Computer Security
[EN] securityvulns.ru no-pyccku


CVECVE-2014-6277
StatusCandidate
DescriptionGNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access, and untrusted-pointer read and write operations) via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271 and CVE-2014-7169.
Severity
High
CVSS score10
CVSS vector(AV:N/AC:L/Au:N/C:C/I:C/A:C)
PhaseAssigned (09.10.2015)
NVD:http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6277
ReferencesCISCO : 20140926 GNU Bash Environment Variable Command Injection Vulnerability
 SECUNIA : 58200
 SECUNIA : 59907
 SECUNIA : 59961
 SECUNIA : 60024
 SECUNIA : 60034
 SECUNIA : 60044
 SECUNIA : 60055
 SECUNIA : 60063
 SECUNIA : 60193
 SECUNIA : 60325
 SECUNIA : 60433
 SECUNIA : 61065
 SECUNIA : 61128
 SECUNIA : 61129
 SECUNIA : 61283
 SECUNIA : 61287
 SECUNIA : 61291
 SECUNIA : 61312
 SECUNIA : 61313
 SECUNIA : 61328
 SECUNIA : 61442
 SECUNIA : 61471
 SECUNIA : 61485
 SECUNIA : 61503
 SECUNIA : 61550
 SECUNIA : 61552
 SECUNIA : 61565
 SECUNIA : 61603
 SECUNIA : 61633
 SECUNIA : 61641
 SECUNIA : 61643
 SECUNIA : 61654
 SECUNIA : 61703
 SECUNIA : 61780
 SECUNIA : 61816
 SECUNIA : 61857
 SECUNIA : 62312
 SECUNIA : 62343
 APPLE : APPLE-SA-2015-01-27-4
 HP : HPSBGN03138
 HP : HPSBGN03141
 HP : HPSBGN03142
 HP : HPSBGN03233
 HP : HPSBHF03125
 HP : HPSBHF03145
 HP : HPSBHF03146
 HP : HPSBMU03143
 HP : HPSBMU03144
 HP : HPSBMU03165
 HP : HPSBMU03182
 HP : HPSBMU03217
 HP : HPSBMU03236
 HP : HPSBMU03245
 HP : HPSBMU03246
 HP : HPSBST03129
 HP : HPSBST03154
 HP : HPSBST03155
 HP : HPSBST03157
 HP : HPSBST03181
 MISC : http://lcamtuf.blogspot.com/2014/09/bash-bug-apply...
 MISC : http://lcamtuf.blogspot.com/2014/10/bash-bug-how-w...
 CONFIRM : http://linux.oracle.com/errata/ELSA-2014-3093
 CONFIRM : http://linux.oracle.com/errata/ELSA-2014-3094
 MISC : http://packetstormsecurity.com/files/128567/CA-Tec...
 CONFIRM : http://support.apple.com/HT204244
 CONFIRM : http://support.novell.com/security/cve/CVE-2014-62...
 CONFIRM : http://www-01.ibm.com/support/docview.wss?uid=isg3...
 CONFIRM : http://www-01.ibm.com/support/docview.wss?uid=isg3...
 CONFIRM : http://www-01.ibm.com/support/docview.wss?uid=isg3...
 CONFIRM : http://www-01.ibm.com/support/docview.wss?uid=ssg1...
 CONFIRM : http://www-01.ibm.com/support/docview.wss?uid=ssg1...
 CONFIRM : http://www-01.ibm.com/support/docview.wss?uid=ssg1...
 CONFIRM : http://www-01.ibm.com/support/docview.wss?uid=ssg1...
 CONFIRM : http://www-01.ibm.com/support/docview.wss?uid=swg2...
 CONFIRM : http://www-01.ibm.com/support/docview.wss?uid=swg2...
 CONFIRM : http://www-01.ibm.com/support/docview.wss?uid=swg2...
 CONFIRM : http://www-01.ibm.com/support/docview.wss?uid=swg2...
 CONFIRM : http://www-01.ibm.com/support/docview.wss?uid=swg2...
 CONFIRM : http://www-01.ibm.com/support/docview.wss?uid=swg2...
 CONFIRM : http://www-01.ibm.com/support/docview.wss?uid=swg2...
 CONFIRM : http://www-01.ibm.com/support/docview.wss?uid=swg2...
 CONFIRM : http://www-01.ibm.com/support/docview.wss?uid=swg2...
 CONFIRM : http://www-01.ibm.com/support/docview.wss?uid=swg2...
 CONFIRM : http://www-01.ibm.com/support/docview.wss?uid=swg2...
 CONFIRM : http://www-947.ibm.com/support/entry/portal/docdis...
 CONFIRM : http://www.novell.com/support/kb/doc.php?id=7015721
 CONFIRM : http://www.oracle.com/technetwork/topics/security/...
 CONFIRM : http://www.qnap.com/i/en/support/con_show.php?cid=61
 CONFIRM : http://www.vmware.com/security/advisories/VMSA-201...
 CONFIRM : https://kb.bluecoat.com/index?page=content&id=...
 CONFIRM : https://kb.juniper.net/InfoCenter/index?page=conte...
 CONFIRM : https://support.citrix.com/article/CTX200217
 CONFIRM : https://support.citrix.com/article/CTX200223
 CONFIRM : https://support.f5.com/kb/en-us/solutions/public/1...
 CONFIRM : https://supportcenter.checkpoint.com/supportcenter...
 CONFIRM : https://www.suse.com/support/shellshock/
 JVN : JVN#55667175
 JVNDB : JVNDB-2014-000126
 SUSE : openSUSE-SU-2014:1310
 HP : SSRT101739
 HP : SSRT101742
 HP : SSRT101827
 HP : SSRT101830
 HP : SSRT101868
 SUSE : SUSE-SU-2014:1287
 UBUNTU : USN-2380-1
SecurityVulns:bash code execution
 Apple Mac OS X multiple security vulnerabilities
 Apple Mac OS X / Mac EFI / OS X Server multiple security vulnerabilities
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod