StoreFabric C-series MDS switches which currently supporting NX-OS 6.X releases. This software version 5.2(8e) has included the fix for the vulnerability in HP C-series MDS switches which currently supporting NX-OS 5.X releases. All MDS and Nexus 5K switches can function in this configuration. Access is available through the console port. Note: All versions of HP Thin Pro and HP Smart Zero Core operating systems prior to version 5.1.0 are affected by these vulnerabilities. Following is a complete list of affected operating systems and Hardware Platforms Affected.
HP ThinPro:
HP ThinPro 5.0 (released June 2014) HP ThinPro 4.4 (released November 2013) HP ThinPro 4.3 (released June 2013) HP ThinPro 4.2 (released November 2012) HP ThinPro 4.1 (released March 2012) HP ThinPro 3.2 (released November 2010) HP ThinPro 3.1 (released June 2010) HP ThinPro 3.0 (released November 2009) HP ThinPro 2.0 (released 2009) HP ThinPro 1.5 (released 2009) HP ThinPro 1.0 (released 2008)
HP Smart Zero Core:
HP Smart Zero Core 5.0 (released June 2014) HP Smart Zero Core 4.4 (released November 2013) HP Smart Zero Core 4.3 (released June 2013) HP Smart Zero Core 4.2 (released November 2012) HP Smart Zero Core 4.1 (released March 2012) HP Smart Zero Core 4.0 (released March 2011)
Hardware Platforms Affected:
HP t620 PLUS Flexible Quad Core Thin Client HP t620 Flexible Dual Core Thin Client HP t620 PLUS Flexible Dual Core Thin Client HP t620 Flexible Quad Core Thin Client HP t520 Flexible Thin Client HP t505 Flexible Thin Client HP t510 Flexible Thin Client HP t410 All-in-One 18.5 RFX/HDX Smart ZC HP t410 Smart Zero Client HP t610 PLUS Flexible Thin Client HP t610 Flexible Thin Client HP t5565 Thin Client HP t5565z Smart Client
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2014-6271 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10 CVE-2104-6277 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10 CVE-2104-6278 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10 CVE-2014-7169 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10 CVE-2014-7186 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10 CVE-2014-7187 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has released the following software updates to resolve these vulnerabilities.
Product Affected Product Versions Patch Status
HP ThinPro and HP Smart Zero Core (X86) v5.1.0 and above No update required; the Bash shell patch is incorporated into the base image.
Note: If you participated in the ThinPro 5.1.0 beta program then upgrade to the release version as soon as it becomes available.
HP ThinPro and HP Smart Zero Core (x86) v5.0.x A component update is currently available through Easy Update as: SecurityUpdate-Shellshock-2.0-all-5.0-x86.xar .
The update can be also downloaded directly from HP as part of softpaq sp69382 at the following address: ftp://ftp.hp.com/pub/softpaq/sp69001-69500/sp69382.exe
HP ThinPro and HP Smart Zero Core (x86) v4.4.x A component update is currently available through Easy Update as: SecurityUpdate-Shellshock-2.0-all-4.4-x86.xar .
The update can be also downloaded directly from HP as part of softpaq sp69382 at the following address: ftp://ftp.hp.com/pub/softpaq/sp69001-69500/sp69382.exe
HP ThinPro and HP Smart Zero Core (ARM) v4.4.x A component update is currently available through Easy Update as: SecurityUpdate-Shellshock-2.0-all-4.4-arm.xar .
The update can be also downloaded directly from HP as part of softpaq sp69382 at the following address: ftp://ftp.hp.com/pub/softpaq/sp69001-69500/sp69382.exe
HP ThinPro and HP Smart Zero Core (X86) v4.1, v4.2, and v4.3 A component update is currently available through Easy Update as: SecurityUpdate-Shellshock-2.0-all-4.1-4.2-4.3-x86.xar .
The update can be also downloaded directly from HP as part of softpaq sp69382 at the following address: ftp://ftp.hp.com/pub/softpaq/sp69001-69500/sp69382.exe
HP ThinPro and HP Smart Zero Core (ARM) v4.1, v4.2, and v4.3 A component update is currently available through Easy Update as: SecurityUpdate-Shellshock-2.0-all-4.1-4.2-4.3-arm.xar .
The update can be also downloaded directly from HP as part of softpaq sp69382 at the following address: ftp://ftp.hp.com/pub/softpaq/sp69001-69500/sp69382.exe
HP ThinPro and HP Smart Zero Core (X86) v3.1, v3.2, and v3.3 Download softpaq sp69382 from: ftp://ftp.hp.com/pub/softpaq/sp69001-69500/sp69382.exe which contains an update package as: bash_4.1-3+deb6u2_i386.deb .
HP ThinPro and HP Smart Zero Core (ARM) v3.1, v3.2, and v3.3 Download softpaq sp69382 from: ftp://ftp.hp.com/pub/softpaq/sp69001-69500/sp69382.exe which contains an update package as: bash_4.1-3+deb6u2_armel.deb .
HP Product Firmware Version
HP StoreEver ESL G3 Tape Libraries with MCB version 2 680H_GS40701
HP StoreEver ESL G3 Tape Libraries with MCB version 1 656H_GS10801
The firmware is customer installable and is available in the Drivers, Software & Firmware section at the following location:
http://www.hp.com/support/eslg3
Notes:
- Updating the library firmware requires a reboot of the library.
- Disable DHCP and only use static IP addressing. ============================================================================ Ubuntu Security Notice USN-2380-1 October 09, 2014
bash vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
- Ubuntu 10.04 LTS
Summary:
Several security issues were fixed in Bash.
Software Description: - bash: GNU Bourne Again SHell
Details:
Michal Zalewski discovered that Bash incorrectly handled parsing certain function definitions. If an attacker were able to create an environment variable containing a function definition with a very specific name, these issues could possibly be used to bypass certain environment restrictions and execute arbitrary code. (CVE-2014-6277, CVE-2014-6278)
Please note that the previous Bash security update, USN-2364-1, includes a hardening measure that prevents these issues from being used in a Shellshock attack.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.04 LTS: bash 4.3-7ubuntu1.5
Ubuntu 12.04 LTS: bash 4.2-2ubuntu2.6
Ubuntu 10.04 LTS: bash 4.1-2ubuntu3.5
In general, a standard system update will make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-2380-1 CVE-2014-6277, CVE-2014-6278
Package Information: https://launchpad.net/ubuntu/+source/bash/4.3-7ubuntu1.5 https://launchpad.net/ubuntu/+source/bash/4.2-2ubuntu2.6 https://launchpad.net/ubuntu/+source/bash/4.1-2ubuntu3.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04558068
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c04558068 Version: 1
HPSBMU03246 rev.1 - HP Insight Control for Linux Central Management Server Pre-boot Execution Environment running Bash Shell, Multiple Vulnerabilities
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2015-02-02 Last Updated: 2015-02-02
Potential Security Impact: Multiple vulnerabilities
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP Insight Control for Linux Central Management Server Pre-boot Execution Environment that could be exploited remotely resulting in Denial of Service (DoS), disclosure of information, and other vulnerabilities.
References:
CVE-2014-6271 CVE-2014-6277 CVE-2014-6278 CVE-2014-7169 CVE-2014-7186 CVE-2014-7187 CVE-2014-7196 SSRT101742
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP Insight Control for Linux Central Management Server Pre-boot Execution Environment running Bash Shell
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2014-6271 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2014-6277 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2014-6278 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2014-7169 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2014-7186 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2014-7187 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2014-7196 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided the following instructions to resolve these vulnerabilities.
