Lucene search
This script is Copyright (C) 2014-2023 and is owned by Tenable, Inc. or an Affiliate thereof.BASH_CVE_2014_7169.NASLHistoryOct 13, 2014 - 12:00 a.m.
Bash Incomplete Fix Remote Code Execution Vulnerability (Shellshock)
2014-10-1300:00:00
This script is Copyright (C) 2014-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
861
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
10 High
AI Score
Confidence
High
0.973 High
EPSS
Percentile
99.9%
The remote host is running a version of Bash that is vulnerable to command injection via environment variable manipulation. Depending on the configuration of the system, an attacker can remotely execute arbitrary code.
#TRUSTED 89976b9824fb866a1025b8b22df6988799e97f2893fec3c0b5477d313e937b53eee464535c6eacea38081796f11268eb6cd24e03ec91dfe8c12274e70b49edde3dd06e9bd882efe4fbf5b6eab7aa312c6942af31c1e3106d945815234f757f55e6a720d91407e3f6329c9b420ae406d438dfe5cf451d94eab866c07ee5ef4c6163853cadc0057ba9302e69ca9f7a8546937f069f05b28d8d4acede57e4af317c51347e4db6cfac677363aea597b4ceef15ccb11dad149058120d0b1a23af7086dfba61ffabec02bbcf86e6dc86f33e2653d4ee890a979bc74bf6f2c33249df7e28af094da768ac8f6564d9edfd04fd3c88329cd6cbbf29acc5e6b780b3e878b53245bbac42e7c622bfec9fc090bda61c7a38401f8d685963ecc41b85685cf9228d9b8ba0dd27440257f784b6fd9c896faf92a62b88da6642c3db0fcd126ab2fe4b5c39694bed744d4ef3c4884d3869b08a8350a466bfe21e58b2e75b9bd60b9f029dd888c75acdf960cc97262dfd3000041b637789663d7fb339f31a5f26e7bb6ff7468dd08877d63b2806f4b8ec9835f6fd131f9b25390eefa24e7537d94bb45900fd27a1779aa755be80a7464c55f01857aaeefacf8d373849e30ddd9a2702acf74699f731c8e39b632301c8acd2146819f08b40fc1dbdb702613a348a3b6bdfe65766b8cb1f4c94fcb6aff6fbc60b16a157f260af4d3a00da45b36ba89dfb
#TRUST-RSA-SHA256 971dc774efde7527318110383ac0e7474475337221754573e9f5c4607179b1d904efb2db71c58f6ba62652a3ee7deab1b97c05ee70aeb8b1703c13fbf72fbb8a670230a23ffde127d668a2eca0908517d774dfb8c0f5b03a4ea720261686566815afca0cd6f487d9f129cc4c303fe6b2f642cc848d32266b4418f1843b6342c6e347962e62f87d4366666357f22c8f4093f8047456440b7ed32461af0b8b69cc73dbadf7572328771c87fd23ec47745f70e4742ad347644e9acae1a511863f81f3847380343b91747b04f09d3705a576a376e9cc61821f6bf2112f25e8982c7eb44c02f9b98bc78dc0fab88ae80e761fad7e878968b0a0d84c099998538385a9e1576b199066a9223b2ac01cc9a6a3ca44dd103182b5f60d8448242b28e8df99e14b343f42d677510c1580f9f4c88c1e153a585d62f17951f7c94330139002e30cb1d25616b584170aef053213312eb9e6517737ff3e2bad7dead98de27aac013d719aa75ac0d2ed58c312aa467f016217bbcc6c2fd6feedd3bb6af193366d30572b195967ed266b2e93ea0606a980e38bce938a38ff2c68b9fe007dc4b9e86ee69d1e42b2ac1e280579afe82f3af75989a2febc493174b4835e27cb71e91276811da74c049e215888256ece1a2c2060b23450ad7d52917b220b097fae8526ac5df77ae5403355fbfefc6241bf73253016d079bb4c5ba716d87916147071ff46
