Vulnerability Details : CVE-2014-6271
Public exploit exists!
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.
Vulnerability category: Execute code
CVE-2014-6271 is in the CISA Known Exploited Vulnerabilities Catalog
CISA vulnerability name:
GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability
CISA required action:
Apply updates per vendor instructions.
CISA description:
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute code.
Added on
2022-01-28
Action due date
2022-07-28
Exploit prediction scoring system (EPSS) score for CVE-2014-6271
Probability of exploitation activity in the next 30 days: 97.56%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 100 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2014-6271
-
Apache mod_cgi Bash Environment Variable Code Injection (Shellshock)
Disclosure Date: 2014-09-24First seen: 2020-04-26exploit/multi/http/apache_mod_cgi_bash_env_execThis module exploits the Shellshock vulnerability, a flaw in how the Bash shell handles external environment variables. This module targets CGI scripts in the Apache web server by setting the HTTP_USER_AGENT environment variable to a malicious function definition. -
CUPS Filter Bash Environment Variable Code Injection (Shellshock)
Disclosure Date: 2014-09-24First seen: 2020-04-26exploit/multi/http/cups_bash_env_execThis module exploits the Shellshock vulnerability, a flaw in how the Bash shell handles external environment variables. This module targets CUPS filters through the PRINTER_INFO and PRINTER_LOCATION variables. A valid username and password is required to exploit this -
Advantech Switch Bash Environment Variable Code Injection (Shellshock)
Disclosure Date: 2015-12-01First seen: 2020-04-26exploit/linux/http/advantech_switch_bash_env_execThis module exploits the Shellshock vulnerability, a flaw in how the Bash shell handles external environment variables. This module targets the 'ping.sh' CGI script, accessible through the Boa web server on Advantech switches. This module was tested against firmware -
IPFire Bash Environment Variable Injection (Shellshock)
Disclosure Date: 2014-09-29First seen: 2020-04-26exploit/linux/http/ipfire_bashbug_execIPFire, a free linux based open source firewall distribution, version <= 2.15 Update Core 82 contains an authenticated remote command execution vulnerability via shellshock in the request headers. Authors: - h00die <mike@stcyrsecurity.com> - Claudio Vivian -
Dhclient Bash Environment Variable Injection (Shellshock)
Disclosure Date: 2014-09-24First seen: 2020-04-26exploit/unix/dhcp/bash_environmentThis module exploits the Shellshock vulnerability, a flaw in how the Bash shell handles external environment variables. This module targets dhclient by responding to DHCP requests with a malicious hostname, domainname, and URL which are then passed to the configurati -
Apache mod_cgi Bash Environment Variable Injection (Shellshock) Scanner
Disclosure Date: 2014-09-24First seen: 2020-04-26auxiliary/scanner/http/apache_mod_cgi_bash_envThis module scans for the Shellshock vulnerability, a flaw in how the Bash shell handles external environment variables. This module targets CGI scripts in the Apache web server by setting the HTTP_USER_AGENT environment variable to a malicious function definition. -
Pure-FTPd External Authentication Bash Environment Variable Code Injection (Shellshock)
Disclosure Date: 2014-09-24First seen: 2020-04-26exploit/multi/ftp/pureftpd_bash_env_execThis module exploits the Shellshock vulnerability, a flaw in how the Bash shell handles external environment variables. This module targets the Pure-FTPd FTP server when it has been compiled with the --with-extauth flag and an external Bash script is used for authent -
OS X VMWare Fusion Privilege Escalation via Bash Environment Code Injection (Shellshock)