Follow these steps to update the HP Insight Control for Linux Central Management Server Pre-boot Execution Environment:
NOTE: The following procedure updates the bash shell on the Linux Pre-boot Execution Environment. Please update the Bash shell version on the HP Insight Control for Linux Central Management Server also.
- On the Production RHEL 6.2 OS:
a. Prepare temporary directory for Bash update software:
mkdir -p $HOME/tmp/bash
cd $HOME/tmp/bash
pwd
/tmp/bash
b. Download the file 'bash-4.1.2-15.el6_4.2.i686.rpm' for Insight Control for Linux Red Hat 6.2 i386 from https://rhn.redhat.com/errata/RHSA-2014-1311.html to the temporary directory '$HOME/tmp/bash'.
c. Extract the Bash update software package.
rpm2cpio bash-4.1.2-15.el6_4.2.i686.rpm| cpio -idmv
d. Verify the version of the Bash update software:
./bin/bash --version
GNU bash, version 4.1.2(1)-release (i686-redhat-linux-gnu)
e. Verify version dependencies:
ldd ./bin/bash
linux-gate.so.1 => (0x008a7000) libtinfo.so.5 => /lib/libtinfo.so.5 (0x00459000) libdl.so.2 => /lib/libdl.so.2 (0x002c0000) libc.so.6 => /lib/libc.so.6 (0x0012e000) /lib/ld-linux.so.2 (0x00108000)
f. Create archive file from '/lib' to copy and install on the Insight Control for Linux Central Management Server Pre-boot Execution Environment system:
mkdir $HOME/tmp/lib
cd /lib
cp * $HOME/tmp/lib
cd $HOME/tmp
pwd
/tmp
tar cvf bash_lib.tar *
-
Download the new archive file '$HOME/tmp/bash_lib.tar' from the Production RHEL 6.2 OS system to the Insight Control for Linux Central Management Server Pre-boot Execution Environment system.
-
On the HP Insight Control for Linux Central Managment Server Pre-boot Execution Environment system:
a. Create a temporary folder for the toolkit and copy the toolkit there :
mkdir -p $HOME/tmp/temp-toolkit
cp /usr/share/systemimager/boot/i386/standard/toolkit.tar.gz
$HOME/tmp/temp-toolkit
b. Extract the file 'toolkit.tar.gz' into the temporary folder:
cd $HOME/tmp/temp-toolkit
tar zxvf toolkit.tar.gz
mv $HOME/tmp/temp-toolkit/toolkit.tar.gz /tmp
c. Verify the version of the toolkit Bash:
$HOME/tmp/temp-toolkit/bin/bash --version
GNU bash, version 3.2.0(1)-release (i386-pc-linux-gnu) Copyright (C) 2005 Free Software Foundation, Inc.
d. Verify dependencies versions:
ldd $HOME/tmp/temp-toolkit/bin/bash
linux-gate.so.1 => (0xffffe000) libtermcap.so.2 => /lib/libtermcap.so.2 (0xf7f8c000) libdl.so.2 => /lib/libdl.so.2 (0x008bf000) libc.so.6 => /lib/libc.so.6 (0x00777000) /lib/ld-linux.so.2 (0x00755000)
e. Extract the archive 'bash_lib.tar' to directory '$HOME/tmp/bash_lib' . Then copy the bash binary and the library files to their respective locations:
tar xvf $HOME/tmp/bash_lib
cp $HOME/tmp/bash_lib/bash/bash $HOME/tmp/temp-toolkit/bin
cp $HOME/tmp/bash_lib/lib/* $HOME/tmp/temp-toolkit/lib
f. Create the updated toolkit gzipped archive file and place in /usr/share/systemimager/boot/i386/standard
tar czvf toolkit.tar.gz *
cp toolkit.tar.gz /usr/share/systemimager/boot/i386/standard
HISTORY Version:1 (rev.1) - 2 February 2015 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX
Copyright 2015 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux)
iEYEARECAAYFAlTP2EgACgkQ4B86/C0qfVnMkQCg8yH4xRTp9ahC3s4vDiCBmKiV JTwAoPl3SC09DPRWwo1zluDWFF1OfMtA =w7+V -----END PGP SIGNATURE----- .
This vulnerability allows users that have been granted access to a shell script to escalate privilege and execute unrestricted commands at the same security level as the Bash script. Customers who need to upgrade the firmware of their Superdome X or HP Converged System 900 for SAP HANA should contact HP Technical Support to obtain the firmware or plan to schedule an onsite visit with an HP Services field service professional. Patch and maintain Lightweight Directory Access Protocol (LDAP) and web servers. Use virus scanners, intrusion detection/prevention systems (IDS/IPS), and vulnerability scanners regularly. Apply all recommended HP Firmware updates
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201409-1154",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "bash",
"scope": "eq",
"trust": 1.6,
"vendor": "gnu",
"version": "1.14.7"
},
{
"model": "bash",
"scope": "eq",
"trust": 1.6,
"vendor": "gnu",
"version": "2.01"
},
{
"model": "bash",
"scope": "eq",
"trust": 1.6,
"vendor": "gnu",
"version": "2.0"
},
{
"model": "bash",
"scope": "eq",
"trust": 1.6,
"vendor": "gnu",
"version": "1.14.4"
},
{
"model": "bash",
"scope": "eq",
"trust": 1.6,
"vendor": "gnu",
"version": "1.14.1"
},
{
"model": "bash",
"scope": "eq",
"trust": 1.6,
"vendor": "gnu",
"version": "1.14.0"
},
{
"model": "bash",
"scope": "eq",
"trust": 1.6,
"vendor": "gnu",
"version": "1.14.6"
},
{
"model": "bash",
"scope": "eq",
"trust": 1.6,
"vendor": "gnu",
"version": "1.14.3"
},
{
"model": "bash",
"scope": "eq",
"trust": 1.6,
"vendor": "gnu",
"version": "1.14.2"
},
{
"model": "bash",
"scope": "eq",
"trust": 1.6,
"vendor": "gnu",
"version": "1.14.5"
},
{
"model": "bash",
"scope": "eq",
"trust": 1.3,
"vendor": "gnu",
"version": "4.2"
},
{
"model": "bash",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "4.0"
},
{
"model": "bash",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "4.1"
},
{
"model": "bash",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "3.0"
},
{
"model": "bash",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "2.02"
},
{
"model": "bash",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "3.1"
},
{
"model": "bash",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "4.3"
},
{
"model": "bash",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "3.0.16"
},
{
"model": "bash",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "3.2"
},
{
"model": "bash",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "2.02.1"
},
{
"model": "bash",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "3.2.48"
},
{
"model": "bash",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "2.05"
},
{
"model": "bash",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "2.04"
},
{
"model": "bash",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "2.01.1"
},
{
"model": "bash",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "2.03"
},
{
"model": "workcentre",
"scope": "eq",
"trust": 0.3,
"vendor": "xerox",
"version": "7245"
},
{
"model": "workcentre",
"scope": "eq",
"trust": 0.3,
"vendor": "xerox",
"version": "7242"
},
{
"model": "workcentre",
"scope": "eq",
"trust": 0.3,
"vendor": "xerox",
"version": "7238"
},
{
"model": "workcentre",
"scope": "eq",
"trust": 0.3,
"vendor": "xerox",
"version": "7235"
},
{
"model": "workcentre",
"scope": "eq",
"trust": 0.3,
"vendor": "xerox",
"version": "7232"
},
{
"model": "workcentre",
"scope": "eq",
"trust": 0.3,
"vendor": "xerox",
"version": "7228"
},
{
"model": "phaser",
"scope": "eq",
"trust": 0.3,
"vendor": "xerox",
"version": "78000"
},
{
"model": "phaser",
"scope": "eq",
"trust": 0.3,
"vendor": "xerox",
"version": "67000"
},
{
"model": "colorqube",
"scope": "eq",
"trust": 0.3,
"vendor": "xerox",
"version": "9393"
},
{
"model": "colorqube",
"scope": "eq",
"trust": 0.3,
"vendor": "xerox",
"version": "9303"
},
{
"model": "colorqube",
"scope": "eq",
"trust": 0.3,
"vendor": "xerox",
"version": "9302"
},
{
"model": "colorqube",
"scope": "eq",
"trust": 0.3,
"vendor": "xerox",
"version": "9301"
},
{
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "11"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.2"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5"
},
{
"model": "email gateway patch",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "7.01"
},
{
"model": "email gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "7.0"
},
{
"model": "email gateway hotfix",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "6.7.22"
},
{
"model": "email gateway hotfix",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "6.7.21"
},
{
"model": "ds8000",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1"
