CVE-2014-6271

critical-risk

Published 2014-09-24

GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.

Do I need to act?

94.2% chance of exploitation in next 30 days

EPSS score — higher than 6% of all CVEs

CISA KEV: actively exploited in the wild

On the Known Exploited Vulnerabilities catalog — federal agencies must patch

21 public exploits available

38849, 34777, 39918 and 18 more

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 9.8/10 Critical

NETWORK / LOW complexity

Affected Products (20)

Eos

Linux

Qts

Gluster Storage Server For On-Premise

Virtualization

Enterprise Linux

Enterprise Linux Desktop

Enterprise Linux Eus

Enterprise Linux For Ibm Z Systems

Enterprise Linux For Power Big Endian

Enterprise Linux For Power Big Endian Eus

Affected Vendors

F5 Vmware Gnu Suse Checkpoint Apple Opensuse Oracle Debian Arista Novell Canonical Redhat Citrix Ibm Mageia Qnap

References (341)

Third Party Advisory http://advisories.mageia.org/MGASA-2014-0388.html

Broken Link http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html

Vendor Advisory http://jvn.jp/en/jp/JVN55667175/index.html

Third Party Advisory http://jvndb.jvn.jp/jvndb/JVNDB-2014-000126

Third Party Advisory http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10673

Exploit http://lcamtuf.blogspot.com/2014/09/quick-notes-about-bash-bug-its-impact.html

Third Party Advisory http://linux.oracle.com/errata/ELSA-2014-1293.html

Third Party Advisory http://linux.oracle.com/errata/ELSA-2014-1294.html

Mailing List http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00028.html

Mailing List http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00029.html

Mailing List http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00034.html

Mailing List http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00037.html

Mailing List http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00040.html

Mailing List http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00044.html

Mailing List http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00049.html

Mailing List http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00004.html

Mailing List http://lists.opensuse.org/opensuse-updates/2014-10/msg00023.html

Mailing List http://lists.opensuse.org/opensuse-updates/2014-10/msg00025.html

Mailing List http://marc.info/?l=bugtraq&m=141216207813411&w=2

Mailing List http://marc.info/?l=bugtraq&m=141216668515282&w=2

and 321 more references

Get this data via API

curl -H "Authorization: Bearer YOUR_KEY" \
  https://cyber.phasetransitions.ai/api/v1/cves/CVE-2014-6271

Free tier: 100 requests/day, no credit card.

/ 100

critical-risk

Severity 32/34 · Critical

Exploitability 34/34 · Critical

Exposure 33/34 · Critical