Disclosure Date: 2014-09-24First seen: 2020-04-26exploit/osx/local/vmware_bash_function_rootThis module exploits the Shellshock vulnerability, a flaw in how the Bash shell handles external environment variables. This module targets the VMWare Fusion application, allowing an unprivileged local user to get root access. Authors: - Stephane Chazelas - juken -
Qmail SMTP Bash Environment Variable Injection (Shellshock)
Disclosure Date: 2014-09-24First seen: 2020-04-26exploit/unix/smtp/qmail_bash_env_execThis module exploits a shellshock vulnerability on Qmail, a public domain MTA written in C that runs on Unix systems. Due to the lack of validation on the MAIL FROM field, it is possible to execute shell code on a system with a vulnerable BASH (Shellshock). T -
DHCP Client Bash Environment Variable Code Injection (Shellshock)
Disclosure Date: 2014-09-24First seen: 2020-04-26auxiliary/server/dhclient_bash_envThis module exploits the Shellshock vulnerability, a flaw in how the Bash shell handles external environment variables. This module targets dhclient by responding to DHCP requests with a malicious hostname, domainname, and URL which are then passed to the configurati
CVSS scores for CVE-2014-6271
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2014-6271
-
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-6271
-
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00028.html
[security-announce] SUSE-SU-2014:1212-1: critical: Security update for bThird Party Advisory
-
http://marc.info/?l=bugtraq&m=141330468527613&w=2
'[security bulletin] HPSBGN03138 rev.1 - HP Operations Analytics running Bash Shell, Remote Code Exec' - MARCThird Party Advisory
-
http://marc.info/?l=bugtraq&m=141577297623641&w=2
'[security bulletin] HPSBST03154 rev.1 - HP StoreFabric C-series MDS switches and HP C-series Nexus 5' - MARCThird Party Advisory
-
http://lcamtuf.blogspot.com/2014/09/quick-notes-about-bash-bug-its-impact.html
lcamtuf's blog: Quick notes about the bash bug, its impact, and the fixes so farThird Party Advisory
-
http://marc.info/?l=bugtraq&m=141577137423233&w=2
'[security bulletin] HPSBMU03165 rev.1 - HP Propel running Bash Shell, Remote Code Execution' - MARCThird Party Advisory
-
http://linux.oracle.com/errata/ELSA-2014-1293.html
linux.oracle.com | ELSA-2014-1293Third Party Advisory
-
http://marc.info/?l=bugtraq&m=141383138121313&w=2
'[security bulletin] HPSBST03131 rev.1 - HP StoreOnce Backup Systems running Bash Shell, Remote Code ' - MARCThird Party Advisory
-
http://linux.oracle.com/errata/ELSA-2014-1294.html
linux.oracle.com | ELSA-2014-1294Third Party Advisory
-
https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes
StruxureWare Data Center Operation Software Vulnerability Fixes - User Assistance for StruxureWare Data Center Operation 8 - Help Center: Support for EcoStruxure IT, StruxureWare for Data Centers, andThird Party Advisory
-
http://marc.info/?l=bugtraq&m=141216207813411&w=2
'[security bulletin] HPSBGN03117 rev.1 - HP Remote Device Access: Virtual Customer Access System (vCA' - MARCThird Party Advisory
-
http://www-01.ibm.com/support/docview.wss?uid=isg3T1021361
IBM Security Bulletin: Vulnerabilities in Bash affect IBM SDN VE (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278)Third Party Advisory
-
http://www-01.ibm.com/support/docview.wss?uid=swg21685733
IBM Security Bulletin: Vulnerabilities in Bash affect IBM Security Access Manager for Mobile and IBM Security Access Manager for Web (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-20Third Party Advisory
-
http://www-01.ibm.com/support/docview.wss?uid=swg21686447
IBM notice: The page you requested cannot be displayedThird Party Advisory
-
http://marc.info/?l=bugtraq&m=141345648114150&w=2
'[security bulletin] HPSBHF03125 rev.1 - HP Next Generation Firewall (NGFW) running Bash Shell, Remot' - MARCThird Party Advisory
-
http://marc.info/?l=bugtraq&m=141450491804793&w=2
'[security bulletin] HPSBST03157 rev.1 - HP StoreEver ESL E-series Tape Library and HP Virtual Librar' - MARCThird Party Advisory
-
https://www.suse.com/support/shellshock/
