CVE-2014-6271

Known Exploited Public Exploit

Description

GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.

References

Link	Tags
https://www.exploit-db.com/exploits/37816/	exploit vdb entry third party advisory
http://packetstormsecurity.com/files/128517/VMware-Security-Advisory-2014-0010.html	exploit vdb entry third party advisory
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00034.html	mailing list third party advisory vendor advisory
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004897	third party advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21685749	third party advisory
http://marc.info/?l=bugtraq&m=141577137423233&w=2	mailing list third party advisory vendor advisory
http://marc.info/?l=bugtraq&m=142719845423222&w=2	mailing list third party advisory vendor advisory
https://www.exploit-db.com/exploits/39918/	exploit vdb entry third party advisory
http://marc.info/?l=bugtraq&m=141216668515282&w=2	mailing list third party advisory vendor advisory
http://rhn.redhat.com/errata/RHSA-2014-1295.html	third party advisory vendor advisory
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00037.html	mailing list third party advisory vendor advisory
https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/	third party advisory exploit
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk102673&src=securityAlerts	third party advisory
http://marc.info/?l=bugtraq&m=141383138121313&w=2	mailing list third party advisory vendor advisory
http://marc.info/?l=bugtraq&m=142721162228379&w=2	mailing list third party advisory vendor advisory
http://www.securityfocus.com/archive/1/533593/100/0/threaded	mailing list vdb entry third party advisory broken link
http://marc.info/?l=bugtraq&m=142358026505815&w=2	mailing list third party advisory vendor advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21686084	third party advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21686479	third party advisory broken link
http://secunia.com/advisories/61188	third party advisory broken link
http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0	third party advisory broken link
http://jvn.jp/en/jp/JVN55667175/index.html	third party advisory vendor advisory
http://secunia.com/advisories/61676	third party advisory broken link
https://www.exploit-db.com/exploits/40619/	exploit vdb entry third party advisory
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00044.html	mailing list third party advisory vendor advisory
http://secunia.com/advisories/60433	third party advisory broken link
https://www.exploit-db.com/exploits/38849/	exploit vdb entry third party advisory
http://marc.info/?l=bugtraq&m=141383026420882&w=2	mailing list third party advisory vendor advisory
http://marc.info/?l=bugtraq&m=141585637922673&w=2	mailing list third party advisory vendor advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10673	third party advisory
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00049.html	mailing list third party advisory vendor advisory
http://marc.info/?l=bugtraq&m=141576728022234&w=2	mailing list third party advisory vendor advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21685541	third party advisory
http://secunia.com/advisories/61715	third party advisory broken link
http://www.oracle.com/technetwork/topics/security/bashcve-2014-7169-2317675.html	third party advisory
http://secunia.com/advisories/61816	third party advisory broken link
http://lists.opensuse.org/opensuse-updates/2014-10/msg00025.html	mailing list third party advisory vendor advisory
http://secunia.com/advisories/61442	third party advisory broken link
http://marc.info/?l=bugtraq&m=142358078406056&w=2	mailing list third party advisory vendor advisory
http://marc.info/?l=bugtraq&m=142805027510172&w=2	mailing list third party advisory vendor advisory
http://secunia.com/advisories/61283	third party advisory broken link
http://marc.info/?l=bugtraq&m=142113462216480&w=2	mailing list third party advisory vendor advisory
http://www.ubuntu.com/usn/USN-2362-1	third party advisory vendor advisory
https://kc.mcafee.com/corporate/index?page=content&id=SB10085	third party advisory broken link
http://lists.opensuse.org/opensuse-updates/2014-10/msg00023.html	mailing list third party advisory vendor advisory
http://secunia.com/advisories/61654	third party advisory broken link
http://secunia.com/advisories/61542	third party advisory broken link
http://www.novell.com/support/kb/doc.php?id=7015701	third party advisory
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096315	third party advisory broken link
http://secunia.com/advisories/62312	third party advisory broken link
http://secunia.com/advisories/59272	third party advisory broken link
http://marc.info/?l=bugtraq&m=141319209015420&w=2	mailing list third party advisory vendor advisory
https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15629.html	third party advisory
http://marc.info/?l=bugtraq&m=141879528318582&w=2	mailing list third party advisory vendor advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21685604	third party advisory
