Lucene search

[email protected]NVD:CVE-2014-7169

HistorySep 25, 2014 - 1:55 a.m.

CVE-2014-7169

2014-09-2501:55:04

CWE-78

[email protected]

web.nvd.nist.gov

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

10 High

AI Score

Confidence

High

0.976 High

EPSS

Percentile

100.0%

JSON

GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271.

Affected configurations

NVD

Node

gnubashMatch1.14.0

gnubashMatch1.14.1

gnubashMatch1.14.2

gnubashMatch1.14.3

gnubashMatch1.14.4

gnubashMatch1.14.5

gnubashMatch1.14.6

gnubashMatch1.14.7

gnubashMatch2.0

gnubashMatch2.01

gnubashMatch2.01.1

gnubashMatch2.02

gnubashMatch2.02.1

gnubashMatch2.03

gnubashMatch2.04

gnubashMatch2.05

gnubashMatch2.05a

gnubashMatch2.05b

gnubashMatch3.0

gnubashMatch3.0.16

gnubashMatch3.1

gnubashMatch3.2

gnubashMatch3.2.48

gnubashMatch4.0

gnubashMatch4.0rc1

gnubashMatch4.1

gnubashMatch4.2

gnubashMatch4.3

References

advisories.mageia.org/MGASA-2014-0393.html

archives.neohapsis.com/archives/bugtraq/2014-10/0101.html

jvn.jp/en/jp/JVN55667175/index.html

jvndb.jvn.jp/jvndb/JVNDB-2014-000126

lcamtuf.blogspot.com/2014/09/quick-notes-about-bash-bug-its-impact.html

linux.oracle.com/errata/ELSA-2014-1306.html

linux.oracle.com/errata/ELSA-2014-3075.html

linux.oracle.com/errata/ELSA-2014-3077.html

linux.oracle.com/errata/ELSA-2014-3078.html

lists.opensuse.org/opensuse-security-announce/2014-09/msg00038.html

lists.opensuse.org/opensuse-security-announce/2014-09/msg00041.html

lists.opensuse.org/opensuse-security-announce/2014-09/msg00042.html

lists.opensuse.org/opensuse-security-announce/2014-09/msg00044.html

lists.opensuse.org/opensuse-security-announce/2014-09/msg00048.html

lists.opensuse.org/opensuse-security-announce/2014-10/msg00004.html

lists.opensuse.org/opensuse-updates/2014-10/msg00023.html

lists.opensuse.org/opensuse-updates/2014-10/msg00025.html

marc.info/?l=bugtraq&m=141216207813411&w=2

marc.info/?l=bugtraq&m=141216668515282&w=2

marc.info/?l=bugtraq&m=141235957116749&w=2

marc.info/?l=bugtraq&m=141319209015420&w=2

marc.info/?l=bugtraq&m=141330425327438&w=2

marc.info/?l=bugtraq&m=141330468527613&w=2

marc.info/?l=bugtraq&m=141345648114150&w=2

marc.info/?l=bugtraq&m=141383026420882&w=2

marc.info/?l=bugtraq&m=141383081521087&w=2

marc.info/?l=bugtraq&m=141383138121313&w=2

marc.info/?l=bugtraq&m=141383196021590&w=2

marc.info/?l=bugtraq&m=141383244821813&w=2

marc.info/?l=bugtraq&m=141383304022067&w=2

marc.info/?l=bugtraq&m=141383353622268&w=2

marc.info/?l=bugtraq&m=141383465822787&w=2

marc.info/?l=bugtraq&m=141450491804793&w=2

marc.info/?l=bugtraq&m=141576728022234&w=2

marc.info/?l=bugtraq&m=141577137423233&w=2

marc.info/?l=bugtraq&m=141577241923505&w=2

marc.info/?l=bugtraq&m=141577297623641&w=2

marc.info/?l=bugtraq&m=141585637922673&w=2

marc.info/?l=bugtraq&m=141694386919794&w=2

marc.info/?l=bugtraq&m=141879528318582&w=2

marc.info/?l=bugtraq&m=142113462216480&w=2

marc.info/?l=bugtraq&m=142118135300698&w=2

marc.info/?l=bugtraq&m=142358026505815&w=2

marc.info/?l=bugtraq&m=142358078406056&w=2

marc.info/?l=bugtraq&m=142721162228379&w=2

marc.info/?l=bugtraq&m=142805027510172&w=2

packetstormsecurity.com/files/128517/VMware-Security-Advisory-2014-0010.html

packetstormsecurity.com/files/128567/CA-Technologies-GNU-Bash-Shellshock.html

rhn.redhat.com/errata/RHSA-2014-1306.html

rhn.redhat.com/errata/RHSA-2014-1311.html

rhn.redhat.com/errata/RHSA-2014-1312.html

rhn.redhat.com/errata/RHSA-2014-1354.html

seclists.org/fulldisclosure/2014/Oct/0

secunia.com/advisories/58200

secunia.com/advisories/59272

secunia.com/advisories/59737

secunia.com/advisories/59907

secunia.com/advisories/60024

secunia.com/advisories/60034

secunia.com/advisories/60044

secunia.com/advisories/60055

secunia.com/advisories/60063

secunia.com/advisories/60193

secunia.com/advisories/60325

secunia.com/advisories/60433

secunia.com/advisories/60947

secunia.com/advisories/61065

secunia.com/advisories/61128

secunia.com/advisories/61129

secunia.com/advisories/61188