ShellShock 101 - Support | SUSEThird Party Advisory
-
https://www.exploit-db.com/exploits/40619/
TrendMicro InterScan Web Security Virtual Appliance - 'Shellshock' Remote Command Injection - Hardware remote ExploitThird Party Advisory;VDB Entry
-
http://marc.info/?l=bugtraq&m=141319209015420&w=2
'[security bulletin] HPSBST03122 rev.1 - HP StoreAll Operating System Software running Bash Shell, Re' - MARCThird Party Advisory
-
http://marc.info/?l=bugtraq&m=141383304022067&w=2
'[security bulletin] HPSBGN03141 rev.1 - HP Automation Insight running Bash Shell, Remote Code Execut' - MARCThird Party Advisory
-
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004898
IBM Security Bulletin: Vulnerabilities in Bash affect IBM System Storage Storwize V7000 Unified (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278)Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00034.html
[security-announce] SUSE-SU-2014:1223-1: critical: Security update for bThird Party Advisory
-
http://marc.info/?l=bugtraq&m=142113462216480&w=2
'[security bulletin] HPSBOV03228 rev.1 - HP OpenVMS running Bash Shell, Remote Code Execution' - MARCThird Party Advisory
-
http://www-01.ibm.com/support/docview.wss?uid=swg21686131
IBM Security Bulletin: Vulnerabilities in Bash affect IBM Workload Deployer (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278)Third Party Advisory
-
http://marc.info/?l=bugtraq&m=141576728022234&w=2
'[security bulletin] HPSBST03155 rev.1 - HP StoreFabric H-series switches running Bash Shell, Remote ' - MARCThird Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=1141597
1141597 – (CVE-2014-6271) CVE-2014-6271 bash: specially-crafted environment variables can be used to inject shell commandsIssue Tracking;Patch;Third Party Advisory
-
http://marc.info/?l=bugtraq&m=141383244821813&w=2
'[security bulletin] HPSBGN03142 rev.1 - HP Business Service Automation Essentials running Bash Shell' - MARCThird Party Advisory
-
https://support.citrix.com/article/CTX200223
Citrix XenServer Shellshock Security UpdateThird Party Advisory
-
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04518183
HPSBMU03220 rev.1 - HP Shunra Network Appliance / HP Shunra Wildcat Appliance, Remote Execution of CodeThird Party Advisory
-
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004879
IBM Security Bulletin: Vulnerabilities in Bash affect DS8000 HMC (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278)Third Party Advisory
-
http://marc.info/?l=bugtraq&m=141383026420882&w=2
'[security bulletin] HPSBMU03143 rev.1 - HP Virtualization Performance Viewer, Bash Shell, Remote Cod' - MARCThird Party Advisory
-
https://www.exploit-db.com/exploits/37816/
Cisco Unified Communications Manager - Multiple Vulnerabilities - Multiple webapps ExploitThird Party Advisory;VDB Entry
-
http://rhn.redhat.com/errata/RHSA-2014-1294.html
RHSA-2014:1294 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10648
Juniper Networks - 2014-09 Out of Cycle Security Bulletin: Multiple Products: Shell Command Injection Vulnerability in BashThird Party Advisory
-
http://marc.info/?l=bugtraq&m=141694386919794&w=2
'[security bulletin] HPSBST03148 rev.1 - HP StoreOnce Gen 2 Backup Systems running Bash Shell, Remote' - MARCThird Party Advisory
-
http://lists.opensuse.org/opensuse-updates/2014-10/msg00025.html
openSUSE-SU-2014:1310-1: moderate: update for bashThird Party Advisory
-
http://www.oracle.com/technetwork/topics/security/bashcve-2014-7169-2317675.html
Oracle Security Alert CVE-2014-7169Third Party Advisory
-
http://marc.info/?l=bugtraq&m=142721162228379&w=2
'[security bulletin] HPSBMU03220 rev.1 - HP Shunra Network Appliance / HP Shunra Wildcat Appliance, R' - MARCThird Party Advisory
-
http://marc.info/?l=bugtraq&m=141585637922673&w=2
'[security bulletin] HPSBMU03182 rev.1 - HP Server Automation running Bash Shell, Remote Code Executi' - MARCThird Party Advisory
-
http://www.kb.cert.org/vuls/id/252743
