Florian Weimer and Todd Sabin discovered that the Bash parser incorrectly
handled memory. An attacker could possibly use this issue to bypass certain
environment restrictions and execute arbitrary code. (CVE-2014-7186,
CVE-2014-7187)

In addition, this update introduces a hardening measure which adds prefixes
and suffixes around environment variable names which contain shell
functions.

OSVersionArchitecturePackageVersionFilename
Ubuntu14.04noarchbash< 4.3-7ubuntu1.4UNKNOWN
Ubuntu14.04noarchbash-builtins< 4.3-7ubuntu1.4UNKNOWN
Ubuntu14.04noarchbash-static< 4.3-7ubuntu1.4UNKNOWN
Ubuntu12.04noarchbash< 4.2-2ubuntu2.5UNKNOWN
Ubuntu12.04noarchbash-builtins< 4.2-2ubuntu2.5UNKNOWN
Ubuntu12.04noarchbash-static< 4.2-2ubuntu2.5UNKNOWN
Ubuntu10.04noarchbash< 4.1-2ubuntu3.4UNKNOWN
Ubuntu10.04noarchbash-builtins< 4.1-2ubuntu3.4UNKNOWN
Ubuntu10.04noarchbash-static< 4.1-2ubuntu3.4UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Ubuntu	14.04	noarch	bash	< 4.3-7ubuntu1.4	UNKNOWN
Ubuntu	14.04	noarch	bash-builtins	< 4.3-7ubuntu1.4	UNKNOWN
Ubuntu	14.04	noarch	bash-static	< 4.3-7ubuntu1.4	UNKNOWN
Ubuntu	12.04	noarch	bash	< 4.2-2ubuntu2.5	UNKNOWN
Ubuntu	12.04	noarch	bash-builtins	< 4.2-2ubuntu2.5	UNKNOWN
Ubuntu	12.04	noarch	bash-static	< 4.2-2ubuntu2.5	UNKNOWN
Ubuntu	10.04	noarch	bash	< 4.1-2ubuntu3.4	UNKNOWN
Ubuntu	10.04	noarch	bash-builtins	< 4.1-2ubuntu3.4	UNKNOWN
Ubuntu	10.04	noarch	bash-static	< 4.1-2ubuntu3.4	UNKNOWN

References

ubuntu.com/security/CVE-2014-7186

ubuntu.com/security/CVE-2014-7187

openvas 22

nessus 45

cloudfoundry 1

freebsd 2

oraclelinux 2

suse 8

osv 2

redhat 5

securityvulns 8

gentoo 1

amazon 1

ibm 48

centos 1

threatpost 2

mageia 1

nvd 4

exploitpack 2

cve 4

prion 4

cvelist 2

veracode 2

debiancve 2

ubuntucve 2

seebug 2

lenovo 1

exploitdb 2

cert 1

packetstorm 3

f5 2

jvn 1

huawei 1

kitploit 1

checkpoint_advisories 1

cisco 1

vmware 2

zdt 1

nvidia 1

openvas

Ubuntu: Security Advisory (USN-2364-1)

2014-10-01 00:00:00

Oracle: Security Advisory (ELSA-2014-1306)

2015-10-06 00:00:00

Mageia: Security Advisory (MGASA-2014-0394)

2022-01-28 00:00:00

nessus

FreeBSD : bash -- out-of-bounds memory access in parser (4a4e9f88-491c-11e4-ae2c-c80aa9043978)

2014-10-01 00:00:00

Ubuntu 14.04 LTS : Bash vulnerabilities (USN-2364-1)

2014-09-29 00:00:00

GLSA-201410-01 : Bash: Multiple vulnerabilities (Shellshock)

2014-10-06 00:00:00

cloudfoundry

CVE-2014-7186 and CVE-2014-7187 - Bash Out of Bounds | Cloud Foundry

2014-09-29 00:00:00

freebsd

bash -- out-of-bounds memory access in parser

2014-09-25 00:00:00

rt42 -- vulnerabilities related to shellshock

2014-10-02 00:00:00

oraclelinux

bash security update

2014-09-26 00:00:00

bash security update

2014-09-25 00:00:00

suse

bash (important)

2014-09-28 12:05:59

Security update for bash (important)

2014-09-28 19:05:16

bash (critical)

2014-09-29 14:04:19

osv

bash - security update

2014-09-26 00:00:00

bash-4.4-92.1 on GA media

2024-06-15 00:00:00

redhat

(RHSA-2014:1865) Important: bash Shift_JIS security update

2014-11-17 00:00:00

(RHSA-2014:1311) Important: bash security update

2014-09-26 00:00:00

(RHSA-2014:1306) Important: bash security update

2014-09-26 00:00:00

securityvulns

NEW VMSA-2014-0010 - VMware product updates address critical Bash security vulnerabilities