},
{
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1"
},
{
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.3"
},
{
"model": "insight control",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"model": "wide area application services",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "unified ip phone",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "unified contact center express",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "network analysis module",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "mds",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "gss 4492r global site selector",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "emergency responder",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1.1"
},
{
"model": "digital media manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.0"
},
{
"model": "digital media manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "show and share",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5(2)"
},
{
"model": "ip deskphone",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "96x16.2"
},
{
"model": "ip deskphone",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "96x16"
}
],
"sources": [
{
"db": "BID",
"id": "70166"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-1110"
},
{
"db": "NVD",
"id": "CVE-2014-6278"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "HP",
"sources": [
{
"db": "PACKETSTORM",
"id": "128764"
},
{
"db": "PACKETSTORM",
"id": "130336"
},
{
"db": "PACKETSTORM",
"id": "128753"
},
{
"db": "PACKETSTORM",
"id": "130988"
},
{
"db": "PACKETSTORM",
"id": "129069"
},
{
"db": "PACKETSTORM",
"id": "129068"
},
{
"db": "PACKETSTORM",
"id": "128752"
},
{
"db": "PACKETSTORM",
"id": "128666"
},
{
"db": "PACKETSTORM",
"id": "129438"
},
{
"db": "PACKETSTORM",
"id": "129095"
},
{
"db": "PACKETSTORM",
"id": "128762"
},
{
"db": "PACKETSTORM",
"id": "129073"
},
{
"db": "PACKETSTORM",
"id": "128765"
},
{
"db": "PACKETSTORM",
"id": "128760"
}
],
"trust": 1.4
},
"cve": "CVE-2014-6278",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2014-6278",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2014-6278",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-6278",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2014-6278",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201409-1110",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2014-6278",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2014-6278"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-1110"
},
{
"db": "NVD",
"id": "CVE-2014-6278"
},
{
"db": "NVD",
"id": "CVE-2014-6278"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary commands via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271, CVE-2014-7169, and CVE-2014-6277. GNU Bash is prone to remote code execution vulnerability. \nAn attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. \n\n Note: HP and the switch vendor recommend running an active version of\nFabric OS (FOS) listed on the HP Single Point of Connectivity Knowledge\n(SPOCK) website ( http://h20272.www2.hp.com/ ) and applying the work-around\ninformation provided in the MITIGATION INFORMATION section below to protect\nHP StoreFabric B-series switches from this vulnerability. \n - Utilize FOS password policy management to strengthen the complexity,\nage, and history requirements of switch account passwords. This bulletin will be revised when the\nupdate is available. \n\n MITIGATION INFORMATION\n\n HP recommends the following steps to reduce the risk of this\nvulnerability:\n\n - Place the HP StoreFabric H-series switch and other data center\ncritical infrastructure behind a firewall to disallow access from the\nInternet. \n - Change all HP StoreFabric switch default account passwords, including\nthe root passwords, from the default factory passwords. \n - Examine the list of accounts, including ones on the switch and those\nexisting on remote authentication servers such as RADIUS, LDAP, and TACAS+,\nto ensure only necessary personnel can gain access to HP StoreFabric H-series\nswitches. Delete guest accounts and temporary accounts created for one-time\nusage needs. \n - To avoid possible exploit through the embedded web GUI, QuickTools,\ndisable the web server with the following procedure:\n\n NOTE: After completing this procedure, the user will not be able to\nmanage the switch using QuickTools. Login to the Command Line Interface (CLI). Execute the \"admin start\" command to enter into an admin session. Execute the \"set setup services\" command and change setting for\nEmbeddedGUIEnabled to \"False\". No other firmware\nstream updates are planned beyond the NX-OS 5.x and 6.x versions listed below\nfor the MDS products. This software versions 6.2(9a) has included the\nfixes for the vulnerability in HP StoreFabric C-series MDS switches which\ncurrently supporting NX-OS 6.X releases. This software version 5.2(8e) has included the fix\nfor the vulnerability in HP C-series MDS switches which currently supporting\nNX-OS 5.X releases. All MDS and\nNexus 5K switches can function in this configuration. Access is available\nthrough the console port. \nNote: All versions of HP Thin Pro and HP Smart Zero Core operating systems\nprior to version 5.1.0 are affected by these vulnerabilities. Following is a\ncomplete list of affected operating systems and Hardware Platforms Affected. \n\nHP ThinPro:\n\nHP ThinPro 5.0 (released June 2014)\nHP ThinPro 4.4 (released November 2013)\nHP ThinPro 4.3 (released June 2013)\nHP ThinPro 4.2 (released November 2012)\nHP ThinPro 4.1 (released March 2012)\nHP ThinPro 3.2 (released November 2010)\nHP ThinPro 3.1 (released June 2010)\nHP ThinPro 3.0 (released November 2009)\nHP ThinPro 2.0 (released 2009)\nHP ThinPro 1.5 (released 2009)\nHP ThinPro 1.0 (released 2008)\n\nHP Smart Zero Core:\n\nHP Smart Zero Core 5.0 (released June 2014)\nHP Smart Zero Core 4.4 (released November 2013)\nHP Smart Zero Core 4.3 (released June 2013)\nHP Smart Zero Core 4.2 (released November 2012)\nHP Smart Zero Core 4.1 (released March 2012)\nHP Smart Zero Core 4.0 (released March 2011)\n\nHardware Platforms Affected:\n\nHP t620 PLUS Flexible Quad Core Thin Client\nHP t620 Flexible Dual Core Thin Client\nHP t620 PLUS Flexible Dual Core Thin Client\nHP t620 Flexible Quad Core Thin Client\nHP t520 Flexible Thin Client\nHP t505 Flexible Thin Client\nHP t510 Flexible Thin Client\nHP t410 All-in-One 18.5 RFX/HDX Smart ZC\nHP t410 Smart Zero Client\nHP t610 PLUS Flexible Thin Client\nHP t610 Flexible Thin Client\nHP t5565 Thin Client HP t5565z Smart Client\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2014-6271 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10\nCVE-2104-6277 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10\nCVE-2104-6278 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10\nCVE-2014-7169 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10\nCVE-2014-7186 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10\nCVE-2014-7187 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has released the following software updates to resolve these\nvulnerabilities. \n\nProduct Affected\n Product Versions\n Patch Status\n\nHP ThinPro and HP Smart Zero Core (X86)\n v5.1.0 and above\n No update required; the Bash shell patch is incorporated into the base\nimage. \n\nNote: If you participated in the ThinPro 5.1.0 beta program then upgrade to\nthe release version as soon as it becomes available. \n\nHP ThinPro and HP Smart Zero Core (x86)\n v5.0.x\n A component update is currently available through Easy Update as:\nSecurityUpdate-Shellshock-2.0-all-5.0-x86.xar . \n\nThe update can be also downloaded directly from HP as part of softpaq sp69382\nat the following address:\nftp://ftp.hp.com/pub/softpaq/sp69001-69500/sp69382.exe\n\nHP ThinPro and HP Smart Zero Core (x86)\n v4.4.x\n A