ID

VAR-201409-0366


CVE

CVE-2014-6277


TITLE

GNU Bash shell executes commands in exported functions in environment variables

Trust: 0.8

sources: CERT/CC: VU#252743

DESCRIPTION

GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access, and untrusted-pointer read and write operations) via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271 and CVE-2014-7169. GNU Bash 4.3 and earlier contains a command injection vulnerability that may allow remote code execution. This vulnerability CVE-2014-6271 and CVE-2014-7169 Vulnerability due to insufficient fix for.Arbitrary code execution or denial of service by a third party through a crafted environment ( Uninitialized memory access and untrusted pointer read and write operations ) There is a possibility of being put into a state. An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2015-09-30-3 OS X El Capitan 10.11 OS X El Capitan 10.11 is now available and addresses the following: Address Book Available for: Mac OS X v10.6.8 and later Impact: A local attacker may be able to inject arbitrary code to processes loading the Address Book framework Description: An issue existed in Address Book framework's handling of an environment variable. This issue was addressed through improved environment variable handling. CVE-ID CVE-2015-5897 : Dan Bastone of Gotham Digital Science AirScan Available for: Mac OS X v10.6.8 and later Impact: An attacker with a privileged network position may be able to extract payload from eSCL packets sent over a secure connection Description: An issue existed in the processing of eSCL packets. This issue was addressed through improved validation checks. CVE-ID CVE-2015-5853 : an anonymous researcher apache_mod_php Available for: Mac OS X v10.6.8 and later Impact: Multiple vulnerabilities in PHP Description: Multiple vulnerabilities existed in PHP versions prior to 5.5.27, including one which may have led to remote code execution. This issue was addressed by updating PHP to version 5.5.27. CVE-ID CVE-2014-9425 CVE-2014-9427 CVE-2014-9652 CVE-2014-9705 CVE-2014-9709 CVE-2015-0231 CVE-2015-0232 CVE-2015-0235 CVE-2015-0273 CVE-2015-1351 CVE-2015-1352 CVE-2015-2301 CVE-2015-2305 CVE-2015-2331 CVE-2015-2348 CVE-2015-2783 CVE-2015-2787 CVE-2015-3329 CVE-2015-3330 Apple Online Store Kit Available for: Mac OS X v10.6.8 and later Impact: A malicious application may gain access to a user's keychain items Description: An issue existed in validation of access control lists for iCloud keychain items. This issue was addressed through improved access control list checks. CVE-ID CVE-2015-5836 : XiaoFeng Wang of Indiana University, Luyi Xing of Indiana University, Tongxin Li of Peking University, Tongxin Li of Peking University, Xiaolong Bai of Tsinghua University AppleEvents Available for: Mac OS X v10.6.8 and later Impact: A user connected through screen sharing can send Apple Events to a local user's session Description: An issue existed with Apple Event filtering that allowed some users to send events to other users. This was addressed by improved Apple Event handling. CVE-ID CVE-2015-5849 : Jack Lawrence (@_jackhl) Audio Available for: Mac OS X v10.6.8 and later Impact: Playing a malicious audio file may lead to an unexpected application termination Description: A memory corruption issue existed in the handling of audio files. This issue issue was addressed through improved memory handling. CVE-ID CVE-2015-5862 : YoungJin Yoon of Information Security Lab. (Adv.: Prof. Taekyoung Kwon), Yonsei University, Seoul, Korea bash Available for: Mac OS X v10.6.8 and later Impact: Multiple vulnerabilities in bash Description: Multiple vulnerabilities existed in bash versions prior to 3.2 patch level 57. These issues were addressed by updating bash version 3.2 to patch level 57. CVE-ID CVE-2014-6277 CVE-2014-7186 CVE-2014-7187 Certificate Trust Policy Available for: Mac OS X v10.6.8 and later Impact: Update to the certificate trust policy Description: The certificate trust policy was updated. The complete list of certificates may be viewed at https://support.apple.com/en- us/HT202858. CFNetwork Cookies Available for: Mac OS X v10.6.8 and later Impact: An attacker in a privileged network position can track a user's activity Description: A cross-domain cookie issue existed in the handling of top level domains. The issue was address through improved restrictions of cookie creation. CVE-ID CVE-2015-5885 : Xiaofeng Zheng of Blue Lotus Team, Tsinghua University CFNetwork FTPProtocol Available for: Mac OS X v10.6.8 and later Impact: Malicious FTP servers may be able to cause the client to perform reconnaissance on other hosts Description: An issue existed in the handling of FTP packets when using the PASV command. This issue was resolved through improved validation. CVE-ID CVE-2015-5912 : Amit Klein CFNetwork HTTPProtocol Available for: Mac OS X v10.6.8 and later Impact: A maliciously crafted URL may be able to bypass HSTS and leak sensitive data Description: A URL parsing vulnerability existed in HSTS handling. This issue was addressed through improved URL parsing. CVE-ID CVE-2015-5858 : Xiaofeng Zheng of Blue Lotus Team, Tsinghua University CFNetwork HTTPProtocol Available for: Mac OS X v10.6.8 and later Impact: A malicious website may be able to track users in Safari private browsing mode Description: An issue existed in the handling of HSTS state in Safari private browsing mode. This issue was addressed through improved state handling. CVE-ID CVE-2015-5860 : Sam Greenhalgh of RadicalResearch Ltd CFNetwork Proxies Available for: Mac OS X v10.6.8 and later Impact: Connecting to a malicious web proxy may set malicious cookies for a website Description: An issue existed in the handling of proxy connect responses. This issue was addressed by removing the set-cookie header while parsing the connect response. CVE-ID CVE-2015-5841 : Xiaofeng Zheng of Blue Lotus Team, Tsinghua University CFNetwork SSL Available for: Mac OS X v10.6.8 and later Impact: An attacker with a privileged network position may intercept SSL/TLS connections Description: A certificate validation issue existed in NSURL when a certificate changed. This issue was addressed through improved certificate validation. CVE-ID CVE-2015-5824 : Timothy J. Wood of The Omni Group CFNetwork SSL Available for: Mac OS X v10.6.8 and later Impact: An attacker may be able to decrypt data protected by SSL Description: There are known attacks on the confidentiality of RC4. An attacker could force the use of RC4, even if the server preferred better ciphers, by blocking TLS 1.0 and higher connections until CFNetwork tried SSL 3.0, which only allows RC4. This issue was addressed by removing the fallback to SSL 3.0. CoreCrypto Available for: Mac OS X v10.6.8 and later Impact: An attacker may be able to determine a private key Description: By observing many signing or decryption attempts, an attacker may have been able to determine the RSA private key. This issue was addressed using improved encryption algorithms. CoreText Available for: Mac OS X v10.6.8 and later Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation. CVE-ID CVE-2015-5874 : John Villamil (@day6reak), Yahoo Pentest Team Dev Tools Available for: Mac OS X v10.6.8 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in dyld. This was addressed through improved memory handling. CVE-ID CVE-2015-5876 : beist of grayhash Dev Tools Available for: Mac OS X v10.6.8 and later Impact: An application may be able to bypass code signing Description: An issue existed with validation of the code signature of executables. This issue was addressed through improved bounds checking. CVE-ID CVE-2015-5839 : @PanguTeam Disk Images Available for: Mac OS X v10.6.8 and later Impact: A local user may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in DiskImages. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5847 : Filippo Bigarella, Luca Todesco dyld Available for: Mac OS X v10.6.8 and later Impact: An application may be able to bypass code signing Description: An issue existed with validation of the code signature of executables. This issue was addressed through improved bounds checking. CVE-ID CVE-2015-5839 : TaiG Jailbreak Team EFI Available for: Mac OS X v10.6.8 and later Impact: A malicious application can prevent some systems from booting Description: An issue existed with the addresses covered by the protected range register. This issue was fixed by changing the protected range. CVE-ID CVE-2015-5900 : Xeno Kovah & Corey Kallenberg from LegbaCore EFI Available for: Mac OS X v10.6.8 and later Impact: A malicious Apple Ethernet Thunderbolt adapter may be able to affect firmware flashing Description: Apple Ethernet Thunderbolt adapters could modify the host firmware if connected during an EFI update. This issue was addressed by not loading option ROMs during updates. CVE-ID CVE-2015-5914 : Trammell Hudson of Two Sigma Investments and snare Finder Available for: Mac OS X v10.6.8 and later Impact: The "Secure Empty Trash" feature may not securely delete files placed in the Trash Description: An issue existed in guaranteeing secure deletion of Trash files on some systems, such as those with flash storage. This issue was addressed by removing the "Secure Empty Trash" option. CVE-ID CVE-2015-5901 : Apple Game Center Available for: Mac OS X v10.6.8 and later Impact: A malicious Game Center application may be able to access a player's email address Description: An issue existed in Game Center in the handling of a player's email. This issue was addressed through improved access restrictions. CVE-ID CVE-2015-5855 : Nasser Alnasser Heimdal Available for: Mac OS X v10.6.8 and later Impact: An attacker may be able to replay Kerberos credentials to the SMB server Description: An authentication issue existed in Kerberos credentials. This issue was addressed through additional validation of credentials using a list of recently seen credentials. CVE-ID CVE-2015-5913 : Tarun Chopra of Microsoft Corporation, U.S. and Yu Fan of Microsoft Corporation, China ICU Available for: Mac OS X v10.6.8 and later Impact: Multiple vulnerabilities in ICU Description: Multiple vulnerabilities existed in ICU versions prior to 53.1.0. These issues were addressed by updating ICU to version 55.1. CVE-ID CVE-2014-8146 CVE-2014-8147 CVE-2015-5922 Install Framework Legacy Available for: Mac OS X v10.6.8 and later Impact: A local user may be able to gain root privileges Description: A restriction issue existed in the Install private framework containing a privileged executable. This issue was addressed by removing the executable. CVE-ID CVE-2015-5888 : Apple Intel Graphics Driver Available for: Mac OS X v10.6.8 and later Impact: A local user may be able to execute arbitrary code with system privileges Description: Multiple memory corruption issues existed in the Intel Graphics Driver. These issues were addressed through improved memory handling. CVE-ID CVE-2015-5830 : Yuki MIZUNO (@mzyy94) CVE-2015-5877 : Camillus Gerard Cai IOAudioFamily Available for: Mac OS X v10.6.8 and later Impact: A local user may be able to determine kernel memory layout Description: An issue existed in IOAudioFamily that led to the disclosure of kernel memory content. This issue was addressed by permuting kernel pointers. CVE-ID CVE-2015-5864 : Luca Todesco IOGraphics Available for: Mac OS X v10.6.8 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues existed in the kernel. These issues were addressed through improved memory handling. CVE-ID CVE-2015-5871 : Ilja van Sprundel of IOActive CVE-2015-5872 : Ilja van Sprundel of IOActive CVE-2015-5873 : Ilja van Sprundel of IOActive CVE-2015-5890 : Ilja van Sprundel of IOActive IOGraphics Available for: Mac OS X v10.6.8 and later Impact: A malicious application may be able to determine kernel memory layout Description: An issue existed in IOGraphics which could have led to the disclosure of kernel memory layout. This issue was addressed through improved memory management. CVE-ID CVE-2015-5865 : Luca Todesco IOHIDFamily Available for: Mac OS X v10.6.8 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: Multiple memory corruption issues existed in IOHIDFamily. These issues were addressed through improved memory handling. CVE-ID CVE-2015-5866 : Apple CVE-2015-5867 : moony li of Trend Micro IOStorageFamily Available for: Mac OS X v10.6.8 and later Impact: A local attacker may be able to read kernel memory Description: A memory initialization issue existed in the kernel. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5863 : Ilja van Sprundel of IOActive Kernel Available for: Mac OS X v10.6.8 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues existed in the Kernel. These issues were addressed through improved memory handling. CVE-ID CVE-2015-5868 : Cererdlong of Alibaba Mobile Security Team CVE-2015-5896 : Maxime Villard of m00nbsd CVE-2015-5903 : CESG Kernel Available for: Mac OS X v10.6.8 and later Impact: A local process can modify other processes without entitlement checks Description: An issue existed where root processes using the processor_set_tasks API were allowed to retrieve the task ports of other processes. This issue was addressed through additional entitlement checks. CVE-ID CVE-2015-5882 : Pedro Vilaca, working from original research by Ming-chieh Pan and Sung-ting Tsai; Jonathan Levin Kernel Available for: Mac OS X v10.6.8 and later Impact: A local attacker may control the value of stack cookies Description: Multiple weaknesses existed in the generation of user space stack cookies. These issues were addressed through improved generation of stack cookies. CVE-ID CVE-2013-3951 : Stefan Esser Kernel Available for: Mac OS X v10.6.8 and later Impact: An attacker may be able to launch denial of service attacks on targeted TCP connections without knowing the correct sequence number Description: An issue existed in xnu's validation of TCP packet headers. This issue was addressed through improved TCP packet header validation. CVE-ID CVE-2015-5879 : Jonathan Looney Kernel Available for: Mac OS X v10.6.8 and later Impact: An attacker in a local LAN segment may disable IPv6 routing Description: An insufficient validation issue existed in the handling of IPv6 router advertisements that allowed an attacker to set the hop limit to an arbitrary value. This issue was addressed by enforcing a minimum hop limit. CVE-ID CVE-2015-5869 : Dennis Spindel Ljungmark Kernel Available for: Mac OS X v10.6.8 and later Impact: A local user may be able to determine kernel memory layout Description: An issue existed that led to the disclosure of kernel memory layout. This was addressed through improved initialization of kernel memory structures. CVE-ID CVE-2015-5842 : beist of grayhash Kernel Available for: Mac OS X v10.6.8 and later Impact: A local user may be able to determine kernel memory layout Description: An issue existed in debugging interfaces that led to the disclosure of memory content. This issue was addressed by sanitizing output from debugging interfaces. CVE-ID CVE-2015-5870 : Apple Kernel Available for: Mac OS X v10.6.8 and later Impact: A local user may be able to cause a system denial of service Description: A state management issue existed in debugging functionality. This issue was addressed through improved validation. CVE-ID CVE-2015-5902 : Sergi Alvarez (pancake) of NowSecure Research Team libc Available for: Mac OS X v10.6.8 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the kernel. This issue was addressed through improved memory handling. CVE-ID CVE-2014-8611 : Adrian Chadd and Alfred Perlstein of Norse Corporation libpthread Available for: Mac OS X v10.6.8 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the kernel. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5899 : Lufeng Li of Qihoo 360 Vulcan Team libxpc Available for: Mac OS X v10.6.8 and later Impact: Many SSH connections could cause a denial of service Description: launchd had no limit on the number of processes that could be started by a network connection. This issue was addressed by limiting the number of SSH processes to 40. CVE-ID CVE-2015-5881 : Apple Login Window Available for: Mac OS X v10.6.8 and later Impact: The screen lock may not engage after the specified time period Description: An issue existed with captured display locking. The issue was addressed through improved lock handling. CVE-ID CVE-2015-5833 : Carlos Moreira, Rainer Dorau of rainer dorau informationsdesign, Chris Nehren, Kai Takac, Hans Douma, Toni Vaahtera, and an anonymous researcher lukemftpd Available for: Mac OS X v10.6.8 and later Impact: A remote attacker may be able to deny service to the FTP server Description: A glob-processing issue existed in tnftpd. This issue was addressed through improved glob validation. CVE-ID CVE-2015-5917 : Maksymilian Arciemowicz of cxsecurity.com Mail Available for: Mac OS X v10.6.8 and later Impact: Printing an email may leak sensitive user information Description: An issue existed in Mail which bypassed user preferences when printing an email. This issue was addressed through improved user preference enforcement. CVE-ID CVE-2015-5881 : Owen DeLong of Akamai Technologies, Noritaka Kamiya, Dennis Klein from Eschenburg, Germany, Jeff Hammett of Systim Technology Partners Mail Available for: Mac OS X v10.6.8 and later Impact: An attacker in a privileged network position may be able to intercept attachments of S/MIME-encrypted e-mail sent via Mail Drop Description: An issue existed in handling encryption parameters for large email attachments sent via Mail Drop. The issue is addressed by no longer offering Mail Drop when sending an encrypted e-mail. CVE-ID CVE-2015-5884 : John McCombs of Integrated Mapping Ltd Multipeer Connectivity Available for: Mac OS X v10.6.8 and later Impact: A local attacker may be able to observe unprotected multipeer data Description: An issue existed in convenience initializer handling in which encryption could be actively downgraded to a non-encrypted session. This issue was addressed by changing the convenience initializer to require encryption. CVE-ID CVE-2015-5851 : Alban Diquet (@nabla_c0d3) of Data Theorem NetworkExtension Available for: Mac OS X v10.6.8 and later Impact: A malicious application may be able to determine kernel memory layout Description: An uninitialized memory issue in the kernel led to the disclosure of kernel memory content. This issue was addressed through improved memory initialization. CVE-ID CVE-2015-5831 : Maxime Villard of m00nbsd Notes Available for: Mac OS X v10.6.8 and later Impact: A local user may be able to leak sensitive user information Description: An issue existed in parsing links in the Notes application. This issue was addressed through improved input validation. CVE-ID CVE-2015-5878 : Craig Young of Tripwire VERT, an anonymous researcher Notes Available for: Mac OS X v10.6.8 and later Impact: A local user may be able to leak sensitive user information Description: A cross-site scripting issue existed in parsing text by the Notes application. This issue was addressed through improved input validation. CVE-ID CVE-2015-5875 : xisigr of Tencent's Xuanwu LAB (www.tencent.com) OpenSSH Available for: Mac OS X v10.6.8 and later Impact: Multiple vulnerabilities in OpenSSH Description: Multiple vulnerabilities existed in OpenSSH versions prior to 6.9. These issues were addressed by updating OpenSSH to version 6.9. CVE-ID CVE-2014-2532 OpenSSL Available for: Mac OS X v10.6.8 and later Impact: Multiple vulnerabilities in OpenSSL Description: Multiple vulnerabilities existed in OpenSSL versions prior to 0.9.8zg. These were addressed by updating OpenSSL to version 0.9.8zg. CVE-ID CVE-2015-0286 CVE-2015-0287 procmail Available for: Mac OS X v10.6.8 and later Impact: Multiple vulnerabilities in procmail Description: Multiple vulnerabilities existed in procmail versions prior to 3.22. These issues were addressed by removing procmail. CVE-ID CVE-2014-3618 remote_cmds Available for: Mac OS X v10.6.8 and later Impact: A local user may be able to execute arbitrary code with root privileges Description: An issue existed in the usage of environment variables by the rsh binary. This issue was addressed by dropping setuid privileges from the rsh binary. CVE-ID CVE-2015-5889 : Philip Pettersson removefile Available for: Mac OS X v10.6.8 and later Impact: Processing malicious data may lead to unexpected application termination Description: An overflow fault existed in the checkint division routines. This issue was addressed with improved division routines. CVE-ID CVE-2015-5840 : an anonymous researcher Ruby Available for: Mac OS X v10.6.8 and later Impact: Multiple vulnerabilities in Ruby Description: Multiple vulnerabilities existed in Ruby versions prior to 2.0.0p645. These were addressed by updating Ruby to version 2.0.0p645. CVE-ID CVE-2014-8080 CVE-2014-8090 CVE-2015-1855 Security Available for: Mac OS X v10.6.8 and later Impact: The lock state of the keychain may be incorrectly displayed to the user Description: A state management issue existed in the way keychain lock status was tracked. This issue was addressed through improved state management. CVE-ID CVE-2015-5915 : Peter Walz of University of Minnesota, David Ephron, Eric E. Lawrence, Apple Security Available for: Mac OS X v10.6.8 and later Impact: A trust evaluation configured to require revocation checking may succeed even if revocation checking fails Description: The kSecRevocationRequirePositiveResponse flag was specified but not implemented. This issue was addressed by implementing the flag. CVE-ID CVE-2015-5894 : Hannes Oud of kWallet GmbH Security Available for: Mac OS X v10.6.8 and later Impact: A remote server may prompt for a certificate before identifying itself Description: Secure Transport accepted the CertificateRequest message before the ServerKeyExchange message. This issue was addressed by requiring the ServerKeyExchange first. CVE-ID CVE-2015-5887 : Benjamin Beurdouche, Karthikeyan Bhargavan, Antoine Delignat-Lavaud, Alfredo Pironti, and Jean Karim Zinzindohoue of INRIA Paris-Rocquencourt, and Cedric Fournet and Markulf Kohlweiss of Microsoft Research, Pierre-Yves Strub of IMDEA Software Institute SMB Available for: Mac OS X v10.6.8 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the kernel. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5891 : Ilja van Sprundel of IOActive SMB Available for: Mac OS X v10.6.8 and later Impact: A local user may be able to determine kernel memory layout Description: An issue existed in SMBClient that led to the disclosure of kernel memory content. This issue was addressed through improved bounds checking. CVE-ID CVE-2015-5893 : Ilja van Sprundel of IOActive SQLite Available for: Mac OS X v10.6.8 and later Impact: Multiple vulnerabilities in SQLite v3.8.5 Description: Multiple vulnerabilities existed in SQLite v3.8.5. These issues were addressed by updating SQLite to version 3.8.10.2. CVE-ID CVE-2015-3414 CVE-2015-3415 CVE-2015-3416 Telephony Available for: Mac OS X v10.6.8 and later Impact: A local attacker can place phone calls without the user's knowledge when using Continuity Description: An issue existed in the authorization checks for placing phone calls. This issue was addressed through improved authorization checks. CVE-ID CVE-2015-3785 : Dan Bastone of Gotham Digital Science Terminal Available for: Mac OS X v10.6.8 and later Impact: Maliciously crafted text could mislead the user in Terminal Description: Terminal did not handle bidirectional override characters in the same way when displaying text and when selecting text. This issue was addressed by suppressing bidirectional override characters in Terminal. CVE-ID CVE-2015-5883 : an anonymous researcher tidy Available for: Mac OS X v10.6.8 and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: Multiple memory corruption issues existed in tidy. These issues were addressed through improved memory handling. CVE-ID CVE-2015-5522 : Fernando Munoz of NULLGroup.com CVE-2015-5523 : Fernando Munoz of NULLGroup.com Time Machine Available for: Mac OS X v10.6.8 and later Impact: A local attacker may gain access to keychain items Description: An issue existed in backups by the Time Machine framework. This issue was addressed through improved coverage of Time Machine backups. CVE-ID CVE-2015-5854 : Jonas Magazinius of Assured AB Note: OS X El Capitan 10.11 includes the security content of Safari 9: https://support.apple.com/kb/HT205265. OS X El Capitan 10.11 may be obtained from the Mac App Store: http://www.apple.com/support/downloads/ Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJWDB2wAAoJEBcWfLTuOo7t0sYP/2L3JOGPkHH8XUh2YHpu5qaw S5F2v+SRpWleKQBVsGZ7oA8PV0rBTzEkzt8K1tNxYmxEqL9f/TpRiGoforn89thO /hOtmVOfUcBjPZ4XKwMVzycfSMC9o6LxWTLEKDVylE+F+5jkXafOC9QaqD11dxX6 QhENkpS1BwrKhyaSVxEcgBQtZM9aTsVdZ78rTCb9XTn6gDnvs8NfIQquFOnaQT54 YJ36e5UcUsnyBIol+yGDbC3ZEhzSVIGE5/8/NFlFfRXLgnJArxD8lqz8WdfU9fop hpT/dDqqAdYbRcW1ihcG1haiNHgP9yQCY5jRNfttb+Tc/kIi/QmPkEO0QS8Ygt/O c3sUbNulr1LCinymFVwx16CM1DplGS/GmBL18BAEBnL6yi9tEhYDynZWLSEa37VR 8q802rXRSF10Wct9/kEeR4HgY/1k0KK/4Uddm3c0YyOU21ya7NAhoHGwmDa9g11r N1TniOK8tPiCGjRNOJwuF6DKxD9L3Fv44bVlxAarGUGYkICqzaNS+bgKI1aQNahT fJ91x5uKD4+L9v9c5slkoDIvWqIhO9oyuxgnmC5GstkwFplFXSOklLkTktjLGNn1 nJq8cPnZ/3E1RXTEwVhGljYw5pdZHNx98XmLomGrPqVlZfjGURK+5AXdf2pOlt2e g6jld/w5tPuCFhGucE7Z =XciV -----END PGP SIGNATURE----- . Good morning! This is kinda long. == Background == If you are not familiar with the original bash function export vulnerability (CVE-2014-6271), you may want to have a look at this article: http://lcamtuf.blogspot.com/2014/09/quick-notes-about-bash-bug-its-impact.html Well, long story short: the initial maintainer-provided patch for this issue [1] (released on September 24) is *conclusively* broken. After nagging people to update for a while [5] [7], I wanted to share the technical details of two previously non-public issues which may be used to circumvent the original patch: CVE-2014-6277 and CVE-2014-6278. Note that the issues discussed here are separate from the three probably less severe problems publicly disclosed earlier on: Tavis' limited-exploitability EOL bug (CVE-2014-7169) and two likely non-exploitable one-off issues found by Florian Weimer and Todd Sabin (CVE-2014-7186 and CVE-2014-7187). == Required actions == If you have installed just the September 24 patch [1], or that and the follow-up September 26 patch for CVE-2014-7169 [2], you are likely still vulnerable to RCE and need to update ASAP, as discussed in [5]. You are safe if you have installed the unofficial function prefix patch from Florian Weimer [3], or its upstream variant released on September 28 [4]. The patch does not eliminate the problems, but shields the underlying parser from untrusted inputs under normal circumstances. Note: over the past few days, Florian's patch has been picked up by major Linux distros (Red Hat, Debian, SUSE, etc), so there is a reasonable probability that you are in good shape. To test, execute this command from within a bash shell: foo='() { echo not patched; }' bash -c foo If you see "not patched", you probably want upgrade immediately. If you see "bash: foo: command not found", you're OK. == Vulnerability details: CVE-2014-6277 (the more involved one) == The following function definition appearing in the value of any environmental variable passed to bash will lead to an attempt to dereference attacker-controlled pointers (provided that the targeted instance of bash is protected only with the original patches [1][2] and does not include Florian's fix): () { x() { _; }; x() { _; } <<a; } A more complete example leading to a deref of 0x41414141 would be: HTTP_COOKIE="() { x() { _; }; x() { _; } <<`perl -e '{print "A"x1000}'`; }" bash -c : bash[25662]: segfault at 41414141 ip 00190d96 sp bfbe6354 error 4 in libc-2.12.so[110000+191000] (If you are seeing 0xdfdfdfdf, see note later on). The issue is caused by an uninitialized here_doc_eof field in a REDIR struct originally created in make_redirection(). The initial segv will happen due to an attempt to read and then copy a string to a new buffer through a macro that expands to: strcpy (xmalloc (1 + strlen (redirect->here_doc_eof)), (redirect->here_doc_eof)) This appears to be exploitable in at least one way: if here_doc_eof