#
# (C) Tenable Network Security, Inc.
#
include('compat.inc');
if (description)
{
script_id(78385);
script_version("1.23");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/11/27");
script_cve_id("CVE-2014-7169");
script_bugtraq_id(70137);
script_xref(name:"CERT", value:"252743");
script_xref(name:"IAVA", value:"2014-A-0142");
script_xref(name:"EDB-ID", value:"34765");
script_xref(name:"EDB-ID", value:"34766");
script_xref(name:"EDB-ID", value:"34777");
script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/07/28");
script_name(english:"Bash Incomplete Fix Remote Code Execution Vulnerability (Shellshock)");
script_set_attribute(attribute:"synopsis", value:
"A system shell on the remote host is vulnerable to command injection.");
script_set_attribute(attribute:"description", value:
"The remote host is running a version of Bash that is vulnerable to
command injection via environment variable manipulation. Depending on
the configuration of the system, an attacker can remotely execute
arbitrary code.");
# https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?dacf7829");
script_set_attribute(attribute:"solution", value:
"Apply the appropriate updates.");
script_set_attribute(attribute:"agent", value:"unix");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-7169");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploited_by_nessus", value:"true");
script_set_attribute(attribute:"metasploit_name", value:'Pure-FTPd External Authentication Bash Environment Variable Code Injection');
script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
script_set_attribute(attribute:"in_the_news", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2014/09/24");
script_set_attribute(attribute:"patch_publication_date", value:"2014/09/24");
script_set_attribute(attribute:"plugin_publication_date", value:"2014/10/13");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:gnu:bash");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_ATTACK);
script_family(english:"Gain a shell remotely");
script_copyright(english:"This script is Copyright (C) 2014-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("HostLevelChecks/proto");
script_require_ports("Services/ssh", 22);
exit(0);
}
include('ssh_func.inc');
include('telnet_func.inc');
include('hostlevel_funcs.inc');
include('data_protection.inc');
enable_ssh_wrappers();
var proto = get_kb_item_or_exit('HostLevelChecks/proto');
var port = get_service(svc:"ssh", default:22, exit_on_fail:TRUE);
if (!get_port_state(port)) audit(AUDIT_PORT_CLOSED, port);
var info_t;
if (proto == 'local')
info_t = INFO_LOCAL;
else if (proto == 'ssh')
{
info_t = INFO_SSH;
var ret = ssh_open_connection();
if (!ret) audit(AUDIT_FN_FAIL, 'ssh_open_connection');
}
else
exit(0, 'This plugin only attempts to run commands locally or via SSH, and neither is available against the remote host.');
var AIX_Check = get_kb_item("Host/AIX/version");
if (!isnull(AIX_Check) && AIX_Check =~ '^AIX-[0-5].')
{
if(info_t == INFO_SSH) ssh_close_connection();
exit(0, "Commands are not supported on AIX 5.1 and below");
}
else
var command = "cd /tmp && X='() { (a)=>\' bash -c 'echo /usr/bin/id' && cat /tmp/echo && rm /tmp/echo";
var output = info_send_cmd(cmd:command);
if(info_t == INFO_SSH) ssh_close_connection();
if (output !~ "uid=[0-9]+.*gid=[0-9]+.*") audit(AUDIT_HOST_NOT, "affected.");
var report =
'\n' + 'Nessus was able to exploit a flaw in the patch for CVE-2014-7169' +
'\n' + 'and write to a file on the target system.' +
'\n' +
'\n' + 'File contents :' +
'\n' +
'\n' + data_protection::sanitize_uid(output:output) +
'\n' +
'\n' + 'Note: Nessus has attempted to remove the file from the /tmp directory.\n';
security_report_v4(port:port,extra:report,severity:SECURITY_HOLE);
Related
openvas
openvas
Ubuntu: Security Advisory (USN-2363-2)
2014-10-01 00:00:00
Slackware: Security Advisory (SSA:2014-268-01)
2022-04-21 00:00:00
Slackware: Security Advisory (SSA:2014-268-02)
2022-04-21 00:00:00
ubuntu
ubuntu
Bash vulnerability
2014-09-25 00:00:00
Bash vulnerability
2014-09-26 00:00:00
oraclelinux
oraclelinux
bash security update
2014-09-25 00:00:00
bash security update