VU#252743 - GNU Bash shell executes commands in exported functions in environment variablesThird Party Advisory;US Government Resource
-
http://www.securityfocus.com/bid/70103
GNU Bash CVE-2014-6271 Remote Code Execution VulnerabilityThird Party Advisory;VDB Entry
-
http://marc.info/?l=bugtraq&m=141235957116749&w=2
'[security bulletin] HPSBHF03124 rev.1 - HP Thin Clients running Bash, Remote Execution of Code' - MARCThird Party Advisory
-
https://www.exploit-db.com/exploits/34879/
OpenVPN 2.2.29 - 'Shellshock' Remote Command Injection - Linux remote ExploitThird Party Advisory;VDB Entry
-
https://access.redhat.com/node/1200223
Bash Code Injection Vulnerability via Specially Crafted Environment Variables (CVE-2014-6271, CVE-2014-7169) - Red Hat Customer PortalThird Party Advisory
-
http://marc.info/?l=bugtraq&m=142805027510172&w=2
'[security bulletin] HPSBST03195 rev.1 - HP 3PAR Service Processor (SP) running OpenSSL and Bash, Rem' - MARCThird Party Advisory
-
http://secunia.com/advisories/61542
Sign inThird Party Advisory
-
https://www.exploit-db.com/exploits/38849/
Advantech Switch - 'Shellshock' Bash Environment Variable Command Injection (Metasploit) - CGI remote ExploitThird Party Advisory;VDB Entry
-
https://www.exploit-db.com/exploits/42938/
Qmail SMTP - Bash Environment Variable Injection (Metasploit) - Linux remote ExploitThird Party Advisory;VDB Entry
-
http://packetstormsecurity.com/files/161107/SonicWall-SSL-VPN-Shellshock-Remote-Code-Execution.html
SonicWall SSL-VPN Shellshock Remote Code Execution ≈ Packet StormThird Party Advisory;VDB Entry
-
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash
GNU Bash Environment Variable Command Injection VulnerabilityThird Party Advisory
-
https://www.exploit-db.com/exploits/39918/
IPFire - 'Shellshock' Bash Environment Variable Command Injection (Metasploit) - CGI remote ExploitExploit;Third Party Advisory;VDB Entry
-
https://kb.bluecoat.com/index?page=content&id=SA82
Third Party Advisory
-
http://www-01.ibm.com/support/docview.wss?uid=swg21685749
IBM Security Bulletin: Vulnerabilities in Bash affect IBM InfoSphere Guardium Database Activity Monitoring (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278)Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00040.html
[security-announce] openSUSE-SU-2014:1238-1: important: Important securiThird Party Advisory
-
http://www.mandriva.com/security/advisories?name=MDVSA-2015:164
mandriva.comThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00004.html
[security-announce] SUSE-SU-2014:1287-1: important: Security update forThird Party Advisory
-
http://www.vmware.com/security/advisories/VMSA-2014-0010.html
VMSA-2014-0010.13Third Party Advisory
-
http://marc.info/?l=bugtraq&m=141383081521087&w=2
'[security bulletin] HPSBMU03144 rev.1 - HP Operation Agent Virtual Appliance, Bash Shell, Remote Cod' - MARCThird Party Advisory
-
http://marc.info/?l=bugtraq&m=141383465822787&w=2
'[security bulletin] HPSBHF03145 rev.1 - HP Integrity Superdome X and HP Converged System 900 for SAP' - MARCThird Party Advisory
-
http://advisories.mageia.org/MGASA-2014-0388.html
Mageia Advisory: MGASA-2014-0388 - Updated bash packages fix CVE-2014-6271Third Party Advisory
-
http://www.qnap.com/i/en/support/con_show.php?cid=61
Software Update and Security Advisory | QNAPThird Party Advisory
-
http://support.novell.com/security/cve/CVE-2014-6271.html
CVE-2014-6271 | SUSEThird Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2014-1354.html
RHSA-2014:1354 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00037.html
[security-announce] openSUSE-SU-2014:1226-1: critical: bash: security anThird Party Advisory
-
http://www.us-cert.gov/ncas/alerts/TA14-268A
GNU Bourne-Again Shell (Bash) ‘Shellshock’ Vulnerability (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277 and CVE 2014-6278) | CISAThird Party Advisory;US Government Resource
-
https://kc.mcafee.com/corporate/index?page=content&id=SB10085
McAfee Security Bulletin: Bash Shellshock Code Injection Exploit Updates for CVE-2014-6271 and CVE-2014-7169Third Party Advisory
-
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk102673&src=securityAlerts
Check Point Response to CVE-2014-6271 and CVE-2014-7169 Bash Code Injection vulnerabilityThird Party Advisory
-
http://marc.info/?l=bugtraq&m=142358026505815&w=2
'[security bulletin] HPSBMU03245 rev.1 - HP Insight Control server deployment Linux Preboot Execution' - MARCThird Party Advisory
-
http://marc.info/?l=bugtraq&m=141330425327438&w=2
'[security bulletin] HPSBMU03133 rev.1 - HP Enterprise Maps Virtual Appliance running Bash Shell, Rem' - MARCThird Party Advisory
-
https://www.exploit-db.com/exploits/40938/
RedStar 3.0 Server - 'Shellshock' 'BEAM' / 'RSSMON' Command Injection - Linux local ExploitThird Party Advisory;VDB Entry
-
http://rhn.redhat.com/errata/RHSA-2014-1295.html
RHSA-2014:1295 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://secunia.com/advisories/62228
Sign inThird Party Advisory
-
http://seclists.org/fulldisclosure/2014/Oct/0
Full Disclosure: FW: NEW VMSA-2014-0010 - VMware product updates address critical Bash security vulnerabilitiesMailing List;Third Party Advisory
-
http://marc.info/?l=bugtraq&m=141216668515282&w=2
'[security bulletin] HPSBHF03119 rev.1 - HP DreamColor Display running Bash Shell, Remote Code Execut' - MARCThird Party Advisory
-
http://www-01.ibm.com/support/docview.wss?uid=swg21685604
IBM Security Bulletin: Vulnerabilities in Bash and GNU C Library affect WebSphere Transformation Extender (WTX) with Launcher Hypervisor Edition (CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-Third Party Advisory
-
http://www-01.ibm.com/support/docview.wss?uid=swg21686479
IBM notice: The page you requested cannot be displayedThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00049.html
[security-announce] SUSE-SU-2014:1260-1: critical: bashThird Party Advisory
-
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096315
IBM Security Bulletin: Vulnerabilities in Bash affect IBM Flex System Manager (FSM): (CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187)Third Party Advisory
-
http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0
KB Article | Forcepoint SupportThird Party Advisory
-
http://www.securityfocus.com/archive/1/533593/100/0/threaded
SecurityFocusThird Party Advisory;VDB Entry
-
https://support.apple.com/kb/HT6535
About the security content of OS X Yosemite v10.10 - Apple SupportThird Party Advisory
-
http://www-01.ibm.com/support/docview.wss?uid=swg21686246
IBM Security Bulletin: Vulnerabilities in Bash affect IBM PureApplication System (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278)Third Party Advisory
-
http://www-01.ibm.com/support/docview.wss?uid=swg21686445
IBM Security Bulletin: Vulnerabilities in Bash affect IBM Smart Analytics System 7600, 7700 and 7710 (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278)Third Party Advisory
-
http://secunia.com/advisories/61547
Sign inThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00029.html
[security-announce] SUSE-SU-2014:1213-1: critical: Security update for bThird Party Advisory
-
https://access.redhat.com/articles/1200223
Bash Code Injection Vulnerability via Specially Crafted Environment Variables (CVE-2014-6271, CVE-2014-7169) - Red Hat Customer PortalThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00044.html
[security-announce] openSUSE-SU-2014:1254-1: critical: bashThird Party Advisory
-
http://support.apple.com/kb/HT6495
About OS X bash Update 1.0 - Apple SupportThird Party Advisory
-
http://marc.info/?l=bugtraq&m=141383353622268&w=2
'[security bulletin] HPSBHF03146 rev.1 - HP Integrity SD2 CB900s i4 & i2 Server running Bash Shell, R' - MARCThird Party Advisory
-
https://support.citrix.com/article/CTX200217
Citrix Security Advisory for GNU Bash Shellshock VulnerabilitiesThird Party Advisory
-
http://www.novell.com/support/kb/doc.php?id=7015701