is chosen by the attacker to point in the vicinity of the current stack pointer, the apparent contents of the string - and therefore its length - may change between stack-based calls to xmalloc() and strcpy() as a natural consequence of an attempt to pass parameters and create local variables. Such a mid-macro switch will result in an out-of-bounds write to the newly-allocated memory. A simple conceptual illustration of this attack vector would be: -- snip! -- char* result; int len_alloced; main(int argc, char** argv) { /* The offset will be system- and compiler-specific */; char* ptr = &ptr - 9; result = strcpy (malloc(100 + (len_alloced = strlen(ptr))), ptr); printf("requested memory = %d\n" "copied text = %d\n", len_alloced + 1, strlen(result) + 1); } -- snip! -- When compiled with the -O2 flag used for bash, on one test system, this produces: requested memory = 2 copied text = 28 This can lead to heap corruption, with multiple writes possible per payload by simply increasing the number of malformed here-docs. The consequences should be fairly clear. [ There is also a latter call to free() on here_doc_eof in dispose_cmd.c, but because of the simultaneous discovery of the much simpler bug '78 discussed in the next section, I have not spent a whole lot of time trying to figure out how to get to that path. ] Perhaps notably, the ability to specify attacker-controlled addresses hinges on the state of --enable-bash-malloc and --enable-mem-scramble compile-time flags; if both are enabled, the memory returned by xmalloc() will be initialized to 0xdf, making the prospect of exploitation more speculative (essentially depending on whether the stack or any other memory region can be grown to overlap with 0xdfdfdfdf). That said, many Linux distributions disable one or both flags and are vulnerable out-of-the-box. It is also of note that relatively few distributions compile bash as PIE, so there is little consolation to be found in ASLR. Similarly to the original vulnerability, this issue can be usually triggered remotely through web servers such as Apache (provided that they invoke CGI scripts or PHP / Python / Perl / C / Java servlets that rely on system() or popen()-type libcalls); through DHCP clients; and through some MUAs and MTAs. For a more detailed discussion of the exposed attack surface, refer to [6]. == Vulnerability details: CVE-2014-6278 (the "back to the '90s" one) == The following function definition appearing in the value of any environmental variable passed to bash 4.2 or 4.3 will lead to straightforward put-your-command-here RCE (again, provided that the targeted instance is not protected with Florian's patch): () { _; } >_[$($())] { echo hi mom; id; } A complete example looks like this: HTTP_COOKIE='() { _; } >_[$($())] { echo hi mom; id; }' bash -c : ...or: GET /some/script.cgi HTTP/1.0 User-Agent: () { _; } >_[$($())] { id >/tmp/hi_mom; } Note that the PoC does not work as-is in more ancient versions of bash, such as 2.x or 3.x; it might have been introduced with xparse_dolparen() starting with bash 4.2 patch level 12 few years back, but I have not investigated this in a lot of detail. Florian's patch is strongly recommended either way. The attack surface through which this flaw may be triggered is roughly similar to that for CVE-2014-6277 and the original bash bug [6]. == Additional info == Both of these issues were identified in an automated fashion with american fuzzy lop: https://code.google.com/p/american-fuzzy-lop The out-of-the-box fuzzer was seeded with a minimal valid function definition ("() { foo() { foo; }; >bar; }") and allowed to run for a couple of hours on a single core. In addition to the issues discussed above, the fuzzer also hit three of the four previously-reported CVEs. I initially shared the findings privately with vendors, but because of the intense scrutiny that this codebase is under, the ease of reproducing these results with an open-source fuzzer, and the now-broad availability of upstream mitigations, there seems to be relatively little value in continued secrecy. == References == [1] http://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-025 [2] http://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-026 [3] http://www.openwall.com/lists/oss-security/2014/09/25/13 [4] http://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-027 [5] http://lcamtuf.blogspot.com/2014/09/bash-bug-apply-unofficial-patch-now.html [6] http://lcamtuf.blogspot.com/2014/09/quick-notes-about-bash-bug-its-impact.html [7] http://www.pcworld.com/article/2688932/improved-patch-tackles-new-shellshock-attack-vectors.html PS. There are no other bugs in bash. --------- FOLLOW UP ----------- Date: Wed, 01 Oct 2014 07:32:57 -0700 From fulldisclosure-bounces@seclists.org Wed Oct 1 14:37:33 2014 From: Paul Vixie <paul@redbarn.org> To: Michal Zalewski <lcamtuf@coredump.cx> Cc: "fulldisclosure@seclists.org" <fulldisclosure@seclists.org> Subject: Re: [FD] the other bash RCEs (CVE-2014-6277 and CVE-2014-6278) michal, thank you for your incredibly informative report here. i have a minor correction. > Michal Zalewski <mailto:lcamtuf@coredump.cx> > Wednesday, October 01, 2014 7:21 AM > ... > > Note: over the past few days, Florian's patch has been picked up by > major Linux distros (Red Hat, Debian, SUSE, etc), so there is a > reasonable probability that you are in good shape. To test, execute > this command from within a bash shell: > > foo='() { echo not patched; }' bash -c foo this command need not be executed from within bash. the problem occurs when bash is run by the command, and the shell that runs the command can be anything. for example, on a system where i have deliberately not patched bash, where sh is "ash" (almquist shell): > $ foo='() { echo not patched; }' bash -c foo > not patched here's me testing it from within tcsh: > % env foo='() { echo not patched; }' bash -c foo > not patched > % (setenv foo '() { echo not patched; }'; bash -c foo) > not patched this is a minor issue, but i've found in matters of security bug reports, tests, and discussions, that any minor matter can lead to deep misunderstanding. thanks again for your excellent report, and your continuing work on this issue. vixie . This vulnerability allows users that have been granted access to a shell script to escalate privilege and execute unrestricted commands at the same security level as the Bash script. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04487558 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04487558 Version: 2 HPSBST03154 rev.2 - HP StoreFabric C-series MDS switches and HP C-series Nexus 5K switches running Bash Shell, Remote Code Execution NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2014-11-06 Last Updated: 2014-12-08 Potential Security Impact: Remote code execution Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY A potential security vulnerability has been identified with HP StoreFabric C-series MDS switches and HP C-series Nexus 5K switches running Bash Shell. References: CVE-2014-6271 CVE-2014-6277 CVE-2014-6278 CVE-2014-7169 CVE-2014-7186 CVE-2014-7187 Cisco defect id: CSCur01099 (for MDS switches) Cisco defect id: CSCur05017 (for Nexus switches) SSRT101747 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. All HP StoreFabric C-series MDS switches All HP C-series Nexus 5K switches BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2014-6271 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2014-6277 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2014-6278 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2014-7169 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2014-7186 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2014-7187 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP is providing software updates as indicated below to resolve the vulnerability in HP StoreFabric C-series MDS switches. No other firmware stream updates are planned beyond the NX-OS 5.x and 6.x versions listed below for the MDS products. HP has released and posted the Cisco switch software version NX-OS 6.2(9a) on HP Support Center (HPSC). This software versions 6.2(9a) has included the fixes for the vulnerability in HP StoreFabric C-series MDS switches which currently supporting NX-OS 6.X releases. HP has released and posted the Cisco switch software version NX-OS 5.2(8e) on HP Support Center (HPSC). This software version 5.2(8e) has included the fix for the vulnerability in HP C-series MDS switches which currently supporting NX-OS 5.X releases. HP is continuing to actively work on software updates to resolve the vulnerability in HP C-series Nexus 5k switches. This bulletin will be revised when these updates become available. MITIGATION INFORMATION If updating to a NX-OS version containing the fix is not currently possible, HP recommends the following steps to reduce the risk of this vulnerability: The "ssh" or "telnet" features may be disabled by the admin user. All MDS and Nexus 5K switches can function in this configuration. Access is available through the console port. HISTORY Version:1 (rev.1) - 6 November 2014 Initial release Version:2 (rev.2) - 8 December 2014 Updated with MDS releases Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2014 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) iEYEARECAAYFAlSGO3oACgkQ4B86/C0qfVnjRwCgyrfIdMF6zvuUIrKqaSZ+wY3W HGAAoIn6S0g+SNsvUrx7/PWQ59GVlis9 =Wrjt -----END PGP SIGNATURE-----