component update is currently available through Easy Update as:\nSecurityUpdate-Shellshock-2.0-all-4.4-x86.xar . \n\nThe update can be also downloaded directly from HP as part of softpaq sp69382\nat the following address:\nftp://ftp.hp.com/pub/softpaq/sp69001-69500/sp69382.exe\n\nHP ThinPro and HP Smart Zero Core (ARM)\n v4.4.x\n A component update is currently available through Easy Update as:\nSecurityUpdate-Shellshock-2.0-all-4.4-arm.xar . \n\nThe update can be also downloaded directly from HP as part of softpaq sp69382\nat the following address:\nftp://ftp.hp.com/pub/softpaq/sp69001-69500/sp69382.exe\n\nHP ThinPro and HP Smart Zero Core (X86)\n v4.1, v4.2, and v4.3\n A component update is currently available through Easy Update as:\nSecurityUpdate-Shellshock-2.0-all-4.1-4.2-4.3-x86.xar . \n\nThe update can be also downloaded directly from HP as part of softpaq sp69382\nat the following address:\nftp://ftp.hp.com/pub/softpaq/sp69001-69500/sp69382.exe\n\nHP ThinPro and HP Smart Zero Core (ARM)\n v4.1, v4.2, and v4.3\n A component update is currently available through Easy Update as:\nSecurityUpdate-Shellshock-2.0-all-4.1-4.2-4.3-arm.xar . \n\nThe update can be also downloaded directly from HP as part of softpaq sp69382\nat the following address:\nftp://ftp.hp.com/pub/softpaq/sp69001-69500/sp69382.exe\n\nHP ThinPro and HP Smart Zero Core (X86)\n v3.1, v3.2, and v3.3\n Download softpaq sp69382 from:\nftp://ftp.hp.com/pub/softpaq/sp69001-69500/sp69382.exe which contains an\nupdate package as: bash_4.1-3+deb6u2_i386.deb . \n\nHP ThinPro and HP Smart Zero Core (ARM)\n v3.1, v3.2, and v3.3\n Download softpaq sp69382 from:\nftp://ftp.hp.com/pub/softpaq/sp69001-69500/sp69382.exe which contains an\nupdate package as: bash_4.1-3+deb6u2_armel.deb . \n\n HP Product\n Firmware Version\n\n HP StoreEver ESL G3 Tape Libraries with MCB version 2\n 680H_GS40701\n\n HP StoreEver ESL G3 Tape Libraries with MCB version 1\n 656H_GS10801\n\n The firmware is customer installable and is available in the Drivers,\nSoftware \u0026 Firmware section at the following location:\n\n http://www.hp.com/support/eslg3\n\n Notes:\n\n - Updating the library firmware requires a reboot of the library. \n\n - Disable DHCP and only use static IP addressing. ============================================================================\nUbuntu Security Notice USN-2380-1\nOctober 09, 2014\n\nbash vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n- Ubuntu 10.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in Bash. \n\nSoftware Description:\n- bash: GNU Bourne Again SHell\n\nDetails:\n\nMichal Zalewski discovered that Bash incorrectly handled parsing certain\nfunction definitions. If an attacker were able to create an environment\nvariable containing a function definition with a very specific name, these\nissues could possibly be used to bypass certain environment restrictions\nand execute arbitrary code. (CVE-2014-6277, CVE-2014-6278)\n\nPlease note that the previous Bash security update, USN-2364-1, includes\na hardening measure that prevents these issues from being used in a\nShellshock attack. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 14.04 LTS:\n bash 4.3-7ubuntu1.5\n\nUbuntu 12.04 LTS:\n bash 4.2-2ubuntu2.6\n\nUbuntu 10.04 LTS:\n bash 4.1-2ubuntu3.5\n\nIn general, a standard system update will make all the necessary changes. \n\nReferences:\n http://www.ubuntu.com/usn/usn-2380-1\n CVE-2014-6277, CVE-2014-6278\n\nPackage Information:\n https://launchpad.net/ubuntu/+source/bash/4.3-7ubuntu1.5\n https://launchpad.net/ubuntu/+source/bash/4.2-2ubuntu2.6\n https://launchpad.net/ubuntu/+source/bash/4.1-2ubuntu3.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c04558068\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c04558068\nVersion: 1\n\nHPSBMU03246 rev.1 - HP Insight Control for Linux Central Management Server\nPre-boot Execution Environment running Bash Shell, Multiple Vulnerabilities\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2015-02-02\nLast Updated: 2015-02-02\n\nPotential Security Impact: Multiple vulnerabilities\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP Insight\nControl for Linux Central Management Server Pre-boot Execution Environment\nthat could be exploited remotely resulting in Denial of Service (DoS),\ndisclosure of information, and other vulnerabilities. \n\nReferences:\n\nCVE-2014-6271\nCVE-2014-6277\nCVE-2014-6278\nCVE-2014-7169\nCVE-2014-7186\nCVE-2014-7187\nCVE-2014-7196\nSSRT101742\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP Insight Control for Linux Central Management Server Pre-boot Execution\nEnvironment running Bash Shell\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2014-6271 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2014-6277 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2014-6278 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2014-7169 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2014-7186 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2014-7187 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2014-7196 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has provided the following instructions to resolve these vulnerabilities. \n\nFollow these steps to update the HP Insight Control for Linux Central\nManagement Server Pre-boot Execution Environment:\n\nNOTE: The following procedure updates the bash shell on the Linux Pre-boot\nExecution Environment. Please update the Bash shell version on the HP Insight\nControl for Linux Central Management Server also. \n\n1. On the Production RHEL 6.2 OS:\n\na. Prepare temporary directory for Bash update software:\n\n# mkdir -p $HOME/tmp/bash\n# cd $HOME/tmp/bash\n# pwd\n\u003chome directory\u003e/tmp/bash\n\nb. Download the file \u0027bash-4.1.2-15.el6_4.2.i686.rpm\u0027 for Insight Control for\nLinux Red Hat 6.2 i386 from https://rhn.redhat.com/errata/RHSA-2014-1311.html\nto the temporary directory \u0027$HOME/tmp/bash\u0027. \n\nc. Extract the Bash update software package. \n\n# rpm2cpio bash-4.1.2-15.el6_4.2.i686.rpm| cpio -idmv\n\nd. Verify the version of the Bash update software:\n\n# ./bin/bash --version\nGNU bash, version 4.1.2(1)-release (i686-redhat-linux-gnu)\n\ne. Verify version dependencies:\n\n# ldd ./bin/bash\n\nlinux-gate.so.1 =\u003e (0x008a7000)\nlibtinfo.so.5 =\u003e /lib/libtinfo.so.5 (0x00459000)\nlibdl.so.2 =\u003e /lib/libdl.so.2 (0x002c0000)\nlibc.so.6 =\u003e /lib/libc.so.6 (0x0012e000)\n/lib/ld-linux.so.2 (0x00108000)\n\nf. Create archive file from \u0027/lib\u0027 to copy and install on the Insight Control\nfor Linux Central Management Server Pre-boot Execution Environment system:\n\n# mkdir $HOME/tmp/lib\n# cd /lib\n# cp * $HOME/tmp/lib\n# cd $HOME/tmp\n# pwd\n\u003chome directory\u003e/tmp\n# tar cvf bash_lib.tar *\n\n2. Download the new archive file \u0027$HOME/tmp/bash_lib.tar\u0027 from the Production\nRHEL 6.2 OS system to the Insight Control for Linux Central Management Server\nPre-boot Execution Environment system. \n\n3. On the HP Insight Control for Linux Central Managment Server Pre-boot\nExecution Environment system:\n\na. Create a temporary folder for the toolkit and copy the toolkit there :\n\n# mkdir -p $HOME/tmp/temp-toolkit\n# cp /usr/share/systemimager/boot/i386/standard/toolkit.tar.gz\n$HOME/tmp/temp-toolkit\n\nb. Extract the file \u0027toolkit.tar.gz\u0027 into the temporary folder:\n\n# cd $HOME/tmp/temp-toolkit\n# tar zxvf toolkit.tar.gz\n# mv $HOME/tmp/temp-toolkit/toolkit.tar.gz /tmp\n\nc. Verify the version of the toolkit Bash:\n\n# $HOME/tmp/temp-toolkit/bin/bash --version\nGNU bash, version 3.2.0(1)-release (i386-pc-linux-gnu) Copyright (C) 2005\nFree Software Foundation, Inc. \n\nd. Verify dependencies versions:\n\n# ldd $HOME/tmp/temp-toolkit/bin/bash\n\nlinux-gate.so.1 =\u003e (0xffffe000)\nlibtermcap.so.2 =\u003e /lib/libtermcap.so.2 (0xf7f8c000)\nlibdl.so.2 =\u003e /lib/libdl.so.2 (0x008bf000)\nlibc.so.6 =\u003e /lib/libc.so.6 (0x00777000)\n/lib/ld-linux.so.2 (0x00755000)\n\ne. Extract the archive \u0027bash_lib.tar\u0027 to directory \u0027$HOME/tmp/bash_lib\u0027 . \nThen copy the bash binary and the library files to their respective\nlocations:\n\n# tar xvf $HOME/tmp/bash_lib\n# cp $HOME/tmp/bash_lib/bash/bash $HOME/tmp/temp-toolkit/bin\n# cp $HOME/tmp/bash_lib/lib/* $HOME/tmp/temp-toolkit/lib\n\nf. Create the updated toolkit gzipped archive file and place in\n/usr/share/systemimager/boot/i386/standard\n\n# tar czvf toolkit.tar.gz *\n# cp toolkit.tar.gz /usr/share/systemimager/boot/i386/standard\n\nHISTORY\nVersion:1 (rev.1) - 2 February 2015 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2015 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.13 (GNU/Linux)\n\niEYEARECAAYFAlTP2EgACgkQ4B86/C0qfVnMkQCg8yH4xRTp9ahC3s4vDiCBmKiV\nJTwAoPl3SC09DPRWwo1zluDWFF1OfMtA\n=w7+V\n-----END PGP SIGNATURE-----\n. \n\nThis vulnerability allows users that have been granted access to a shell\nscript to escalate privilege and execute unrestricted commands at the same\nsecurity level as the Bash script. Customers who\nneed to upgrade the firmware of their Superdome X or HP Converged System 900\nfor SAP HANA should contact HP Technical Support to obtain the firmware or\nplan to schedule an onsite visit with an HP Services field service\nprofessional. \nPatch and maintain Lightweight Directory Access Protocol (LDAP) and web\nservers. \nUse virus scanners, intrusion detection/prevention systems (IDS/IPS), and\nvulnerability scanners regularly. \nApply all recommended HP Firmware updates",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-6278"
},
{
"db": "BID",
"id": "70166"
},
{
"db": "PACKETSTORM",
"id": "128760"
},
{
"db": "PACKETSTORM",
"id": "128765"
},
{
"db": "PACKETSTORM",
"id": "129073"
},
{
"db": "PACKETSTORM",
"id": "128762"
},
{
"db": "PACKETSTORM",
"id": "129095"
},
{
"db": "PACKETSTORM",
"id": "129438"
},
{
"db": "PACKETSTORM",
"id": "128666"
},
{
"db": "VULMON",
"id": "CVE-2014-6278"
},
{
"db": "PACKETSTORM",
"id": "129068"
},
{
"db": "PACKETSTORM",
"id": "129069"
},
{
"db": "PACKETSTORM",
"id": "130988"
},
{
"db": "PACKETSTORM",
"id": "128753"
},
{
"db": "PACKETSTORM",
"id": "128606"
},
{
"db": "PACKETSTORM",
"id": "130336"
},
{
"db": "PACKETSTORM",
"id": "128764"
},
{
"db": "PACKETSTORM",
"id": "128752"
}
],
"trust": 2.61
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=39568",
"trust": 0.5,
"type": "exploit"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2014-6278"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-6278",
"trust": 3.5
},
{
"db": "MCAFEE",
"id": "SB10085",
"trust": 2.0
},
{
"db": "JUNIPER",
"id": "JSA10648",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "61641",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "61603",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "61287",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "60055",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "61654",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "61313",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "60044",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "58200",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "61550",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "61780",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "61552",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "61565",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "61312",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "60193",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "61129",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "61703",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "60433",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "61128",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "60063",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "61816",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "61633",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "60034",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "61643",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "61485",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "61503",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "62343",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "60325",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "61291",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "61328",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "61283",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "60024",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "61442",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "59961",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "61471",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "61857",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "61065",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "59907",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "62312",
"trust": 1.7
},
{
"db": "PACKETSTORM",
"id": "128567",
"trust": 1.7
},
{
"db": "PACKETSTORM",
"id": "137344",
"trust": 1.7
},
{
"db": "JVN",
"id": "JVN55667175",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2014-000126",
"trust": 1.7
},
{
"db": "EXPLOIT-DB",
"id": "39568",
"trust": 1.6
},
{
"db": "EXPLOIT-DB",
"id": "39887",
"trust": 1.6
},
{
"db": "CNNVD",
"id": "CNNVD-201409-1110",
"trust": 0.6
},
{
"db": "BID",
"id": "70166",
"trust": 0.4
},
{
"db": "JUNIPER",
"id": "JSA10661",
"trust": 0.3
},
{
"db": "ICS CERT",
"id": "ICSA-14-269-01",
"trust": 0.3
},
{
"db": "CERT/CC",
"id": "VU#252743",
"trust": 0.3
},
{
"db": "EXPLOITDB",
"id": "39568",
"trust": 0.1
},
{
"db": "EXPLOITDB",
"id": "39887",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2014-6278",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "128764",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "130336",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "128606",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "128753",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "130988",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "129069",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "129068",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "128752",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "128666",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "129438",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "129095",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "128762",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "129073",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "128765",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "128760",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2014-6278"
},
{
"db": "BID",
"id": "70166"
},
{
"db": "PACKETSTORM",
"id": "128764"
},
{
"db": "PACKETSTORM",
"id": "130336"
},
{
"db": "PACKETSTORM",
"id": "128606"
},
{
"db": "PACKETSTORM",
"id": "128753"
},
{
"db": "PACKETSTORM",
"id": "130988"
},
{
"db": "PACKETSTORM",
"id": "129069"
},
{
"db": "PACKETSTORM",
"id": "129068"
},
{
"db": "PACKETSTORM",
"id": "128752"
},
{
"db": "PACKETSTORM",
"id": "128666"
},
{
"db": "PACKETSTORM",
"id": "129438"
},
{
"db": "PACKETSTORM",
"id": "129095"
},
{
"db": "PACKETSTORM",
"id": "128762"
},
{
"db": "PACKETSTORM",
"id": "129073"
},
{
"db": "PACKETSTORM",
"id": "128765"
},
{
"db": "PACKETSTORM",
"id": "128760"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-1110"
},
{
"db": "NVD",
"id": "CVE-2014-6278"
}
]
},
"id": "VAR-201409-1154",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.3212341
},
"last_update_date": "2025-11-26T21:38:49.409000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "GNU Bash Fixes for operating system command injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=168880"
},
