ID

VAR-201409-1154


CVE

CVE-2014-6278


TITLE

GNU bash Vulnerable to arbitrary command execution

Trust: 0.8

sources: JVNDB: JVNDB-2014-004476

DESCRIPTION

GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary commands via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271, CVE-2014-7169, and CVE-2014-6277. This vulnerability CVE-2014-6271 , CVE-2014-7169 ,and CVE-2014-6277 Vulnerability due to insufficient fix for.A third party may be able to execute arbitrary commands through a crafted environment. GNU Bash is prone to remote code execution vulnerability. An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. This vulnerability allows users that have been granted access to a shell script to escalate privilege and execute unrestricted commands at the same security level as the Bash script. cachetoken NOTE: HP strongly recommends implementing the following security best practices to help reduce both known and future security vulnerability risks: Isolate the HP Integrity Server's management network by keeping it separate from the data or production network, and not connecting it directly to the Internet without additional access authentication. Patch and maintain Lightweight Directory Access Protocol (LDAP) and web servers. Use virus scanners, intrusion detection/prevention systems (IDS/IPS), and vulnerability scanners regularly. HP Vertica AMI's and Virtual Machines prior to v7.1.1-0. HP has released the following updates to resolve this vulnerability for HP Vertica products. Update to the latest VM image available at: https://my.vertica.com For customers using the AMI version HP Vertica Analytics platform, please install the latest image available at Amazon. Under Step2: your ITRC operating systems - verify your operating system selections are checked and save. To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. "HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement." Copyright 2014 Hewlett-Packard Development Company, L.P. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201410-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Bash: Multiple vulnerabilities Date: October 04, 2014 Bugs: #523742, #524256 ID: 201410-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple parsing flaws in Bash could allow remote attackers to inject code or cause a Denial of Service condition. Background ========== Bash is the standard GNU Bourne Again SHell. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-shells/bash < 4.2_p52 *>= 3.1_p22 *>= 3.2_p56 *>= 4.0_p43 *>= 4.1_p16 >= 4.2_p52 Description =========== Florian Weimer, Todd Sabin, Michal Zalewski et al. discovered further parsing flaws in Bash. The unaffected Gentoo packages listed in this GLSA contain the official patches to fix the issues tracked as CVE-2014-6277, CVE-2014-7186, and CVE-2014-7187. Workaround ========== There is no known workaround at this time. Resolution ========== All Bash 3.1 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-shells/bash-3.1_p22:3.1" All Bash 3.2 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-shells/bash-3.2_p56:3.2" All Bash 4.0 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-shells/bash-4.0_p43:4.0" All Bash 4.1 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-shells/bash-4.1_p16:4.1" All Bash 4.2 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-shells/bash-4.2_p52" References ========== [ 1 ] CVE-2014-6277 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6277 [ 2 ] CVE-2014-6278 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6278 [ 3 ] CVE-2014-7186 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7186 [ 4 ] CVE-2014-7187 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7187 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201410-01.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . No other firmware stream updates are planned beyond the NX-OS 5.x and 6.x versions listed below for the MDS products. This software versions 6.2(9a) has included the fixes for the vulnerability in HP StoreFabric C-series MDS switches which currently supporting NX-OS 6.X releases. This software version 5.2(8e) has included the fix for the vulnerability in HP C-series MDS switches which currently supporting NX-OS 5.X releases. This bulletin will be revised when these updates become available. MITIGATION INFORMATION If updating to a NX-OS version containing the fix is not currently possible, HP recommends the following steps to reduce the risk of this vulnerability: The "ssh" or "telnet" features may be disabled by the admin user. All MDS and Nexus 5K switches can function in this configuration. Access is available through the console port. Good morning! This is kinda long. == Background == If you are not familiar with the original bash function export vulnerability (CVE-2014-6271), you may want to have a look at this article: http://lcamtuf.blogspot.com/2014/09/quick-notes-about-bash-bug-its-impact.html Well, long story short: the initial maintainer-provided patch for this issue [1] (released on September 24) is *conclusively* broken. After nagging people to update for a while [5] [7], I wanted to share the technical details of two previously non-public issues which may be used to circumvent the original patch: CVE-2014-6277 and CVE-2014-6278. Note that the issues discussed here are separate from the three probably less severe problems publicly disclosed earlier on: Tavis' limited-exploitability EOL bug (CVE-2014-7169) and two likely non-exploitable one-off issues found by Florian Weimer and Todd Sabin (CVE-2014-7186 and CVE-2014-7187). == Required actions == If you have installed just the September 24 patch [1], or that and the follow-up September 26 patch for CVE-2014-7169 [2], you are likely still vulnerable to RCE and need to update ASAP, as discussed in [5]. You are safe if you have installed the unofficial function prefix patch from Florian Weimer [3], or its upstream variant released on September 28 [4]. The patch does not eliminate the problems, but shields the underlying parser from untrusted inputs under normal circumstances. Note: over the past few days, Florian's patch has been picked up by major Linux distros (Red Hat, Debian, SUSE, etc), so there is a reasonable probability that you are in good shape. To test, execute this command from within a bash shell: foo='() { echo not patched; }' bash -c foo If you see "not patched", you probably want upgrade immediately. If you see "bash: foo: command not found", you're OK. == Vulnerability details: CVE-2014-6277 (the more involved one) == The following function definition appearing in the value of any environmental variable passed to bash will lead to an attempt to dereference attacker-controlled pointers (provided that the targeted instance of bash is protected only with the original patches [1][2] and does not include Florian's fix): () { x() { _; }; x() { _; } <<a; } A more complete example leading to a deref of 0x41414141 would be: HTTP_COOKIE="() { x() { _; }; x() { _; } <<`perl -e '{print "A"x1000}'`; }" bash -c : bash[25662]: segfault at 41414141 ip 00190d96 sp bfbe6354 error 4 in libc-2.12.so[110000+191000] (If you are seeing 0xdfdfdfdf, see note later on). The issue is caused by an uninitialized here_doc_eof field in a REDIR struct originally created in make_redirection(). The initial segv will happen due to an attempt to read and then copy a string to a new buffer through a macro that expands to: strcpy (xmalloc (1 + strlen (redirect->here_doc_eof)), (redirect->here_doc_eof)) This appears to be exploitable in at least one way: if here_doc_eof is chosen by the attacker to point in the vicinity of the current stack pointer, the apparent contents of the string - and therefore its length - may change between stack-based calls to xmalloc() and strcpy() as a natural consequence of an attempt to pass parameters and create local variables. Such a mid-macro switch will result in an out-of-bounds write to the newly-allocated memory. A simple conceptual illustration of this attack vector would be: -- snip! -- char* result; int len_alloced; main(int argc, char** argv) { /* The offset will be system- and compiler-specific */; char* ptr = &ptr - 9; result = strcpy (malloc(100 + (len_alloced = strlen(ptr))), ptr); printf("requested memory = %d\n" "copied text = %d\n", len_alloced + 1, strlen(result) + 1); } -- snip! -- When compiled with the -O2 flag used for bash, on one test system, this produces: requested memory = 2 copied text = 28 This can lead to heap corruption, with multiple writes possible per payload by simply increasing the number of malformed here-docs. The consequences should be fairly clear. [ There is also a latter call to free() on here_doc_eof in dispose_cmd.c, but because of the simultaneous discovery of the much simpler bug '78 discussed in the next section, I have not spent a whole lot of time trying to figure out how to get to that path. ] Perhaps notably, the ability to specify attacker-controlled addresses hinges on the state of --enable-bash-malloc and --enable-mem-scramble compile-time flags; if both are enabled, the memory returned by xmalloc() will be initialized to 0xdf, making the prospect of exploitation more speculative (essentially depending on whether the stack or any other memory region can be grown to overlap with 0xdfdfdfdf). That said, many Linux distributions disable one or both flags and are vulnerable out-of-the-box. It is also of note that relatively few distributions compile bash as PIE, so there is little consolation to be found in ASLR. Similarly to the original vulnerability, this issue can be usually triggered remotely through web servers such as Apache (provided that they invoke CGI scripts or PHP / Python / Perl / C / Java servlets that rely on system() or popen()-type libcalls); through DHCP clients; and through some MUAs and MTAs. For a more detailed discussion of the exposed attack surface, refer to [6]. == Vulnerability details: CVE-2014-6278 (the "back to the '90s" one) == The following function definition appearing in the value of any environmental variable passed to bash 4.2 or 4.3 will lead to straightforward put-your-command-here RCE (again, provided that the targeted instance is not protected with Florian's patch): () { _; } >_[$($())] { echo hi mom; id; } A complete example looks like this: HTTP_COOKIE='() { _; } >_[$($())] { echo hi mom; id; }' bash -c : ...or: GET /some/script.cgi HTTP/1.0 User-Agent: () { _; } >_[$($())] { id >/tmp/hi_mom; } Note that the PoC does not work as-is in more ancient versions of bash, such as 2.x or 3.x; it might have been introduced with xparse_dolparen() starting with bash 4.2 patch level 12 few years back, but I have not investigated this in a lot of detail. Florian's patch is strongly recommended either way. The attack surface through which this flaw may be triggered is roughly similar to that for CVE-2014-6277 and the original bash bug [6]. == Additional info == Both of these issues were identified in an automated fashion with american fuzzy lop: https://code.google.com/p/american-fuzzy-lop The out-of-the-box fuzzer was seeded with a minimal valid function definition ("() { foo() { foo; }; >bar; }") and allowed to run for a couple of hours on a single core. In addition to the issues discussed above, the fuzzer also hit three of the four previously-reported CVEs. I initially shared the findings privately with vendors, but because of the intense scrutiny that this codebase is under, the ease of reproducing these results with an open-source fuzzer, and the now-broad availability of upstream mitigations, there seems to be relatively little value in continued secrecy. == References == [1] http://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-025 [2] http://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-026 [3] http://www.openwall.com/lists/oss-security/2014/09/25/13 [4] http://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-027 [5] http://lcamtuf.blogspot.com/2014/09/bash-bug-apply-unofficial-patch-now.html [6] http://lcamtuf.blogspot.com/2014/09/quick-notes-about-bash-bug-its-impact.html [7] http://www.pcworld.com/article/2688932/improved-patch-tackles-new-shellshock-attack-vectors.html PS. There are no other bugs in bash. --------- FOLLOW UP ----------- Date: Wed, 01 Oct 2014 07:32:57 -0700 From fulldisclosure-bounces@seclists.org Wed Oct 1 14:37:33 2014 From: Paul Vixie <paul@redbarn.org> To: Michal Zalewski <lcamtuf@coredump.cx> Cc: "fulldisclosure@seclists.org" <fulldisclosure@seclists.org> Subject: Re: [FD] the other bash RCEs (CVE-2014-6277 and CVE-2014-6278) michal, thank you for your incredibly informative report here. i have a minor correction. > Michal Zalewski <mailto:lcamtuf@coredump.cx> > Wednesday, October 01, 2014 7:21 AM > ... > > Note: over the past few days, Florian's patch has been picked up by > major Linux distros (Red Hat, Debian, SUSE, etc), so there is a > reasonable probability that you are in good shape. To test, execute > this command from within a bash shell: > > foo='() { echo not patched; }' bash -c foo this command need not be executed from within bash. the problem occurs when bash is run by the command, and the shell that runs the command can be anything. for example, on a system where i have deliberately not patched bash, where sh is "ash" (almquist shell): > $ foo='() { echo not patched; }' bash -c foo > not patched here's me testing it from within tcsh: > % env foo='() { echo not