Trust: 3.51

sources: NVD: CVE-2014-6277 // CERT/CC: VU#252743 // JVNDB: JVNDB-2014-004431 // BID: 70165 // VULMON: CVE-2014-6277 // PACKETSTORM: 128753 // PACKETSTORM: 130988 // PACKETSTORM: 128752 // PACKETSTORM: 133803 // PACKETSTORM: 128520 // PACKETSTORM: 128666 // PACKETSTORM: 129438 // PACKETSTORM: 128763 // PACKETSTORM: 128762

AFFECTED PRODUCTS

vendor:gnumodel:bashscope:eqversion:3.2.48

Trust: 1.3

vendor:gnumodel:bashscope:eqversion:4.0

Trust: 1.3

vendor:gnumodel:bashscope:eqversion:3.2

Trust: 1.3

vendor:gnumodel:bashscope:eqversion:4.2

Trust: 1.3

vendor:gnumodel:bashscope:eqversion:3.0.16

Trust: 1.3

vendor:gnumodel:bashscope:eqversion:4.1

Trust: 1.3

vendor:gnumodel:bashscope:eqversion:3.0

Trust: 1.3

vendor:gnumodel:bashscope:eqversion:1.14.4

Trust: 1.0

vendor:gnumodel:bashscope:eqversion:1.14.3

Trust: 1.0

vendor:gnumodel:bashscope:eqversion:2.03

Trust: 1.0

vendor:gnumodel:bashscope:eqversion:1.14.1

Trust: 1.0

vendor:gnumodel:bashscope:eqversion:2.01

Trust: 1.0

vendor:gnumodel:bashscope:eqversion:1.14.5

Trust: 1.0

vendor:gnumodel:bashscope:eqversion:2.01.1

Trust: 1.0

vendor:gnumodel:bashscope:eqversion:1.14.2

Trust: 1.0

vendor:gnumodel:bashscope:eqversion:4.3

Trust: 1.0

vendor:gnumodel:bashscope:eqversion:1.14.7

Trust: 1.0

vendor:gnumodel:bashscope:eqversion:1.14.6

Trust: 1.0

vendor:gnumodel:bashscope:eqversion:1.14.0

Trust: 1.0

vendor:gnumodel:bashscope:eqversion:2.04

Trust: 1.0

vendor:gnumodel:bashscope:eqversion:3.1

Trust: 1.0

vendor:gnumodel:bashscope:eqversion:2.0

Trust: 1.0

vendor:gnumodel:bashscope:eqversion:2.02

Trust: 1.0

vendor:gnumodel:bashscope:eqversion:2.02.1

Trust: 1.0

vendor:gnumodel:bashscope:eqversion:2.05

Trust: 1.0

vendor:applemodel: - scope: - version: -

Trust: 0.8

vendor:avayamodel: - scope: - version: -

Trust: 0.8

vendor:barracudamodel: - scope: - version: -

Trust: 0.8

vendor:blue coatmodel: - scope: - version: -

Trust: 0.8

vendor:centosmodel: - scope: - version: -

Trust: 0.8

vendor:check pointmodel: - scope: - version: -

Trust: 0.8

vendor:ciscomodel: - scope: - version: -

Trust: 0.8

vendor:cygwinmodel: - scope: - version: -

Trust: 0.8

vendor:d linkmodel: - scope: - version: -

Trust: 0.8

vendor:debian gnu linuxmodel: - scope: - version: -

Trust: 0.8

vendor:dell computermodel: - scope: - version: -

Trust: 0.8

vendor:extrememodel: - scope: - version: -

Trust: 0.8

vendor:f5model: - scope: - version: -

Trust: 0.8

vendor:fedoramodel: - scope: - version: -

Trust: 0.8

vendor:fireeyemodel: - scope: - version: -

Trust: 0.8

vendor:fortinetmodel: - scope: - version: -

Trust: 0.8

vendor:gnu bashmodel: - scope: - version: -

Trust: 0.8

vendor:gentoo linuxmodel: - scope: - version: -

Trust: 0.8

vendor:hewlett packardmodel: - scope: - version: -

Trust: 0.8

vendor:ibmmodel: - scope: - version: -

Trust: 0.8

vendor:junipermodel: - scope: - version: -

Trust: 0.8

vendor:mageiamodel: - scope: - version: -

Trust: 0.8

vendor:mcafeemodel: - scope: - version: -

Trust: 0.8

vendor:monroemodel: - scope: - version: -

Trust: 0.8

vendor:necmodel: - scope: - version: -

Trust: 0.8

vendor:niksunmodel: - scope: - version: -

Trust: 0.8

vendor:netappmodel: - scope: - version: -

Trust: 0.8

vendor:novellmodel: - scope: - version: -

Trust: 0.8

vendor:oraclemodel: - scope: - version: -

Trust: 0.8

vendor:palo altomodel: - scope: - version: -

Trust: 0.8

vendor:qnap securitymodel: - scope: - version: -

Trust: 0.8

vendor:red hatmodel: - scope: - version: -

Trust: 0.8

vendor:suse linuxmodel: - scope: - version: -

Trust: 0.8

vendor:slackware linuxmodel: - scope: - version: -

Trust: 0.8

vendor:sophosmodel: - scope: - version: -

Trust: 0.8

vendor:trend micromodel: - scope: - version: -

Trust: 0.8

vendor:ubuntumodel: - scope: - version: -

Trust: 0.8

vendor:vmwaremodel: - scope: - version: -

Trust: 0.8

vendor:xirrusmodel: - scope: - version: -

Trust: 0.8

vendor:gnumodel:bashscope:lteversion:4.3 bash43-026

Trust: 0.8

vendor:applemodel:mac osscope:eqversion:x10.1.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.2

Trust: 0.3

vendor:avayamodel:ip deskphonescope:eqversion:96x16.2

Trust: 0.3

vendor:xeroxmodel:colorqubescope:eqversion:9302

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.0.4

Trust: 0.3

vendor:ciscomodel:network analysis modulescope:eqversion:0

Trust: 0.3

vendor:oraclemodel:enterprise linuxscope:eqversion:6.2

Trust: 0.3

vendor:xeroxmodel:workcentrescope:eqversion:7228

Trust: 0.3

vendor:mcafeemodel:email gatewayscope:eqversion:7.0

Trust: 0.3

vendor:gnumodel:bashscope:eqversion:3.00.0(2)

Trust: 0.3

vendor:xeroxmodel:workcentrescope:eqversion:7238

Trust: 0.3

vendor:ciscomodel:digital media managerscope:eqversion:5.0

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.9

Trust: 0.3

vendor:oraclemodel:enterprise linuxscope:eqversion:5

Trust: 0.3

vendor:redmodel:hat enterprise linux long life serverscope:eqversion:5.6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.7

Trust: 0.3

vendor:mcafeemodel:email gateway hotfixscope:eqversion:6.7.21

Trust: 0.3

vendor:cosmicperlmodel:directory proscope:eqversion:10.0.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2

Trust: 0.3

vendor:ciscomodel:emergency responderscope:eqversion:1.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.03

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:5.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.1

Trust: 0.3

vendor:ubuntumodel:linux amd64scope:eqversion:10.04

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.9

Trust: 0.3

vendor:gnumodel:bashscope:eqversion:3.1.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2.8

Trust: 0.3

vendor:xeroxmodel:colorqubescope:eqversion:9301

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.1.4

Trust: 0.3

vendor:xeroxmodel:phaserscope:eqversion:78000

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.1.3

Trust: 0.3

vendor:redmodel:hat enterprise linux hpc nodescope:eqversion:6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2.2

Trust: 0.3

vendor:ubuntumodel:linux i386scope:eqversion:10.04

Trust: 0.3

vendor:ibmmodel:ds8000scope:eqversion:0

Trust: 0.3

vendor:ciscomodel:unified ip phonescope:eqversion:0

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.8

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.0

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.1.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.7

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.7.4

Trust: 0.3

vendor:avayamodel:ip deskphonescope:eqversion:96x16

Trust: 0.3

vendor:gnumodel:bash rc1scope:eqversion:4.0

Trust: 0.3

vendor:xeroxmodel:workcentrescope:eqversion:7232

Trust: 0.3

vendor:redmodel:hat enterprise linux serverscope:eqversion:5

Trust: 0.3

vendor:oraclemodel:vm virtualboxscope:eqversion:3.2

Trust: 0.3

vendor:xeroxmodel:workcentrescope:eqversion:7242

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.3

Trust: 0.3

vendor:ciscomodel:digital media managerscope:eqversion:0

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.8

Trust: 0.3

vendor:xeroxmodel:phaserscope:eqversion:67000

Trust: 0.3

vendor:xeroxmodel:colorqubescope:eqversion:9393

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2.5

Trust: 0.3

vendor:ciscomodel:gss 4492r global site selectorscope:eqversion:0

Trust: 0.3

vendor:oraclemodel:enterprise linuxscope:eqversion:6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.0.1

Trust: 0.3

vendor:ubuntumodel:linux sparcscope:eqversion:10.04

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.10

Trust: 0.3

vendor:ciscomodel:wide area application servicesscope:eqversion:0

Trust: 0.3

vendor:xeroxmodel:colorqubescope:eqversion:9303

Trust: 0.3

vendor:redmodel:hat enterprise linux workstationscope:eqversion:6

Trust: 0.3

vendor:gentoomodel:linuxscope: - version: -

Trust: 0.3

vendor:mcafeemodel:email gateway hotfixscope:eqversion:6.7.22

Trust: 0.3

vendor:ubuntumodel:linux powerpcscope:eqversion:10.04

Trust: 0.3

vendor:ubuntumodel:linux lts i386scope:eqversion:12.04

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.7.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.1.2

Trust: 0.3

vendor:xeroxmodel:workcentrescope:eqversion:7235

Trust: 0.3

vendor:oraclemodel:vm virtualboxscope:eqversion:3.1

Trust: 0.3

vendor:mcafeemodel:email gateway patchscope:eqversion:7.01

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2.6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.2

Trust: 0.3

vendor:ubuntumodel:linux armscope:eqversion:10.04

Trust: 0.3

vendor:ubuntumodel:linux lts amd64scope:eqversion:12.04

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:7.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2.7

Trust: 0.3

vendor:xeroxmodel:workcentrescope:eqversion:7245

Trust: 0.3

vendor:ciscomodel:unified contact center expressscope:eqversion:0

Trust: 0.3

vendor:sunmodel:solarisscope:eqversion:11

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.0.2

Trust: 0.3

vendor:redhatmodel:enterprise linuxscope:eqversion:5.0

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.8

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.7

Trust: 0.3

vendor:ciscomodel:show and sharescope:eqversion:5(2)

Trust: 0.3

vendor:ciscomodel:mdsscope:eqversion:0

Trust: 0.3

vendor:redhatmodel:enterprise linux clientscope:eqversion:5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.5

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:6.1

Trust: 0.3

vendor:redmodel:hat enterprise linux serverscope:eqversion:6

Trust: 0.3

vendor:oraclemodel:linuxscope:eqversion:5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.7.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.3

Trust: 0.3

vendor:hpmodel:insight controlscope:eqversion:0

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.11

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.7.1

Trust: 0.3

sources: CERT/CC: VU#252743 // BID: 70165 // JVNDB: JVNDB-2014-004431 // NVD: CVE-2014-6277

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-6277
value: HIGH

Trust: 1.0

NVD: CVE-2014-6277
value: HIGH

Trust: 0.8

VULMON: CVE-2014-6277
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2014-6277
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

sources: VULMON: CVE-2014-6277 // JVNDB: JVNDB-2014-004431 // NVD: CVE-2014-6277

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.8

sources: JVNDB: JVNDB-2014-004431 // NVD: CVE-2014-6277

THREAT TYPE

network

Trust: 0.3

sources: BID: 70165

TYPE

Design Error

Trust: 0.3

sources: BID: 70165

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-004431

EXPLOIT AVAILABILITY

sources: VULMON: CVE-2014-6277

PATCH

title:APPLE-SA-2015-01-27-4url:http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html

Trust: 0.8

title:APPLE-SA-2015-09-30-3 OS X El Capitan 10.11url:http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html

Trust: 0.8

title:HT205267url:https://support.apple.com/en-us/HT205267

Trust: 0.8

title:HT204244url:http://support.apple.com/en-us/HT204244

Trust: 0.8

title:HT204244url:http://support.apple.com/ja-jp/HT204244

Trust: 0.8

title:HT205267url:http://support.apple.com/ja-jp/HT205267

Trust: 0.8

title:bash-3.2-33.AXS3.4 url:https://tsn.miraclelinux.com/tsn_local/index.php?m=errata&a=detail&eid=3918

Trust: 0.8

title:bash-4.1.2-15.AXS4.2 url:https://tsn.miraclelinux.com/tsn_local/index.php?m=errata&a=detail&eid=3919

Trust: 0.8

title:cisco-sa-20140926-bashurl:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash

Trust: 0.8

title:CTX200223url:https://support.citrix.com/article/CTX200223

Trust: 0.8

title:CTX200217url:https://support.citrix.com/article/CTX200217

Trust: 0.8

title:GNU Bashurl:http://www.gnu.org/software/bash/

Trust: 0.8

title:HPSBMU03143 SSRT101761url:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04479536

Trust: 0.8

title:HPSBMU03246 SSRT101743url:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04558068

Trust: 0.8

title:HPSBMU03182 SSRT101787url:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04497042

Trust: 0.8

title:HPSBST03122 SSRT101717url:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04471532

Trust: 0.8

title:HPSBMU03144 SSRT101762url:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04479492

Trust: 0.8

title:HPSBST03154 SSRT101747url:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04487558

Trust: 0.8

title:HPSBHF03125 SSRT101724url:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04471538

Trust: 0.8

title:HPSBST03129 SSRT101760url:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04478866

Trust: 0.8

title:HPSBST03181 SSRT101811url:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04496383