{
"title": "Ubuntu Security Notice: bash vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-2380-1"
},
{
"title": "VMware Security Advisories: VMware product updates address critical Bash security vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=vmware_security_advisories\u0026qid=86cb6b3955e100fdc9667a7ca916c772"
},
{
"title": "Symantec Security Advisories: SA82 : GNU Bash Shellshock Command Injection Vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=2b57ceaadfde2a8b03482273e1fd21ea"
},
{
"title": "Citrix Security Bulletins: Citrix XenServer Shellshock Security Update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins\u0026qid=64ae0aae8269062686789e3a3fa1d2bf"
},
{
"title": "Tenable Security Advisories: [R7] Tenable Appliance Affected by GNU bash \u0027Shellshock\u0027 Vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=TNS-2014-07"
},
{
"title": "Citrix Security Bulletins: Citrix Security Advisory for GNU Bash Shellshock Vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins\u0026qid=73443a6db89dc66fc6bcb49f85bfd1ab"
},
{
"title": "CiscoUCS-Shellshock",
"trust": 0.1,
"url": "https://github.com/thatchriseckert/CiscoUCS-Shellshock "
},
{
"title": "0day-WriteUp-TryHackme-CTF-Medium",
"trust": 0.1,
"url": "https://github.com/elc4br4/0day-WriteUp-TryHackme-CTF-Medium "
},
{
"title": "ShellScan",
"trust": 0.1,
"url": "https://github.com/0xICF/ShellScan "
},
{
"title": "cvesploit",
"trust": 0.1,
"url": "https://github.com/swapravo/cvesploit "
},
{
"title": "fabric-shellshock",
"trust": 0.1,
"url": "https://github.com/ericlake/fabric-shellshock "
},
{
"title": "w-test",
"trust": 0.1,
"url": "https://github.com/inspirion87/w-test "
},
{
"title": "Xpl-SHELLSHOCK-Ch3ck",
"trust": 0.1,
"url": "https://github.com/googleinurl/Xpl-SHELLSHOCK-Ch3ck "
},
{
"title": "bashcheck",
"trust": 0.1,
"url": "https://github.com/hannob/bashcheck "
},
{
"title": "shellshockFixOSX",
"trust": 0.1,
"url": "https://github.com/opragel/shellshockFixOSX "
},
{
"title": "shocktrooper",
"trust": 0.1,
"url": "https://github.com/EvanK/shocktrooper "
},
{
"title": "ShellShockHunter",
"trust": 0.1,
"url": "https://github.com/MrCl0wnLab/ShellShockHunter "
},
{
"title": "shellshocker-pocs",
"trust": 0.1,
"url": "https://github.com/mubix/shellshocker-pocs "
},
{
"title": "ActiveScanPlusPlus",
"trust": 0.1,
"url": "https://github.com/albinowax/ActiveScanPlusPlus "
},
{
"title": "afl-cve",
"trust": 0.1,
"url": "https://github.com/mrash/afl-cve "
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/researcher-takes-wraps-off-two-undisclosed-shellshock-vulnerabilities-in-bash/108674/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2014-6278"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-1110"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-6278"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20140926-bash"
},
{
"trust": 2.0,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685749"
},
{
"trust": 2.0,
"url": "http://www.vmware.com/security/advisories/vmsa-2014-0010.html"
},
{
"trust": 2.0,
"url": "https://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10648"
},
{
"trust": 2.0,
"url": "http://www.oracle.com/technetwork/topics/security/bashcve-2014-7169-2317675.html"
},
{
"trust": 2.0,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685914"
},
{
"trust": 2.0,
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1021272"
},
{
"trust": 2.0,
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004898"
},
{
"trust": 2.0,
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1021279"
},
{
"trust": 2.0,
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004897"
},
{
"trust": 2.0,
"url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5096315"
},
{
"trust": 2.0,
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004915"
},
{
"trust": 2.0,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685604"
},
{
"trust": 2.0,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686131"
},
{
"trust": 2.0,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686246"
},
{
"trust": 2.0,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21687079"
},
{
"trust": 2.0,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10085"
},
{
"trust": 1.8,
"url": "http://www.ubuntu.com/usn/usn-2380-1"
},
{
"trust": 1.8,
"url": "https://www.exploit-db.com/exploits/39568/"
},
{
"trust": 1.7,
"url": "https://security-tracker.debian.org/tracker/cve-2014-6278"
},
{
"trust": 1.7,
"url": "http://lcamtuf.blogspot.com/2014/09/bash-bug-apply-unofficial-patch-now.html"
},
{
"trust": 1.7,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1147414"
},
{
"trust": 1.7,
"url": "https://www.suse.com/support/shellshock/"
},
{
"trust": 1.7,
"url": "http://support.novell.com/security/cve/cve-2014-6278.html"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/61641"
},
{
"trust": 1.7,
"url": "http://lcamtuf.blogspot.com/2014/10/bash-bug-how-we-finally-cracked.html"
},
{
"trust": 1.7,
"url": "https://kb.bluecoat.com/index?page=content\u0026id=sa82"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/61485"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/59907"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/61654"
},
{
"trust": 1.7,
"url": "http://packetstormsecurity.com/files/128567/ca-technologies-gnu-bash-shellshock.html"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/61565"
},
{
"trust": 1.7,
"url": "http://www.novell.com/support/kb/doc.php?id=7015721"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/61643"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/61503"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/61633"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/61552"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/61703"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/61283"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/61603"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00004.html"
},
{
"trust": 1.7,
"url": "http://marc.info/?l=bugtraq\u0026m=141330468527613\u0026w=2"
},
{
"trust": 1.7,
"url": "http://marc.info/?l=bugtraq\u0026m=141345648114150\u0026w=2"
},
{
"trust": 1.7,
"url": "https://support.citrix.com/article/ctx200217"
},
{
"trust": 1.7,
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004879"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/60034"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/61816"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/61128"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/61313"
},
{
"trust": 1.7,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685733"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/61442"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/61287"
},
{
"trust": 1.7,
"url": "https://support.citrix.com/article/ctx200223"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/60055"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/61129"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/61780"
},
{
"trust": 1.7,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686479"
},
{
"trust": 1.7,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685541"
},
{
"trust": 1.7,
"url": "https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15629.html"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/61471"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/58200"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/61328"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/61857"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/60193"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/61065"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/61550"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/60325"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/61312"
},
{
"trust": 1.7,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686494"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/60063"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/61291"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/60044"