patched; }' bash -c foo > not patched > % (setenv foo '() { echo not patched; }'; bash -c foo) > not patched this is a minor issue, but i've found in matters of security bug reports, tests, and discussions, that any minor matter can lead to deep misunderstanding. thanks again for your excellent report, and your continuing work on this issue. vixie . HP Product Firmware Version HP StoreEver ESL G3 Tape Libraries with MCB version 2 680H_GS40701 HP StoreEver ESL G3 Tape Libraries with MCB version 1 656H_GS10801 The firmware is customer installable and is available in the Drivers, Software & Firmware section at the following location: http://www.hp.com/support/eslg3 Notes: - Updating the library firmware requires a reboot of the library. - Disable DHCP and only use static IP addressing. -----BEGIN PGP SIGNED MESSAGE----- CA20141001-01: Security Notice for Bash Shellshock Vulnerability Issued: October 01, 2014 Updated: October 03, 2014 CA Technologies is investigating multiple GNU Bash vulnerabilities, referred to as the "Shellshock" vulnerabilities, which were publicly disclosed on September 24-27, 2014. CVE identifiers CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, and CVE-2014-6278 have been assigned to these vulnerabilities. The CA Technologies Enterprise Information Security team has led a global effort to identify and remediate systems and products discovered with these vulnerabilities. We continue to patch our systems as fixes become available, and we are providing fixes for affected CA Technologies products. CA Technologies continues to aggressively scan our environments (including servers, networks, external facing applications, and SaaS environments) to proactively monitor, identify, and remediate any vulnerability when necessary. Risk Rating High Platform AIX Android (not vulnerable, unless rooted) Apple iOS (not vulnerable unless jailbroken) Linux Mac OS X Solaris Windows (not vulnerable unless Cygwin or similar ported Linux tools with Bash shell are installed) Other UNIX/BSD based systems if Bash is installed Any other OS or JeOS that utilizes Bash Affected Products The following products have been identified as potentially vulnerable, and we have made fixes available for all of these products. CA API Management (Linux appliance only) CA Application Performance Management (TIM is the only affected APM component) CA Application Performance Management Cloud Monitor CA Customer Experience Manager (CEM) Transaction Impact Monitor (TIM) CA Layer 7 products (API Gateway, Mobile Access Gateway, API Management Portal) CA User Activity Reporting Module (Enterprise Log Manager) Note: This security notice will be updated if other CA Technologies products are determined to be vulnerable. In most cases, the Bash vulnerabilities will need to be patched by OS vendors. Exceptions may include CA Technologies appliances, and software products that include Linux, UNIX or Mac OS X based operating systems (that include Bash). Affected Components CentOS Cygwin GNU Bash Red Hat Enterprise Linux SUSE Linux Non-Affected Products IMPORTANT NOTE: This listing includes only a small subset of the unaffected CA Technologies products. We're including unaffected products that customers have already inquired about. While the following CA Technologies products are not directly affected by the Bash vulnerabilities, the underlying operating systems that CA Technologies software is installed on may be vulnerable. We strongly encourage our customers to follow the recommendations provided by their vendors for all operating systems they utilize. All CA SaaS / On Demand products were either not vulnerable or have already been patched. CA AHS / PaymentMinder - AHS App is not vulnerable. The AHS app does not execute CGI scripts, or spawn or execute shell commands from within the app. AHS infrastructure already patched. CA Asset Portfolio Management CA AuthMinder (Arcot WebFort) CA AuthMinder for Business Users CA AuthMinder for Consumers CA AutoSys products - We use the bash shell that comes with the operating system and the customer is responsible for patching their OS. Additionally, the agents themselves do not distribute any scripts that use bash. CA Clarity On Demand CA CloudMinder - CloudMinder does not include the Bash Shell in BoM, or use it, but because we are deployed on RHEL, customers may be indirectly affected. Customers using RHEL should apply patches provided by Red Hat. CA Console Management for OpenVMS - Our OpenVMS products