Trust: 0.8

title:HPSBGN03233url:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04540692

Trust: 0.8

title:HPSBGN03138 SSRT101755url:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04475942

Trust: 0.8

title:HPSBGN03142 SSRT101764url:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04479402

Trust: 0.8

title:HPSBST03155 SSRT101747url:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04487573

Trust: 0.8

title:HPSBMU03217 SSRT101827url:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04512907

Trust: 0.8

title:HPSBGN03141 SSRT101763url:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04479398

Trust: 0.8

title:HPSBMU03165 SSRT101783url:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04497075

Trust: 0.8

title:HPSBMU03220 SSRT101819url:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04518183

Trust: 0.8

title:HPSBHF03146 SSRT101765url:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04479601

Trust: 0.8

title:HPSBST03157 SSRT101718url:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04488200

Trust: 0.8

title:HPSBMU03236 SSRT101830url:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04552143

Trust: 0.8

title:HPSBHF03145 SSRT101765url:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04479505

Trust: 0.8

title:HPSBMU03245 SSRT101742url:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04556845

Trust: 0.8

title:1685604url:http://www-01.ibm.com/support/docview.wss?uid=swg21685604

Trust: 0.8

title:1685541url:http://www-01.ibm.com/support/docview.wss?uid=swg21685541

Trust: 0.8

title:1685914url:http://www-01.ibm.com/support/docview.wss?uid=swg21685914

Trust: 0.8

title:S1004915url:http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004915

Trust: 0.8

title:1685733url:http://www-01.ibm.com/support/docview.wss?uid=swg21685733

Trust: 0.8

title:1685749url:http://www-01.ibm.com/support/docview.wss?uid=swg21685749

Trust: 0.8

title:1686131url:http://www-01.ibm.com/support/docview.wss?uid=swg21686131

Trust: 0.8

title:T1021279url:http://www-01.ibm.com/support/docview.wss?uid=isg3T1021279

Trust: 0.8

title:MIGR-5096315url:http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096315

Trust: 0.8

title:S1004897url:http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004897

Trust: 0.8

title:1685433url:http://www-01.ibm.com/support/docview.wss?uid=swg21685433

Trust: 0.8

title:T1021272url:http://www-01.ibm.com/support/docview.wss?uid=isg3T1021272

Trust: 0.8

title:S1004898url:http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004898

Trust: 0.8

title:1685522url:http://www-01.ibm.com/support/docview.wss?uid=swg21685522

Trust: 0.8

title:S1004879url:http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004879

Trust: 0.8

title:1686479url:http://www-01.ibm.com/support/docview.wss?uid=swg21686479

Trust: 0.8

title:1686493url:http://www-01.ibm.com/support/docview.wss?uid=swg21686493

Trust: 0.8

title:1686299url:http://www-01.ibm.com/support/docview.wss?uid=swg21686299

Trust: 0.8

title:1686635url:http://www-01.ibm.com/support/docview.wss?uid=swg21686635

Trust: 0.8

title:1685798url:http://www-01.ibm.com/support/docview.wss?uid=swg21685798

Trust: 0.8

title:アライドテレシス株式会社からの情報url:http://jvn.jp/vu/JVNVU97219505/522154/index.html

Trust: 0.8

title:OES11 SP2, OES11SP1, OES2 SP3 vulnerability with GNU Bash Remote Code Execution (aka ShellShock) and Mozilla NSS vulnerabilitiesurl:http://www.novell.com/support/kb/doc.php?id=7015701

Trust: 0.8

title:ZENworks Configuration Management vulnerability with GNU Bash Remote Code Execution (aka ShellShock)url:http://www.novell.com/support/kb/doc.php?id=7015721

Trust: 0.8

title:AV14-003url:http://jpn.nec.com/security-info/av14-003.html

Trust: 0.8

title:ShellShock 101 - What you need to know and do, to ensure your systems are secureurl:https://www.suse.com/support/shellshock/

Trust: 0.8

title:ELSA-2014-3093url:http://linux.oracle.com/errata/ELSA-2014-3093

Trust: 0.8

title:ELSA-2014-3094url:http://linux.oracle.com/errata/ELSA-2014-3094

Trust: 0.8

title:Bash "Shellshock" Vulnerabilities - CVE-2014-7169url:http://www.oracle.com/technetwork/topics/security/bashcve-2014-7169-2317675.html

Trust: 0.8

title:NAS-201410-05url:http://www.qnap.com/i/en/support/con_show.php?cid=61

Trust: 0.8

title:Bug 1141597url:https://bugzilla.redhat.com/show_bug.cgi?id=1141597

Trust: 0.8

title:Resolution for Bash Code Injection Vulnerability via Specially Crafted Environment Variables (CVE-2014-6271, CVE-2014-7169) in Red Hat Enterprise Linuxurl:https://access.redhat.com/solutions/1207723

Trust: 0.8

title:Bash specially-crafted environment variables code injection attackurl:https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/

Trust: 0.8

title:GNU Bash 「OS コマンドインジェクション」の脆弱性について url:http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/VU252743.html

Trust: 0.8

title:SA82url:https://bto.bluecoat.com/security-advisory/sa82

Trust: 0.8

title:SOL15629url:https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15629.html

Trust: 0.8

title:Multiple vulnerabilities in Bashurl:https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_bash

Trust: 0.8

title:JSA10648url:https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10648

Trust: 0.8

title:VMSA-2014-0010url:http://www.vmware.com/security/advisories/VMSA-2014-0010.html

Trust: 0.8

title:GNU bash の脆弱性に関する弊社調査・対応状況についてurl:http://www.iodata.jp/support/information/2014/bash/

Trust: 0.8

title:bashの脆弱性(CVE-2014-6271,CVE-2014-7169 他)によるHA8500への影響についてurl:http://www.hitachi.co.jp/products/it/server/security/info/vulnerable/bash_ha8500.html

Trust: 0.8

title:サーバ・クライアント製品 bashの脆弱性(CVE-2014-6271,CVE-2014-7169他)による影響についてurl:http://www.hitachi.co.jp/products/it/server/security/info/vulnerable/bash_cve20146271.html

Trust: 0.8

title:cisco-sa-20140926-bashurl:http://www.cisco.com/cisco/web/support/JP/112/1126/1126247_cisco-sa-20140926-bash-j.html

Trust: 0.8

title:GNU BashにおけるOSコマンドインジェクションの脆弱性url:http://buffalo.jp/support_s/s20141002.html

Trust: 0.8

title:TLSA-2014-10url:http://www.turbolinux.co.jp/security/2014/TLSA-2014-10j.html

Trust: 0.8

title:GNU Bash に OS コマンドインジェクションの脆弱性url:http://software.fujitsu.com/jp/security/vulnerabilities/jvn-97219505.html

Trust: 0.8

title:Arch Linux Issues: url:https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=CVE-2014-6277

Trust: 0.1

title:Ubuntu Security Notice: bash vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-2380-1

Trust: 0.1

title:VMware Security Advisories: VMware product updates address critical Bash security vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=vmware_security_advisories&qid=86cb6b3955e100fdc9667a7ca916c772

Trust: 0.1

title:Symantec Security Advisories: SA82 : GNU Bash Shellshock Command Injection Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories&qid=2b57ceaadfde2a8b03482273e1fd21ea

Trust: 0.1

title:Apple: OS X Yosemite v10.10.2 and Security Update 2015-001url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=64cbe709a7be49c91d8a8b0f43621640

Trust: 0.1

title:Tenable Security Advisories: [R7] Tenable Appliance Affected by GNU bash 'Shellshock' Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories&qid=TNS-2014-07

Trust: 0.1

title:Citrix Security Bulletins: Citrix XenServer Shellshock Security Updateurl:https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins&qid=64ae0aae8269062686789e3a3fa1d2bf

Trust: 0.1

title:Citrix Security Bulletins: Citrix Security Advisory for GNU Bash Shellshock Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins&qid=73443a6db89dc66fc6bcb49f85bfd1ab

Trust: 0.1

title:Apple: OS X El Capitan v10.11url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=e88bab658248444f5dffc23fd95859e7

Trust: 0.1

title:patch-bash-shellshockurl:https://github.com/jdauphant/patch-bash-shellshock

Trust: 0.1

title:macosx-bash-92-shellshock-patchedurl:https://github.com/ido/macosx-bash-92-shellshock-patched

Trust: 0.1

title:w-testurl:https://github.com/inspirion87/w-test

Trust: 0.1

title:shellshockFixOSXurl:https://github.com/opragel/shellshockFixOSX

Trust: 0.1

title:shocktrooperurl:https://github.com/EvanK/shocktrooper

Trust: 0.1

title:ShellShockHunterurl:https://github.com/MrCl0wnLab/ShellShockHunter

Trust: 0.1

title:Xpl-SHELLSHOCK-Ch3ckurl:https://github.com/googleinurl/Xpl-SHELLSHOCK-Ch3ck

Trust: 0.1

title:bashcheckurl:https://github.com/hannob/bashcheck

Trust: 0.1

title:shellshocker-pocsurl:https://github.com/mubix/shellshocker-pocs

Trust: 0.1

title:LinuxFlawurl:https://github.com/mudongliang/LinuxFlaw

Trust: 0.1

title:afl-cveurl:https://github.com/mrash/afl-cve

Trust: 0.1

title:Threatposturl:https://threatpost.com/researcher-takes-wraps-off-two-undisclosed-shellshock-vulnerabilities-in-bash/108674/