2014-09-25 00:00:00
bash security update
2014-09-25 00:00:00
nessus
nessus
Ubuntu 14.04 LTS : Bash vulnerability (USN-2363-1)
2014-09-26 00:00:00
GNU Bash Local Environment Variable Handling Command Injection via Telnet (CVE-2014-7169) (Shellshock)
2014-09-25 00:00:00
Oracle Linux 6 : bash (ELSA-2014-3075)
2014-09-26 00:00:00
fedora
fedora
[SECURITY] Fedora 20 Update: bash-4.2.51-2.fc20
2014-10-05 08:13:46
[SECURITY] Fedora 21 Update: bash-4.3.25-2.fc21
2014-09-27 10:08:26
[SECURITY] Fedora 19 Update: bash-4.2.48-2.fc19
2014-09-26 09:00:48
cisa
cisa
Oracle Patches Bash Vulnerabilities
2014-10-07 00:00:00
slackware
slackware
[slackware-security] bash
2014-09-25 20:38:49
SSA-2014-0925230703
2014-09-25 23:07:03
bash (rebuild for Slackware 13.0 only)
2014-09-25 16:07:03
securityvulns
securityvulns
veracode
veracode
Arbitrary File Overwrite
2019-01-15 09:02:02
Remote Code Execution (RCE)
2019-01-15 09:01:57
nvd
nvd
archlinux
archlinux
bash: Remote code execution
2014-09-26 00:00:00
cloudfoundry
cloudfoundry
CVE-2014-6271 and CVE-2014-7169 - ShellShock | Cloud Foundry
2014-09-25 00:00:00
ubuntucve
ubuntucve
lenovo
lenovo
GNU Bourne-Again Shell (Bash) 'Shellshock' - Lenovo Support US
2016-11-16 00:00:00
GNU Bourne-Again Shell (Bash) 'Shellshock'
2016-11-16 00:00:00
ibm
ibm
osv
osv
bash - security update
2014-09-25 00:00:00
bash - security update
2014-09-26 00:00:00
cve
cve
nuclei
nuclei
ShellShock - Remote Code Execution
2020-10-01 18:03:35
debian
debian
[SECURITY] [DLA 63-1] bash security update
2014-09-25 22:35:21
[SECURITY] [DSA 3035-1] bash security update
2014-09-25 21:18:46
[SECURITY] [DSA 3035-1] bash security update
2014-09-25 21:18:46
hp
hp
cvelist
cvelist
gentoo
gentoo
Bash: Code Injection (Updated fix for GLSA 201409-09)
2014-09-25 00:00:00
ics
ics
Bash Command Injection Vulnerability (Update A)
2018-09-06 12:00:00
myhack58
myhack58
mageia
mageia
Updated bash packages fix CVE-2014-7169
2014-09-28 16:17:31
symantec
symantec
GNU Bash CVE-2014-6271 Remote Code Execution Vulnerability
2014-09-24 00:00:00
prion
prion
Design/Logic Flaw
2014-09-25 10:55:00
Design/Logic Flaw
2014-09-24 18:48:00
Design/Logic Flaw
2014-09-25 01:55:00
packetstorm
packetstorm
Gnu Bash 4.3 CGI REFERER Command Injection
2014-09-26 00:00:00
Gnu Bash 4.3 CGI Scan Remote Command Injection
2014-09-26 00:00:00
Sniffit Root Shell
2014-11-27 00:00:00
threatpost
threatpost
Bash Botnet Exploit Found, Bash Patches Incomplete
2014-09-25 11:41:51
VMware Begins to Patch Bash Issues Across Product Line
2014-10-01 14:43:47
freebsd
freebsd
bash -- remote code execution vulnerability
2014-09-24 00:00:00
thn
thn
Hackers Using 'Shellshock' Bash Vulnerability to Launch Botnet Attacks
2014-09-26 20:07:00
debiancve
debiancve
attackerkb
attackerkb
paloalto
paloalto
Bash Shell remote code execution (CVE-2014-6271, CVE-2014-7169)
2014-09-24 00:00:00
checkpoint_security
checkpoint_security
cisa_kev
cisa_kev
GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability
2022-01-28 00:00:00
arista
arista
Security Advisory 0006
2014-09-29 00:00:00
amazon
amazon
Important: bash
2014-09-24 22:26:00
redhat
redhat
(RHSA-2014:1306) Important: bash security update
2014-09-26 00:00:00
(RHSA-2014:1312) Important: bash Shift_JIS security update
2014-09-26 00:00:00
(RHSA-2014:1865) Important: bash Shift_JIS security update
2014-11-17 00:00:00
suse
suse
bash (important)
2014-09-30 17:05:22
Security update for Containment-Studio (important)
2014-10-14 01:05:00
Security update for bash (important)
2014-09-28 19:05:16
nmap
nmap
http-shellshock NSE Script
2015-01-17 03:01:58
fortinet
fortinet
Remote Exploit Vulnerability in Bash - (Shellshock)
2014-09-25 00:00:00
centos
centos
bash security update
2014-09-26 02:16:02
seebug
seebug
GNU bash 4.3.11 Environment Variable dhclient Exploit
2014-10-10 00:00:00
exploitpack
exploitpack
GNU bash 4.3.11 - Environment Variable dhclient
2014-10-02 00:00:00
dhclient 4.1 - Bash Environment Variable Command Injection (Shellshock)
2014-09-29 00:00:00
cert
cert
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
10 High
AI Score
Confidence
High
0.973 High
EPSS
Percentile
99.9%
Related for BASH_CVE_2014_7169.NASL