2014-10-05 00:00:00

the other bash RCEs (CVE-2014-6277 and CVE-2014-6278)

2014-10-05 00:00:00

CA20141001-01: Security Notice for Bash Shellshock Vulnerability

2014-10-13 00:00:00

gentoo

Bash: Multiple vulnerabilities

2014-10-04 00:00:00

amazon

Important: bash

2014-09-24 22:26:00

ibm

Security Bulletin: Vulnerabilities in Bash affect SmartCloud Provisioning for IBM Provided Software Virtual Appliance

2018-06-17 22:30:11

Security Bulletin: Vulnerabilities in Bash affect IBM/Cisco Switches and Directors (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278)

2022-08-20 00:54:31

Security Bulletin: Vulnerabilities in Bash affect IBM SDN VE (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278)

2018-06-18 01:26:35

centos

bash security update

2014-09-26 02:16:02

threatpost

VMware Begins to Patch Bash Issues Across Product Line

2014-10-01 14:43:47

Researcher Takes Wraps off Undisclosed Bash Vulnerabilities

2014-10-03 05:00:50

mageia

Updated bash packages fix multiple security vulnerabilities

2014-10-01 13:34:33

nvd

CVE-2014-7186

2014-09-28 19:55:06

CVE-2014-7187

2014-09-28 19:55:06

CVE-2014-7227

2014-10-03 18:55:06

exploitpack

GNU bash 4.3.11 - Environment Variable dhclient

2014-10-02 00:00:00

dhclient 4.1 - Bash Environment Variable Command Injection (Shellshock)

2014-09-29 00:00:00

cve

CVE-2014-7186

2014-09-28 19:55:06

CVE-2014-7187

2014-09-28 19:55:06

CVE-2014-3671

2014-10-13 18:55:01

prion

Out-of-bounds

2014-09-28 19:55:00

Out-of-bounds

2014-09-28 19:55:00

Design/Logic Flaw

2014-10-13 18:55:00

cvelist

CVE-2014-7186

2014-09-28 19:00:00

CVE-2014-7187

2014-09-28 19:00:00

veracode

Arbitrary Code Execution

2019-05-02 05:11:45

Arbitrary Code Execution

2019-05-02 05:11:45

debiancve

CVE-2014-7186

2014-09-28 19:55:06

CVE-2014-7187

2014-09-28 19:55:06

ubuntucve

CVE-2014-7187

2014-09-26 00:00:00

CVE-2014-7186

2014-09-26 00:00:00

seebug

GNU bash 4.3.11 Environment Variable dhclient Exploit

2014-10-10 00:00:00

Bash 4.3 远程命令执行漏洞 (破壳)

2014-09-26 00:00:00

lenovo

GNU Bourne-Again Shell (Bash) 'Shellshock'

2016-11-16 00:00:00

exploitdb

dhclient 4.1 - Bash Environment Variable Command Injection (Shellshock)

2014-09-29 00:00:00

GNU bash 4.3.11 - Environment Variable dhclient

2014-10-02 00:00:00

cert

GNU Bash shell executes commands in exported functions in environment variables

2014-09-25 00:00:00

packetstorm

GNU Bash 4.3.11 dhclient Shellshocker

2014-10-02 00:00:00

DNS Reverse Lookup Shellshock

2014-10-13 00:00:00

Bash Me Some More

2014-10-01 00:00:00

K15629 : Multiple GNU Bash vulnerabilities

2015-05-22 00:00:00

SOL15629 - Multiple GNU Bash vulnerabilities

2014-09-25 00:00:00

jvn

JVN#55667175: QNAP QTS vulnerable to OS command injection

2014-10-28 00:00:00

huawei

Security Advisory-Bash Code Injection Vulnerability

2014-10-24 00:00:00

kitploit

ShellShockHunter - It's A Simple Tool For Test Vulnerability Shellshock

2021-02-10 11:30:00

checkpoint_advisories

GNU Bash Remote Code Execution (CVE-2014-6271; CVE-2014-6277; CVE-2014-6278; CVE-2014-7169; CVE-2014-7186; CVE-2014-7187)

2014-09-25 00:00:00

cisco

GNU Bash Environment Variable Command Injection Vulnerability

2014-09-26 01:00:00

vmware

VMware product updates address critical Bash security vulnerabilities

2014-09-30 00:00:00

VMware product updates address critical Bash security vulnerabilities

2014-09-30 00:00:00

zdt

DNS Reverse Lookup Shellshock Exploit

2014-10-14 00:00:00

nvidia

Security Bulletin: Vulnerabilities in Bash affect NVIDIA Tegra Linux L4T CVE 2014-6271, CVE 2014-7169, CVE 2014-7186, CVE 2014-7187, CVE 2014-6277, CVE 2014-6278

2015-03-03 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

Confidence

High

EPSS

0.975

Percentile

100.0%

JSON

Related for USN-2364-1