Trust: 0.1

sources: VULMON: CVE-2014-6277 // JVNDB: JVNDB-2014-004431

EXTERNAL IDS

db:NVDid:CVE-2014-6277

Trust: 3.1

db:JVNid:JVN55667175

Trust: 1.9

db:JVNDBid:JVNDB-2014-000126

Trust: 1.9

db:CERT/CCid:VU#252743

Trust: 1.7

db:SECUNIAid:60325

Trust: 1.1

db:SECUNIAid:61065

Trust: 1.1

db:SECUNIAid:61780

Trust: 1.1

db:SECUNIAid:61603

Trust: 1.1

db:SECUNIAid:61287

Trust: 1.1

db:SECUNIAid:61643

Trust: 1.1

db:SECUNIAid:60433

Trust: 1.1

db:SECUNIAid:61565

Trust: 1.1

db:SECUNIAid:61312

Trust: 1.1

db:SECUNIAid:61703

Trust: 1.1

db:SECUNIAid:61503

Trust: 1.1

db:SECUNIAid:60034

Trust: 1.1

db:SECUNIAid:60044

Trust: 1.1

db:SECUNIAid:61328

Trust: 1.1

db:SECUNIAid:59907

Trust: 1.1

db:SECUNIAid:61129

Trust: 1.1

db:SECUNIAid:60024

Trust: 1.1

db:SECUNIAid:59961

Trust: 1.1

db:SECUNIAid:61633

Trust: 1.1

db:SECUNIAid:61128

Trust: 1.1

db:SECUNIAid:61313

Trust: 1.1

db:SECUNIAid:60055

Trust: 1.1

db:SECUNIAid:61291

Trust: 1.1

db:SECUNIAid:62343

Trust: 1.1

db:SECUNIAid:61641

Trust: 1.1

db:SECUNIAid:61857

Trust: 1.1

db:SECUNIAid:61816

Trust: 1.1

db:SECUNIAid:62312

Trust: 1.1

db:SECUNIAid:60193

Trust: 1.1

db:SECUNIAid:60063

Trust: 1.1

db:SECUNIAid:58200

Trust: 1.1

db:SECUNIAid:61654

Trust: 1.1

db:SECUNIAid:61550

Trust: 1.1

db:SECUNIAid:61283

Trust: 1.1

db:SECUNIAid:61485

Trust: 1.1

db:SECUNIAid:61471

Trust: 1.1

db:SECUNIAid:61442

Trust: 1.1

db:SECUNIAid:61552

Trust: 1.1

db:MCAFEEid:SB10085

Trust: 1.1

db:PACKETSTORMid:128567

Trust: 1.1

db:JUNIPERid:JSA10648

Trust: 1.1

db:JVNid:JVNVU97219505

Trust: 0.8

db:JVNid:JVNVU96447236

Trust: 0.8

db:JVNid:JVNVU97220341

Trust: 0.8

db:USCERTid:TA14-268A

Trust: 0.8

db:JVNDBid:JVNDB-2014-004431

Trust: 0.8

db:BIDid:70165

Trust: 0.3

db:EXPLOIT-DBid:35081

Trust: 0.1

db:VULMONid:CVE-2014-6277

Trust: 0.1

db:PACKETSTORMid:128753

Trust: 0.1

db:PACKETSTORMid:130988

Trust: 0.1

db:PACKETSTORMid:128752

Trust: 0.1

db:PACKETSTORMid:133803

Trust: 0.1

db:OPENWALLid:OSS-SECURITY/2014/09/25/13

Trust: 0.1

db:PACKETSTORMid:128520

Trust: 0.1

db:PACKETSTORMid:128666

Trust: 0.1

db:PACKETSTORMid:129438

Trust: 0.1

db:PACKETSTORMid:128763

Trust: 0.1

db:PACKETSTORMid:128762

Trust: 0.1

sources: CERT/CC: VU#252743 // VULMON: CVE-2014-6277 // BID: 70165 // JVNDB: JVNDB-2014-004431 // PACKETSTORM: 128753 // PACKETSTORM: 130988 // PACKETSTORM: 128752 // PACKETSTORM: 133803 // PACKETSTORM: 128520 // PACKETSTORM: 128666 // PACKETSTORM: 129438 // PACKETSTORM: 128763 // PACKETSTORM: 128762 // NVD: CVE-2014-6277

REFERENCES

url:http://lcamtuf.blogspot.com/2014/09/bash-bug-apply-unofficial-patch-now.html

Trust: 2.0

url:https://kb.bluecoat.com/index?page=content&id=sa82

Trust: 1.9

url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20140926-bash

Trust: 1.9

url:https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15629.html

Trust: 1.9

url:https://kc.mcafee.com/corporate/index?page=content&id=sb10085

Trust: 1.9

url:http://jvndb.jvn.jp/jvndb/jvndb-2014-000126

Trust: 1.9

url:https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/

Trust: 1.6

url:https://www.suse.com/support/shellshock/

Trust: 1.1

url:http://support.novell.com/security/cve/cve-2014-6277.html

Trust: 1.1

url:http://secunia.com/advisories/61641

Trust: 1.1

url:http://lcamtuf.blogspot.com/2014/10/bash-bug-how-we-finally-cracked.html

Trust: 1.1

url:http://secunia.com/advisories/61485

Trust: 1.1

url:http://secunia.com/advisories/59907

Trust: 1.1

url:http://www.ubuntu.com/usn/usn-2380-1

Trust: 1.1

url:http://secunia.com/advisories/61654

Trust: 1.1

url:http://www-01.ibm.com/support/docview.wss?uid=swg21685749

Trust: 1.1

url:http://packetstormsecurity.com/files/128567/ca-technologies-gnu-bash-shellshock.html

Trust: 1.1

url:http://secunia.com/advisories/61565

Trust: 1.1

url:http://www.novell.com/support/kb/doc.php?id=7015721

Trust: 1.1

url:http://www.vmware.com/security/advisories/vmsa-2014-0010.html

Trust: 1.1

url:http://secunia.com/advisories/61643

Trust: 1.1

url:http://secunia.com/advisories/61503

Trust: 1.1

url:https://kb.juniper.net/infocenter/index?page=content&id=jsa10648

Trust: 1.1

url:http://www.oracle.com/technetwork/topics/security/bashcve-2014-7169-2317675.html

Trust: 1.1

url:http://secunia.com/advisories/61633

Trust: 1.1

url:http://secunia.com/advisories/61552

Trust: 1.1

url:http://www-01.ibm.com/support/docview.wss?uid=swg21685914

Trust: 1.1

url:http://secunia.com/advisories/61703

Trust: 1.1

url:http://secunia.com/advisories/61283

Trust: 1.1

url:http://secunia.com/advisories/61603

Trust: 1.1

url:http://www-01.ibm.com/support/docview.wss?uid=isg3t1021272

Trust: 1.1

url:http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00004.html

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=141330468527613&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=141345648114150&w=2

Trust: 1.1

url:https://support.citrix.com/article/ctx200217

Trust: 1.1

url:http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004879

Trust: 1.1

url:http://secunia.com/advisories/60034

Trust: 1.1

url:http://secunia.com/advisories/61816

Trust: 1.1

url:http://secunia.com/advisories/61128

Trust: 1.1

url:http://secunia.com/advisories/61313

Trust: 1.1

url:http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004898

Trust: 1.1

url:http://www-01.ibm.com/support/docview.wss?uid=swg21685733

Trust: 1.1

url:http://secunia.com/advisories/61442

Trust: 1.1

url:http://secunia.com/advisories/61287

Trust: 1.1

url:https://support.citrix.com/article/ctx200223

Trust: 1.1

url:http://www-01.ibm.com/support/docview.wss?uid=isg3t1021279

Trust: 1.1

url:http://secunia.com/advisories/60055

Trust: 1.1

url:http://secunia.com/advisories/61129

Trust: 1.1

url:http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004897

Trust: 1.1

url:http://secunia.com/advisories/61780

Trust: 1.1

url:http://www-01.ibm.com/support/docview.wss?uid=swg21686479

Trust: 1.1

url:http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5096315

Trust: 1.1

url:http://www-01.ibm.com/support/docview.wss?uid=swg21685541

Trust: 1.1

url:http://secunia.com/advisories/61471

Trust: 1.1

url:http://secunia.com/advisories/61328

Trust: 1.1

url:http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004915

Trust: 1.1

url:http://secunia.com/advisories/58200

Trust: 1.1

url:http://secunia.com/advisories/61857

Trust: 1.1

url:http://secunia.com/advisories/60193

Trust: 1.1

url:http://www-01.ibm.com/support/docview.wss?uid=swg21685604

Trust: 1.1

url:http://secunia.com/advisories/61065

Trust: 1.1

url:http://secunia.com/advisories/61550

Trust: 1.1

url:http://secunia.com/advisories/60325

Trust: 1.1

url:http://www-01.ibm.com/support/docview.wss?uid=swg21686131

Trust: 1.1

url:http://secunia.com/advisories/61312

Trust: 1.1

url:http://www-01.ibm.com/support/docview.wss?uid=swg21686494

Trust: 1.1

url:http://secunia.com/advisories/60063

Trust: 1.1

url:http://secunia.com/advisories/61291

Trust: 1.1

url:http://secunia.com/advisories/60044

Trust: 1.1

url:http://www-01.ibm.com/support/docview.wss?uid=swg21686246

Trust: 1.1

url:http://www-01.ibm.com/support/docview.wss?uid=swg21686445

Trust: 1.1

url:https://supportcenter.checkpoint.com/supportcenter/portal?eventsubmit_dogoviewsolutiondetails=&solutionid=sk102673&src=securityalerts

Trust: 1.1

url:http://www-01.ibm.com/support/docview.wss?uid=swg21687079

Trust: 1.1

url:http://www-01.ibm.com/support/docview.wss?uid=isg3t1021361

Trust: 1.1

url:http://secunia.com/advisories/60433

Trust: 1.1

url:http://secunia.com/advisories/60024

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=141383353622268&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=141383304022067&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=141383244821813&w=2

Trust: 1.1

url:http://lists.opensuse.org/opensuse-updates/2014-10/msg00025.html

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=141450491804793&w=2

Trust: 1.1

url:http://jvn.jp/en/jp/jvn55667175/index.html

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=141383081521087&w=2

Trust: 1.1

url:http://www.qnap.com/i/en/support/con_show.php?cid=61

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=141383026420882&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=141383196021590&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=141383465822787&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=141577137423233&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=141577241923505&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=141576728022234&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=141577297623641&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=141585637922673&w=2