OES11 SP2, OES11SP1, OES2 SP3 vulnerability with GNU Bash Remote Code Execution (aka ShellShock) and Mozilla NSS vulnerabilitiesThird Party Advisory
-
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10673
Juniper Networks - 2015-04 Security Bulletin: IDP: Multiple vulnerabilities addressed by third party software updates.Third Party Advisory
-
http://marc.info/?l=bugtraq&m=142546741516006&w=2
'[security bulletin] HPSBST03265 rev.1 - HP VMA SAN Gateway running Bash Shell and OpenSSL, Remote De' - MARCThird Party Advisory
-
http://www-01.ibm.com/support/docview.wss?uid=isg3T1021279
IBM Security Bulletin: Vulnerabilities in Bash affect IBM SmartCloud Entry Appliance (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278)Third Party Advisory
-
http://www.debian.org/security/2014/dsa-3032
Debian -- Security Information -- DSA-3032-1 bashThird Party Advisory
-
http://packetstormsecurity.com/files/137376/IPFire-Bash-Environment-Variable-Injection-Shellshock.html
IPFire Bash Environment Variable Injection (Shellshock) ≈ Packet StormExploit;Third Party Advisory;VDB Entry
-
http://lists.opensuse.org/opensuse-updates/2014-10/msg00023.html
openSUSE-SU-2014:1308-1: moderate: update for bashThird Party Advisory
-
http://www-01.ibm.com/support/docview.wss?uid=isg3T1021272
IBM Security Bulletin: UPDATE: Vulnerabilities in Bash affect AIX Toolbox for Linux Applications (CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186, and CVE-2014-7187)Third Party Advisory
-
http://www-01.ibm.com/support/docview.wss?uid=swg21686084
IBM Security Bulletin: Vulnerabilities in Bash affect SmartCloud Provisioning for IBM Provided Software Virtual ApplianceThird Party Advisory
-
http://jvndb.jvn.jp/jvndb/JVNDB-2014-000126
JVNDB-2014-000126 - JVN iPedia - 脆弱性対策情報データベースThird Party Advisory;VDB Entry;Vendor Advisory
-
http://marc.info/?l=bugtraq&m=142719845423222&w=2
'[security bulletin] HPSBST03196 rev.1- HP StoreEver MSL6480 Tape Library running OpenSSL, Remote Cod' - MARCThird Party Advisory
-
https://www.arista.com/en/support/advisories-notices/security-advisories/1008-security-advisory-0006
Security Advisory 0006 - Arista
-
http://www.ubuntu.com/usn/USN-2362-1
USN-2362-1: Bash vulnerability | Ubuntu security noticesThird Party Advisory
-
http://packetstormsecurity.com/files/128567/CA-Technologies-GNU-Bash-Shellshock.html
CA Technologies GNU Bash Shellshock ≈ Packet StormThird Party Advisory;VDB Entry
-
http://www-01.ibm.com/support/docview.wss?uid=swg21685541
IBM Security Bulletin: Vulnerabilities in Bash affect QRadar SIEM, QRadar Vulnerability Manager, QRadar Risk Manager, and QRadar Incident Forensics (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-20Third Party Advisory
-
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04497075
HPSBMU03165 rev.1 - HP Propel running Bash Shell, Remote Code ExecutionThird Party Advisory
-
https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/
Bash specially-crafted environment variables code injection attack - Red Hat Customer PortalExploit;Third Party Advisory
-
http://marc.info/?l=bugtraq&m=141383196021590&w=2
'[security bulletin] HPSBST03129 rev.1 - HP StoreFabric B-series switches running Bash Shell, Remote ' - MARCThird Party Advisory
-
https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15629.html
Third Party Advisory
-
http://www-01.ibm.com/support/docview.wss?uid=swg21685914
IBM Security Bulletin: Vulnerabilities in Bash affect Proventia Network Enterprise Scanner (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278)Third Party Advisory
-
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004915
IBM Security Bulletin: IBM Real-time Compression Appliance is exposed to the following Bash vulnerabilities: CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278Third Party Advisory
-
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004897