},
{
"trust": 1.7,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686445"
},
{
"trust": 1.7,
"url": "https://supportcenter.checkpoint.com/supportcenter/portal?eventsubmit_dogoviewsolutiondetails=\u0026solutionid=sk102673\u0026src=securityalerts"
},
{
"trust": 1.7,
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1021361"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/60433"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/60024"
},
{
"trust": 1.7,
"url": "http://marc.info/?l=bugtraq\u0026m=141383353622268\u0026w=2"
},
{
"trust": 1.7,
"url": "http://marc.info/?l=bugtraq\u0026m=141383304022067\u0026w=2"
},
{
"trust": 1.7,
"url": "http://marc.info/?l=bugtraq\u0026m=141383244821813\u0026w=2"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-updates/2014-10/msg00025.html"
},
{
"trust": 1.7,
"url": "http://marc.info/?l=bugtraq\u0026m=141450491804793\u0026w=2"
},
{
"trust": 1.7,
"url": "http://jvn.jp/en/jp/jvn55667175/index.html"
},
{
"trust": 1.7,
"url": "http://marc.info/?l=bugtraq\u0026m=141383081521087\u0026w=2"
},
{
"trust": 1.7,
"url": "http://www.qnap.com/i/en/support/con_show.php?cid=61"
},
{
"trust": 1.7,
"url": "http://marc.info/?l=bugtraq\u0026m=141383026420882\u0026w=2"
},
{
"trust": 1.7,
"url": "http://jvndb.jvn.jp/jvndb/jvndb-2014-000126"
},
{
"trust": 1.7,
"url": "http://marc.info/?l=bugtraq\u0026m=141383196021590\u0026w=2"
},
{
"trust": 1.7,
"url": "http://marc.info/?l=bugtraq\u0026m=141383465822787\u0026w=2"
},
{
"trust": 1.7,
"url": "http://marc.info/?l=bugtraq\u0026m=141577137423233\u0026w=2"
},
{
"trust": 1.7,
"url": "http://marc.info/?l=bugtraq\u0026m=141577241923505\u0026w=2"
},
{
"trust": 1.7,
"url": "http://marc.info/?l=bugtraq\u0026m=141576728022234\u0026w=2"
},
{
"trust": 1.7,
"url": "http://marc.info/?l=bugtraq\u0026m=141577297623641\u0026w=2"
},
{
"trust": 1.7,
"url": "http://marc.info/?l=bugtraq\u0026m=141585637922673\u0026w=2"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/62312"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/59961"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/62343"
},
{
"trust": 1.7,
"url": "http://linux.oracle.com/errata/elsa-2014-3093"
},
{
"trust": 1.7,
"url": "http://linux.oracle.com/errata/elsa-2014-3094"
},
{
"trust": 1.7,
"url": "http://marc.info/?l=bugtraq\u0026m=142358026505815\u0026w=2"
},
{
"trust": 1.7,
"url": "http://marc.info/?l=bugtraq\u0026m=142358078406056\u0026w=2"
},
{
"trust": 1.7,
"url": "http://marc.info/?l=bugtraq\u0026m=141879528318582\u0026w=2"
},
{
"trust": 1.7,
"url": "http://marc.info/?l=bugtraq\u0026m=142118135300698\u0026w=2"
},
{
"trust": 1.7,
"url": "http://marc.info/?l=bugtraq\u0026m=142721162228379\u0026w=2"
},
{
"trust": 1.7,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:164"
},
{
"trust": 1.7,
"url": "http://packetstormsecurity.com/files/137344/sun-secure-global-desktop-oracle-global-desktop-shellshock.html"
},
{
"trust": 1.7,
"url": "https://www.exploit-db.com/exploits/39887/"
},
{
"trust": 1.7,
"url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-c04518183"
},
{
"trust": 1.7,
"url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-c04497075"
},
{
"trust": 1.7,
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1008-security-advisory-0006"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-6277"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-6278"
},
{
"trust": 1.4,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/"
},
{
"trust": 1.4,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
},
{
"trust": 1.4,
"url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-7169"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-6271"
},
{
"trust": 1.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-7186"
},
{
"trust": 1.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-7187"
},
{
"trust": 1.0,
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=cve-2014-6278"
},
{
"trust": 0.4,
"url": "https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetsea"
},
{
"trust": 0.3,
"url": "http://lcamtuf.blogspot.de/2014/09/bash-bug-apply-unofficial-patch-now.html"
},
{
"trust": 0.3,
"url": "http://www.gnu.org/software/bash/"
},
{
"trust": 0.3,
"url": "https://lists.gnu.org/archive/html/bug-bash/2014-10/msg00040.html"
},
{
"trust": 0.3,
"url": "https://supportcenter.checkpoint.com/supportcenter/portal?eventsubmit_dogoviewsolutiondetails=\u0026solutionid=sk102673"
},
{
"trust": 0.3,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=kb83017"
},
{
"trust": 0.3,
"url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_bash"
},
{
"trust": 0.3,
"url": "http://lcamtuf.blogspot.in/2014/09/quick-notes-about-bash-bug-its-impact.html"
},
{
"trust": 0.3,
"url": "http://www.fortiguard.com/advisory/fg-ir-14-030/"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/connections/blogs/psirt/entry/security_bulletin_vulnerabilities_in_bash_affect_certain_qlogic_products_that_ibm_resells_for_bladecenter_and_flex_system_products_cve_2014_6271_c"
},
{
"trust": 0.3,
"url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-notices/archive/hw-372538.htm"
},
{
"trust": 0.3,
"url": "http://support.f5.com/kb/en-us/solutions/public/15000/600/sol15629.html?ref=rss"
},
{
"trust": 0.3,
"url": "http://www.ibm.com/support/docview.wss?uid=ssg1s1004932"
},
{
"trust": 0.3,
"url": "http://www.ibm.com/support/docview.wss?uid=swg21686433"
},
{
"trust": 0.3,
"url": "http://www.ibm.com/support/docview.wss?uid=isg3t1021361"
},
{
"trust": 0.3,
"url": "http://www.ibm.com/support/docview.wss?uid=swg21686494"
},
{
"trust": 0.3,
"url": "http://www.ibm.com/support/docview.wss?uid=swg21686445"
},
{
"trust": 0.3,
"url": "http://www.ibm.com/support/docview.wss?uid=ssg1s1004903"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004928"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004911"
},
{
"trust": 0.3,
"url": "http://www.ibm.com/support/docview.wss?uid=swg21686479"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04497075"
},
{
"trust": 0.3,
"url": "http://seclists.org/fulldisclosure/2014/oct/25"
},
{
"trust": 0.3,
"url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10661\u0026cat=sirt_1\u0026actp=list"
},
{
"trust": 0.3,
"url": "https://downloads.avaya.com/css/p8/documents/100183172"
},
{
"trust": 0.3,
"url": "https://ics-cert.us-cert.gov/advisories/supplement-icsa-14-269-01"
},
{
"trust": 0.3,
"url": "http://www.kb.cert.org/vuls/id/bluu-9paps5"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04479398"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04479402"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04479601"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04479505"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04479492"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04475942"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04471532"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04488200"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04478866"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04479536"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04540692"
},
{
"trust": 0.3,
"url": "http://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04561445"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04471546"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04471538"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04497042"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04512907 "
},
{
"trust": 0.3,
"url": "http://seclists.org/bugtraq/2015/feb/76"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04558068"
},
{
"trust": 0.3,
"url": "http://seclists.org/bugtraq/2015/feb/77"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04487558"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04487573"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04496383"