http://marc.info/?l=bugtraq&m=142118135300698&w=2	mailing list third party advisory vendor advisory
http://secunia.com/advisories/61703	third party advisory broken link
http://support.apple.com/kb/HT6495	third party advisory
http://www.kb.cert.org/vuls/id/252743	third party advisory us government resource
http://secunia.com/advisories/61065	third party advisory broken link
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00029.html	mailing list third party advisory vendor advisory
http://marc.info/?l=bugtraq&m=141383196021590&w=2	mailing list third party advisory vendor advisory
http://marc.info/?l=bugtraq&m=141383081521087&w=2	mailing list third party advisory vendor advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21686445	third party advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21686131	third party advisory
http://www.securityfocus.com/bid/70103	vdb entry third party advisory broken link
http://jvndb.jvn.jp/jvndb/JVNDB-2014-000126	vdb entry third party advisory vendor advisory
http://www.us-cert.gov/ncas/alerts/TA14-268A	third party advisory us government resource
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00028.html	mailing list third party advisory vendor advisory
http://secunia.com/advisories/61641	third party advisory broken link
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10648	third party advisory
https://access.redhat.com/node/1200223	third party advisory exploit
http://packetstormsecurity.com/files/137376/IPFire-Bash-Environment-Variable-Injection-Shellshock.html	exploit vdb entry third party advisory
http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00004.html	mailing list third party advisory vendor advisory
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004898	third party advisory
http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html	broken link third party advisory vendor advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21685914	third party advisory broken link
http://seclists.org/fulldisclosure/2014/Oct/0	third party advisory mailing list
http://www.mandriva.com/security/advisories?name=MDVSA-2015:164	broken link third party advisory vendor advisory
http://rhn.redhat.com/errata/RHSA-2014-1293.html	third party advisory vendor advisory
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04497075	third party advisory
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00040.html	mailing list third party advisory vendor advisory
http://secunia.com/advisories/60325	third party advisory broken link
https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes	third party advisory broken link
http://secunia.com/advisories/60024	third party advisory broken link
http://packetstormsecurity.com/files/128567/CA-Technologies-GNU-Bash-Shellshock.html	exploit vdb entry third party advisory
https://www.exploit-db.com/exploits/34879/	exploit vdb entry third party advisory
https://access.redhat.com/articles/1200223	third party advisory exploit
http://secunia.com/advisories/62343	third party advisory broken link
http://secunia.com/advisories/61565	third party advisory broken link
https://www.suse.com/support/shellshock/	third party advisory
http://marc.info/?l=bugtraq&m=141450491804793&w=2	mailing list third party advisory vendor advisory
http://secunia.com/advisories/61313	third party advisory broken link
http://secunia.com/advisories/61873	third party advisory broken link
http://secunia.com/advisories/61485	third party advisory broken link
http://secunia.com/advisories/60947	third party advisory broken link
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04518183	third party advisory broken link
https://support.apple.com/kb/HT6535	third party advisory
http://marc.info/?l=bugtraq&m=141577297623641&w=2	mailing list third party advisory vendor advisory
http://marc.info/?l=bugtraq&m=142546741516006&w=2	mailing list third party advisory vendor advisory
http://www-01.ibm.com/support/docview.wss?uid=isg3T1021272	third party advisory
http://marc.info/?l=bugtraq&m=141383244821813&w=2	mailing list third party advisory vendor advisory
http://secunia.com/advisories/61312	third party advisory broken link
http://secunia.com/advisories/60193	third party advisory broken link
http://www.vmware.com/security/advisories/VMSA-2014-0010.html	third party advisory
http://linux.oracle.com/errata/ELSA-2014-1294.html	third party advisory
http://secunia.com/advisories/60063	third party advisory broken link
http://packetstormsecurity.com/files/128573/Apache-mod_cgi-Remote-Command-Execution.html	exploit vdb entry third party advisory
http://secunia.com/advisories/60034	third party advisory broken link
http://marc.info/?l=bugtraq&m=141330425327438&w=2	mailing list third party advisory vendor advisory
http://lcamtuf.blogspot.com/2014/09/quick-notes-about-bash-bug-its-impact.html	issue tracking exploit third party advisory
http://secunia.com/advisories/59907	third party advisory broken link
http://secunia.com/advisories/58200	third party advisory broken link
http://marc.info/?l=bugtraq&m=141577241923505&w=2	mailing list third party advisory vendor advisory