secunia.com/advisories/61283

secunia.com/advisories/61287

secunia.com/advisories/61291

secunia.com/advisories/61312

secunia.com/advisories/61313

secunia.com/advisories/61328

secunia.com/advisories/61442

secunia.com/advisories/61471

secunia.com/advisories/61479

secunia.com/advisories/61485

secunia.com/advisories/61503

secunia.com/advisories/61550

secunia.com/advisories/61552

secunia.com/advisories/61565

secunia.com/advisories/61603

secunia.com/advisories/61618

secunia.com/advisories/61619

secunia.com/advisories/61622

secunia.com/advisories/61626

secunia.com/advisories/61633

secunia.com/advisories/61641

secunia.com/advisories/61643

secunia.com/advisories/61654

secunia.com/advisories/61676

secunia.com/advisories/61700

secunia.com/advisories/61703

secunia.com/advisories/61711

secunia.com/advisories/61715

secunia.com/advisories/61780

secunia.com/advisories/61816

secunia.com/advisories/61855

secunia.com/advisories/61857

secunia.com/advisories/61873

secunia.com/advisories/62228

secunia.com/advisories/62312

secunia.com/advisories/62343

support.apple.com/kb/HT6495

support.novell.com/security/cve/CVE-2014-7169.html

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash

twitter.com/taviso/statuses/514887394294652929

www-01.ibm.com/support/docview.wss?uid=isg3T1021272

www-01.ibm.com/support/docview.wss?uid=isg3T1021279

www-01.ibm.com/support/docview.wss?uid=isg3T1021361

www-01.ibm.com/support/docview.wss?uid=ssg1S1004879

www-01.ibm.com/support/docview.wss?uid=ssg1S1004897

www-01.ibm.com/support/docview.wss?uid=ssg1S1004898

www-01.ibm.com/support/docview.wss?uid=ssg1S1004915

www-01.ibm.com/support/docview.wss?uid=swg21685541

www-01.ibm.com/support/docview.wss?uid=swg21685604

www-01.ibm.com/support/docview.wss?uid=swg21685733

www-01.ibm.com/support/docview.wss?uid=swg21685749

www-01.ibm.com/support/docview.wss?uid=swg21685914

www-01.ibm.com/support/docview.wss?uid=swg21686084

www-01.ibm.com/support/docview.wss?uid=swg21686131

www-01.ibm.com/support/docview.wss?uid=swg21686246

www-01.ibm.com/support/docview.wss?uid=swg21686445

www-01.ibm.com/support/docview.wss?uid=swg21686447

www-01.ibm.com/support/docview.wss?uid=swg21686479

www-01.ibm.com/support/docview.wss?uid=swg21686494

www-01.ibm.com/support/docview.wss?uid=swg21687079

www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096315

www.debian.org/security/2014/dsa-3035

www.kb.cert.org/vuls/id/252743

www.mandriva.com/security/advisories?name=MDVSA-2015:164

www.novell.com/support/kb/doc.php?id=7015701

www.novell.com/support/kb/doc.php?id=7015721

www.openwall.com/lists/oss-security/2014/09/24/32

www.oracle.com/technetwork/topics/security/bashcve-2014-7169-2317675.html

www.qnap.com/i/en/support/con_show.php?cid=61

www.securityfocus.com/archive/1/533593/100/0/threaded

www.ubuntu.com/usn/USN-2363-1

www.ubuntu.com/usn/USN-2363-2

www.us-cert.gov/ncas/alerts/TA14-268A

www.vmware.com/security/advisories/VMSA-2014-0010.html

access.redhat.com/articles/1200223

access.redhat.com/node/1200223

help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes

kb.bluecoat.com/index?page=content&id=SA82

kb.juniper.net/InfoCenter/index?page=content&id=JSA10648

kc.mcafee.com/corporate/index?page=content&id=SB10085

support.apple.com/kb/HT6535

support.citrix.com/article/CTX200217

support.citrix.com/article/CTX200223

support.f5.com/kb/en-us/solutions/public/15000/600/sol15629.html

support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04497075

support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04518183

supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk102673&src=securityAlerts

www.arista.com/en/support/advisories-notices/security-advisories/1008-security-advisory-0006

www.exploit-db.com/exploits/34879/

www.suse.com/support/shellshock/

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

10 High

AI Score

Confidence

High

0.976 High

EPSS

Percentile

100.0%

JSON

CVE-2014-7169

Affected configurations

References

Related