Trust: 1.1

url:http://secunia.com/advisories/62312

Trust: 1.1

url:http://secunia.com/advisories/59961

Trust: 1.1

url:http://secunia.com/advisories/62343

Trust: 1.1

url:http://linux.oracle.com/errata/elsa-2014-3093

Trust: 1.1

url:http://linux.oracle.com/errata/elsa-2014-3094

Trust: 1.1

url:http://lists.apple.com/archives/security-announce/2015/jan/msg00003.html

Trust: 1.1

url:http://support.apple.com/ht204244

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=142358026505815&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=142358078406056&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=142289270617409&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=141879528318582&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=142118135300698&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=142721162228379&w=2

Trust: 1.1

url:http://www.mandriva.com/security/advisories?name=mdvsa-2015:164

Trust: 1.1

url:http://lists.apple.com/archives/security-announce/2015/sep/msg00008.html

Trust: 1.1

url:https://support.apple.com/ht205267

Trust: 1.1

url:https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-c04518183

Trust: 1.1

url:https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-c04497075

Trust: 1.1

url:http://lcamtuf.blogspot.com/2014/09/quick-notes-about-bash-bug-its-impact.html

Trust: 0.9

url:http://www.kb.cert.org/vuls/id/252743

Trust: 0.9

url:https://nvd.nist.gov/vuln/detail/cve-2014-6277

Trust: 0.9

url:http://seclists.org/oss-sec/2014/q3/650

Trust: 0.8

url:https://access.redhat.com/articles/1200223

Trust: 0.8

url:http://seclists.org/oss-sec/2014/q3/688

Trust: 0.8

url:http://seclists.org/oss-sec/2014/q3/685

Trust: 0.8

url:https://gist.github.com/anonymous/929d622f3b36b00c0be1

Trust: 0.8

url:https://www.dfranke.us/posts/2014-09-27-shell-shock-exploitation-vectors.html

Trust: 0.8

url:https://shellshocker.net/#

Trust: 0.8

url:http://support.apple.com/kb/ht6495

Trust: 0.8

url:https://www.barracuda.com/support/techalerts

Trust: 0.8

url:http://www.checkpoint.com/blog/protecting-shellshock/index.html

Trust: 0.8

url:http://securityadvisories.dlink.com/security/publication.aspx?name=sap10044

Trust: 0.8

url:https://www.debian.org/security/2014/dsa-3032

Trust: 0.8

url:http://learn.extremenetworks.com/rs/extreme/images/vn-2014-001-%20gnu%20bash%20threats%20-cve-2014-7169%20rev01.pdf

Trust: 0.8

url:http://fedoramagazine.org/shellshock-update-bash-packages-that-resolve-cve-2014-6271-and-cve-2014-7169-available/

Trust: 0.8

url:http://www.fortiguard.com/advisory/fg-ir-14-030/

Trust: 0.8

url:http://www.gentoo.org/security/en/glsa/glsa-201409-09.xml

Trust: 0.8

url:http://alerts.hp.com/r?2.1.3kt.2zr.15ee22.l8mgqe..n.ghvs.8f9a.bw89mq%5f%5fdbosfqk0

Trust: 0.8

url:http://kb.juniper.net/jsa10648

Trust: 0.8

url:http://jpn.nec.com/security-info/av14-003.html

Trust: 0.8

url:http://support.novell.com/security/cve/cve-2014-6271.html

Trust: 0.8

url:https://www.suse.com/support/kb/doc.php?id=7015702

Trust: 0.8

url:http://www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.522193

Trust: 0.8

url:http://www.ubuntu.com/usn/usn-2362-1/

Trust: 0.8

url:http://kb.vmware.com/selfservice/microsites/search.do?language=en_us&cmd=displaykc&externalid=2090740

Trust: 0.8

url:http://pkgsrc.se/files.php?messageid=20140925202832.9ad9c98@cvs.netbsd.org

Trust: 0.8

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-6277

Trust: 0.8

url:http://www.ipa.go.jp/security/ciadr/vul/20140926-bash.html

Trust: 0.8

url:https://www.jpcert.or.jp/at/2014/at140037.html

Trust: 0.8

url:http://jvn.jp/jp/jvn55667175/index.html

Trust: 0.8

url:http://jvn.jp/vu/jvnvu96447236/index.html

Trust: 0.8

url:http://jvn.jp/vu/jvnvu97219505/index.html

Trust: 0.8

url:http://jvn.jp/vu/jvnvu97220341/index.html

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-6277

Trust: 0.8

url:https://www.us-cert.gov/ncas/alerts/ta14-268a

Trust: 0.8

url:http://lcamtuf.blogspot.jp/2014/09/bash-bug-apply-unofficial-patch-now.html

Trust: 0.8

url:http://www.aratana.jp/security/detail.php?id=10

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2014-7186

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2014-6271

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2014-7187

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2014-6278

Trust: 0.8

url:https://h20564.www2.hp.com/portal/site/hpsc/public/kb/

Trust: 0.7

url:https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/

Trust: 0.7

url:http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2014-7169

Trust: 0.7

url:http://www.gnu.org/software/bash/

Trust: 0.3

url:https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetsea

Trust: 0.3

url:https://cwe.mitre.org/data/definitions/78.html

Trust: 0.1

url:https://www.exploit-db.com/exploits/35081/

Trust: 0.1

url:https://security.archlinux.org/cve-2014-6277

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://usn.ubuntu.com/2380-1/

Trust: 0.1

url:https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2104-6277

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2104-6278

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-0287

Trust: 0.1

url:https://support.apple.com/kb/ht201222

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-0235

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-8146

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-0231

Trust: 0.1

url:http://www.apple.com/support/downloads/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-8080

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-2331

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-1351

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-8090

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-9705

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-1352

Trust: 0.1

url:https://support.apple.com/en-

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-3951

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-8147

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-0232

Trust: 0.1

url:https://www.apple.com/support/security/pgp/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-2301

Trust: 0.1

url:https://support.apple.com/kb/ht205265.

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-8611

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-9427

Trust: 0.1

url:http://gpgtools.org

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-1855

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-2305

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-9425

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-3618

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-9709

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-0273

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-2532

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-9652

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-0286

Trust: 0.1

url:https://www.tencent.com)

Trust: 0.1

url:http://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-026

Trust: 0.1

url:http://www.pcworld.com/article/2688932/improved-patch-tackles-new-shellshock-attack-vectors.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-6279

Trust: 0.1

url:https://code.google.com/p/american-fuzzy-lop

Trust: 0.1

url:http://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-027

Trust: 0.1

url:http://www.openwall.com/lists/oss-security/2014/09/25/13

Trust: 0.1

url:http://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-025

Trust: 0.1

url:http://support.openview.hp.com/selfsolve/document/km01194258

Trust: 0.1

url:http://support.openview.hp.com/selfsolve/document/km01194259

Trust: 0.1

sources: CERT/CC: VU#252743 // VULMON: CVE-2014-6277 // BID: 70165 // JVNDB: JVNDB-2014-004431 // PACKETSTORM: 128753 // PACKETSTORM: 130988 // PACKETSTORM: 128752 // PACKETSTORM: 133803 // PACKETSTORM: 128520 // PACKETSTORM: 128666 // PACKETSTORM: 129438 // PACKETSTORM: 128763 // PACKETSTORM: 128762 // NVD: CVE-2014-6277

CREDITS

HP

Trust: 0.7

sources: PACKETSTORM: 128753 // PACKETSTORM: 130988 // PACKETSTORM: 128752 // PACKETSTORM: 128666 // PACKETSTORM: 129438 // PACKETSTORM: 128763 // PACKETSTORM: 128762

SOURCES

db:CERT/CCid:VU#252743
db:VULMONid:CVE-2014-6277
db:BIDid:70165
db:JVNDBid:JVNDB-2014-004431
db:PACKETSTORMid:128753
db:PACKETSTORMid:130988
db:PACKETSTORMid:128752
db:PACKETSTORMid:133803
db:PACKETSTORMid:128520
db:PACKETSTORMid:128666
db:PACKETSTORMid:129438
db:PACKETSTORMid:128763
db:PACKETSTORMid:128762
db:NVDid:CVE-2014-6277

LAST UPDATE DATE

2024-11-25T20:36:23.589000+00:00


SOURCES UPDATE DATE

db:CERT/CCid:VU#252743date:2015-04-14T00:00:00
db:VULMONid:CVE-2014-6277date:2018-08-09T00:00:00
db:BIDid:70165date:2015-10-26T16:51:00
db:JVNDBid:JVNDB-2014-004431date:2015-12-24T00:00:00
db:NVDid:CVE-2014-6277date:2024-11-21T02:14:04.890

SOURCES RELEASE DATE

db:CERT/CCid:VU#252743date:2014-09-25T00:00:00
db:VULMONid:CVE-2014-6277date:2014-09-27T00:00:00
db:BIDid:70165date:2014-09-27T00:00:00
db:JVNDBid:JVNDB-2014-004431date:2014-09-30T00:00:00
db:PACKETSTORMid:128753date:2014-10-20T13:55:00
db:PACKETSTORMid:130988date:2015-03-24T17:07:02
db:PACKETSTORMid:128752date:2014-10-20T13:14:00
db:PACKETSTORMid:133803date:2015-10-01T16:33:47
db:PACKETSTORMid:128520date:2014-10-01T23:55:55
db:PACKETSTORMid:128666date:2014-10-14T23:07:16
db:PACKETSTORMid:129438date:2014-12-09T23:15:30
db:PACKETSTORMid:128763date:2014-10-20T17:55:00
db:PACKETSTORMid:128762date:2014-10-20T17:44:00
db:NVDid:CVE-2014-6277date:2014-09-27T22:55:02.660