http://secunia.com/advisories/61643	third party advisory broken link
http://www.novell.com/support/kb/doc.php?id=7015721	third party advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21687079	third party advisory
http://secunia.com/advisories/61503	third party advisory broken link
http://www-01.ibm.com/support/docview.wss?uid=swg21686246	third party advisory
http://rhn.redhat.com/errata/RHSA-2014-1354.html	third party advisory vendor advisory
https://www.exploit-db.com/exploits/40938/	exploit vdb entry third party advisory
http://marc.info/?l=bugtraq&m=141216207813411&w=2	mailing list third party advisory vendor advisory
http://support.novell.com/security/cve/CVE-2014-6271.html	third party advisory
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004915	third party advisory
http://secunia.com/advisories/61547	third party advisory broken link
http://marc.info/?l=bugtraq&m=141383465822787&w=2	mailing list third party advisory vendor advisory
http://www.qnap.com/i/en/support/con_show.php?cid=61	third party advisory
http://marc.info/?l=bugtraq&m=141694386919794&w=2	mailing list third party advisory vendor advisory
http://secunia.com/advisories/61552	third party advisory broken link
http://secunia.com/advisories/61780	third party advisory broken link
http://www-01.ibm.com/support/docview.wss?uid=isg3T1021279	third party advisory
https://support.citrix.com/article/CTX200223	permissions required
http://www.debian.org/security/2014/dsa-3032	mailing list third party advisory vendor advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21686447	third party advisory
http://secunia.com/advisories/62228	third party advisory broken link
http://marc.info/?l=bugtraq&m=141330468527613&w=2	mailing list third party advisory vendor advisory
http://secunia.com/advisories/61855	third party advisory broken link
http://marc.info/?l=bugtraq&m=141235957116749&w=2	mailing list third party advisory vendor advisory
http://secunia.com/advisories/60044	third party advisory broken link
http://secunia.com/advisories/61291	third party advisory broken link
http://rhn.redhat.com/errata/RHSA-2014-1294.html	third party advisory vendor advisory
http://marc.info/?l=bugtraq&m=141345648114150&w=2	mailing list third party advisory vendor advisory
http://secunia.com/advisories/59737	third party advisory broken link
http://secunia.com/advisories/61287	third party advisory broken link
http://marc.info/?l=bugtraq&m=141383353622268&w=2	mailing list third party advisory vendor advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1141597	issue tracking patch
http://secunia.com/advisories/61711	third party advisory broken link
http://www-01.ibm.com/support/docview.wss?uid=isg3T1021361	third party advisory
http://marc.info/?l=bugtraq&m=141383304022067&w=2	mailing list third party advisory vendor advisory
http://advisories.mageia.org/MGASA-2014-0388.html	third party advisory
http://secunia.com/advisories/61128	third party advisory broken link
https://support.citrix.com/article/CTX200217	third party advisory
http://secunia.com/advisories/61471	third party advisory broken link
http://secunia.com/advisories/60055	third party advisory broken link
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash	third party advisory vendor advisory
http://secunia.com/advisories/61550	third party advisory broken link
http://secunia.com/advisories/61633	third party advisory broken link
http://linux.oracle.com/errata/ELSA-2014-1293.html	third party advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21686494	third party advisory
https://kb.bluecoat.com/index?page=content&id=SA82	third party advisory broken link
http://secunia.com/advisories/61328	third party advisory broken link
http://www-01.ibm.com/support/docview.wss?uid=swg21685733	third party advisory
https://www.exploit-db.com/exploits/42938/	exploit vdb entry third party advisory
http://secunia.com/advisories/61129	third party advisory broken link
http://secunia.com/advisories/61700	third party advisory broken link
http://secunia.com/advisories/61603	third party advisory broken link
http://secunia.com/advisories/61857	third party advisory broken link
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004879	third party advisory
http://packetstormsecurity.com/files/161107/SonicWall-SSL-VPN-Shellshock-Remote-Code-Execution.html	vdb entry third party advisory
https://www.arista.com/en/support/advisories-notices/security-advisories/1008-security-advisory-0006	third party advisory

Frequently Asked Questions

What is the severity of CVE-2014-6271?: CVE-2014-6271 has been scored as a critical severity vulnerability.
How to fix CVE-2014-6271?: To fix CVE-2014-6271, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2014-6271 being actively exploited in the wild?: It is confirmed that CVE-2014-6271 is actively exploited. Be extra cautious if you are using vulnerable components. According to its EPSS score, there is a ~94% probability that this vulnerability will be exploited by malicious actors in the next 30 days.

Description

Category

CWE-78 – Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

References

Frequently Asked Questions