CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
99.9%
Added: 11/20/2014
CVE: CVE-2014-6271
BID: 70103
OSVDB: 112004
Bash is vulnerable to command injection using environment variables. When an application takes user input and uses setenv() a malicious actor is able to execute commands on the target in the security context of the running application. This exploit implements a DHCP server that listens for DHCP Request packets. DHCP Response packets are sent with a payload that will generate a shell script in /tmp/s.sh and execute it. By default the shell script executes a netcat call back shell on the specified port. The payload of the exploit can be modified by changing exploits/s.sh
Successful exploitation over DHCP is a race against the real DHCP server on the network. On some affected systems the payload will execute even when the race is lost however the reliability of the exploit will vary. Due to network latency reliability attacking from wireless networks is reduced. It is possible that networking will have to be restarted manually on the client in some cases.
Install the appropriate bash patch for your system.
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
99.9%