},
{
"trust": 0.3,
"url": "http://www.kb.cert.org/vuls/id/bluu-9paptm"
},
{
"trust": 0.3,
"url": "http://www.kb.cert.org/vuls/id/bluu-9paptz"
},
{
"trust": 0.3,
"url": "https://www.xerox.com/download/security/security-bulletin/1a2e5-5116a33c2fb27/cert_security_mini-_bulletin_xrx15k_for_77xx_r15-03_v1.0.pdf"
},
{
"trust": 0.3,
"url": "https://www.xerox.com/download/security/security-bulletin/2b8d8-513128526dd97/cert_security_mini-_bulletin_xrx15m_for_wc75xx_v1_1.pdf"
},
{
"trust": 0.3,
"url": "https://www.xerox.com/download/security/security-bulletin/2eeef-51056e459c6d8/cert_security_mini-_bulletin_xrx15h_for_p7800_v1_0.pdf"
},
{
"trust": 0.3,
"url": "https://www.xerox.com/download/security/security-bulletin/2a20e-5105457a515cc/cert_security_mini-_bulletin_xrx15e_for_wc57xx_v1_0.pdf"
},
{
"trust": 0.3,
"url": "https://www.xerox.com/download/security/security-bulletin/2a901-510567b876a35/cert_security_mini-_bulletin_xrx15g_for_p6700_v1_0.pdf"
},
{
"trust": 0.3,
"url": "https://www.xerox.com/download/security/security-bulletin/29a7e-50e49f9c009f9/cert_security_mini_bulletin_xrx14g_for_77xx_v1.1.pdf"
},
{
"trust": 0.3,
"url": "https://www.xerox.com/download/security/security-bulletin/1a7a1-50f12e334b734/cert_security_mini-_bulletin_xrx14h_for_wc59xx_v1.pdf"
},
{
"trust": 0.3,
"url": "https://www.xerox.com/download/security/security-bulletin/2df3c-51055b159fd50/cert_security_mini_bulletin_xrx15f_for_connectkey_1.5_v1-01.pdf"
},
{
"trust": 0.3,
"url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-377648.htm"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=ssg1s1004982"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=ssg1s1004879"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685873"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21686132"
},
{
"trust": 0.3,
"url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5096533"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21686024"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686037"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21685733"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686171"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21686098"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685875"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=nas8n1020272"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21685541"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=ssg1s1004905"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685673"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21685837"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21687971"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685691"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004933"
},
{
"trust": 0.3,
"url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5096503"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004945"
},
{
"trust": 0.3,
"url": "https://downloads.avaya.com/css/p8/documents/100183088"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2104-6277"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2104-6278"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/78.html"
},
{
"trust": 0.1,
"url": "https://www.securityfocus.com/bid/70166"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=35880"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/2380-1/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0224"
},
{
"trust": 0.1,
"url": "https://rhn.redhat.com/errata/rhsa-2014-1311.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-7196"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/bash/4.2-2ubuntu2.6"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/bash/4.3-7ubuntu1.5"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/bash/4.1-2ubuntu3.5"
},
{
"trust": 0.1,
"url": "https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse"
},
{
"trust": 0.1,
"url": "http://www.hp.com/support/eslg3"
},
{
"trust": 0.1,
"url": "http://support.openview.hp.com/selfsolve/document/km01194259"
},
{
"trust": 0.1,
"url": "http://h20565.www2.hp.com/portal/site/hpsc/template.page/public/psi/swddetail"
},
{
"trust": 0.1,
"url": "http://h20272.www2.hp.com/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2014-6278"
},
{
"db": "BID",
"id": "70166"
},
{
"db": "PACKETSTORM",
"id": "128764"
},
{
"db": "PACKETSTORM",
"id": "130336"
},
{
"db": "PACKETSTORM",
"id": "128606"
},
{
"db": "PACKETSTORM",
"id": "128753"
},
{
"db": "PACKETSTORM",
"id": "130988"
},
{
"db": "PACKETSTORM",
"id": "129069"
},
{
"db": "PACKETSTORM",
"id": "129068"
},
{
"db": "PACKETSTORM",
"id": "128752"
},
{
"db": "PACKETSTORM",
"id": "128666"
},
{
"db": "PACKETSTORM",
"id": "129438"
},
{
"db": "PACKETSTORM",
"id": "129095"
},
{
"db": "PACKETSTORM",
"id": "128762"
},
{
"db": "PACKETSTORM",
"id": "129073"
},
{
"db": "PACKETSTORM",
"id": "128765"
},
{
"db": "PACKETSTORM",
"id": "128760"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-1110"
},
{
"db": "NVD",
"id": "CVE-2014-6278"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2014-6278"
},
{
"db": "BID",
"id": "70166"
},
{
"db": "PACKETSTORM",
"id": "128764"
},
{
"db": "PACKETSTORM",
"id": "130336"
},
{
"db": "PACKETSTORM",
"id": "128606"
},
{
"db": "PACKETSTORM",
"id": "128753"
},
{
"db": "PACKETSTORM",
"id": "130988"
},
{
"db": "PACKETSTORM",
"id": "129069"
},
{
"db": "PACKETSTORM",
"id": "129068"
},
{
"db": "PACKETSTORM",
"id": "128752"
},
{
"db": "PACKETSTORM",
"id": "128666"
},
{
"db": "PACKETSTORM",
"id": "129438"
},
{
"db": "PACKETSTORM",
"id": "129095"
},
{
"db": "PACKETSTORM",
"id": "128762"
},
{
"db": "PACKETSTORM",
"id": "129073"
},
{
"db": "PACKETSTORM",
"id": "128765"
},
{
"db": "PACKETSTORM",
"id": "128760"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-1110"
},
{
"db": "NVD",
"id": "CVE-2014-6278"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-09-30T00:00:00",
"db": "VULMON",
"id": "CVE-2014-6278"
},
{
"date": "2014-09-27T00:00:00",
"db": "BID",
"id": "70166"
},
{
"date": "2014-10-20T17:57:00",
"db": "PACKETSTORM",
"id": "128764"
},
{
"date": "2015-02-10T17:43:27",
"db": "PACKETSTORM",
"id": "130336"
},
{
"date": "2014-10-09T23:44:16",
"db": "PACKETSTORM",
"id": "128606"
},
{
"date": "2014-10-20T13:55:00",
"db": "PACKETSTORM",
"id": "128753"
},
{
"date": "2015-03-24T17:07:02",
"db": "PACKETSTORM",
"id": "130988"
},
{
"date": "2014-11-12T18:13:47",
"db": "PACKETSTORM",
"id": "129069"
},
{
"date": "2014-11-12T18:13:39",
"db": "PACKETSTORM",
"id": "129068"
},
{
"date": "2014-10-20T13:14:00",
"db": "PACKETSTORM",
"id": "128752"
},
{
"date": "2014-10-14T23:07:16",
"db": "PACKETSTORM",
"id": "128666"
},
{
"date": "2014-12-09T23:15:30",
"db": "PACKETSTORM",
"id": "129438"
},
{
"date": "2014-11-13T17:15:31",
"db": "PACKETSTORM",
"id": "129095"
},
{
"date": "2014-10-20T17:44:00",
"db": "PACKETSTORM",
"id": "128762"
},
{
"date": "2014-11-12T18:14:19",
"db": "PACKETSTORM",
"id": "129073"
},
{
"date": "2014-10-20T18:22:00",
"db": "PACKETSTORM",
"id": "128765"
},
{
"date": "2014-10-20T17:03:00",
"db": "PACKETSTORM",
"id": "128760"
},
{
"date": "2014-09-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201409-1110"
},
{
"date": "2014-09-30T10:55:04.723000",
"db": "NVD",
"id": "CVE-2014-6278"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-11-17T00:00:00",
"db": "VULMON",
"id": "CVE-2014-6278"
},
{
"date": "2016-07-05T21:53:00",
"db": "BID",
"id": "70166"
},
{
"date": "2021-11-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201409-1110"
},
{
"date": "2025-10-22T01:16:02.357000",
"db": "NVD",
"id": "CVE-2014-6278"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201409-1110"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GNU Bash Operating system command injection vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201409-1110"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201409-1110"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…