IBM Security Bulletin: Vulnerabilities in Bash affect SAN Volume Controller and Storwize Family (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278)Third Party Advisory
-
http://www-01.ibm.com/support/docview.wss?uid=swg21686494
IBM Security Bulletin: Vulnerabilities in Bash affect IBM Smart Analytics System 5600 (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278)Third Party Advisory
-
http://www-01.ibm.com/support/docview.wss?uid=swg21687079
IBM Security Bulletin: Vulnerabilities in Bash affect IBM PureData System for Operational Analytics (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278)Third Party Advisory
-
http://marc.info/?l=bugtraq&m=142358078406056&w=2
'[security bulletin] HPSBMU03246 rev.1 - HP Insight Control for Linux Central Management Server Pre-b' - MARCThird Party Advisory
-
http://marc.info/?l=bugtraq&m=142118135300698&w=2
'[security bulletin] HPSBGN03233 rev.1 - HP OneView running OpenSSL, Remote Denial of Service (DoS), ' - MARCThird Party Advisory
-
http://jvn.jp/en/jp/JVN55667175/index.html
JVN#55667175: QNAP QTS vulnerable to OS command injectionVendor Advisory
-
http://marc.info/?l=bugtraq&m=141577241923505&w=2
'[security bulletin] HPSBST03181 rev.1 - HP StoreEver ESL G3 Tape Library running Bash Shell, Remote ' - MARCThird Party Advisory
-
http://marc.info/?l=bugtraq&m=141879528318582&w=2
'[security bulletin] HPSBMU03217 rev.1 - HP Vertica Analytics Platform running Bash Shell, Remote Cod' - MARCThird Party Advisory
-
http://secunia.com/advisories/59272
Runtime ErrorThird Party Advisory
-
http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html
Third Party Advisory
-
http://packetstormsecurity.com/files/128517/VMware-Security-Advisory-2014-0010.html
VMware Security Advisory 2014-0010 ≈ Packet StormThird Party Advisory;VDB Entry
-
http://www.novell.com/support/kb/doc.php?id=7015721
ZENworks Configuration Management vulnerability with GNU Bash Remote Code Execution (aka ShellShock)Third Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2014-1293.html
RHSA-2014:1293 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://packetstormsecurity.com/files/128573/Apache-mod_cgi-Remote-Command-Execution.html
Apache mod_cgi Remote Command Execution ≈ Packet StormThird Party Advisory;VDB Entry
Products affected by CVE-2014-6271
- cpe:2.3:a:gnu:bash:1.14.5:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:bash:1.14.6:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:bash:1.14.3:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:bash:1.14.4:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:bash:2.03:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:bash:1.14.0:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:bash:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:bash:1.14.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:bash:2.05:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:bash:2.01.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:bash:2.01:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:bash:2.02.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:bash:2.05:a:*:*:*:*:*:*
- cpe:2.3:a:gnu:bash:2.02:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:bash:1.14.7:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:bash:1.14.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:bash:3.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:bash:3.2.48:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:bash:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:bash:2.05:b:*:*:*:*:*:*
- cpe:2.3:a:gnu:bash:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:bash:4.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:bash:3.0.16:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:bash:4.3:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:bash:2.04:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:bash:4.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:gnu:bash:4.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:bash:3.1:*:*:*:*:*:*:*