do not bundle bash, and they do not supply bash scripts; we use nothing but the native DCL CLI. CA ControlMinder CA DataMinder (formerly DLP) products – Software and appliance confirmed not vulnerable. Note: Linux Agents shipped, but no public SSH or Web apps are used in these agents. Customers should patch bash shell on any Linux server with DataMinder agents. DataMinder agents should continue to function normally. CA Digital Payments SaaS (previously patched) CA Directory CA eCommerce SaaS / On Demand (previously patched) CA Endevor Software Change Manager CA Federation (formerly SiteMinder Federation) CA GovernanceMinder CA IdentityMinder CA Infrastructure Management CA JCLCheck CA Job Management for OpenVMS - Our OpenVMS products do not bundle bash, and they do not supply bash scripts; we use nothing but the native DCL CLI. CA NetQoS GigaStor Observer Expert CA Network Flow Analysis CA Performance Management for OpenVMS - Our OpenVMS products do not bundle bash, and they do not supply bash scripts; we use nothing but the native DCL CLI. CA RiskMinder CA Service Desk Manager CA Service Operations Insight (SOI) CA SiteMinder CA SOLVE:Access CA Spectrum for Linux - Not vulnerable. Be sure to apply bash fixes from your underlying operating system vendor. CA Strong Authentication CA System Watchdog for OpenVMS - Our OpenVMS products do not bundle bash, and they do not supply bash scripts; we use nothing but the native DCL CLI. CA Top Secret CA Universal Job Management Agent for OpenVMS - Our OpenVMS products do not bundle bash, and they do not supply bash scripts; we use nothing but the native DCL CLI. CA Virtual Assurance for Infrastructure Managers (VAIM) Solution CA Technologies has issued the following fixes to address the vulnerabilities. CA API Management: Patches for Linux appliance are available through CA Support to customers of Gateway (applicable for all versions – 6.1.5, 6.2, 7.0, 7.1, 8.0, 8.1, 8.1.1, 8.1.02). CA Application Performance Management: KB article for APM TIM has been published. APM TIM is the only part of APM that was affected. Refer to TEC618037. CA Application Performance Management Cloud Monitor: New images are available for subscribers. Download the latest OPMS version 8.2.1.5. For assistance, contact CA Support. CA Customer Experience Manager (CEM) Transaction Impact Monitor (TIM): Very low risk. 9.6 is not affected. 9.5 Installation uses Bash. We do not use Bash at all for the CEM operating system that we have shipped in the past. This means that customers who patch the OS will not impact the ability of the CEM TIMsoft from operating. However prior to version 9.6, the TIM installation script does use the bash shell. See new KB article TEC618037 for additional information. CA Layer 7 (API Gateway, Mobile Access Gateway, API Management Portal): Fixes for all Bash vulnerabilities and a security bulletin are available on the Layer 7 Support website. CA User Activity Reporting Module (Enterprise Log Manager): All 12.5 and 12.6 GA versions are potentially affected. Patches provided on 2014-09-30. To get the patch, use the OS update functionality to get the latest R12.6 SP1 subscription update. Note that you can update R12.5 SPx with the R12.6 SP1 OS update. For assistance, contact CA Support. Workaround None To help mitigate the risk, we do strongly encourage all customers to follow patch management best practices, and in particular for operating systems affected by the Bash Shellshock vulnerabilities. References CVE-2014-6271 - Bash environment variable command injection CVE-2014-7169 - Bash environment variable incomplete fix for CVE-2014-6271 CVE-2014-7186 - Bash parser redir_stack memory corruption CVE-2014-7187 - Bash nested flow control constructs off-by-one CVE-2014-6277 - Bash untrusted pointer use uninitialized memory CVE-2014-6278 - Bash environment variable command injection CA20141001-01: Security Notice for Bash Shellshock Vulnerability https://support.ca.com/irj/portal/anonymous/phpsbpldgpg Change History v1.0: 2014-10-01, Initial Release v1.1: 2014-10-02, Added AuthMinder, Strong Authentication, VAIM, Clarity OD, All SaaS/OD products to list of Non-Affected Products. v1.2: 2014-10-03, Added RiskMinder to Non-Affected Products. Updated UARM solution info. If additional information is required, please contact CA Technologies Support at https://support.ca.com. If you discover a vulnerability in CA Technologies products, please report your findings to the CA Technologies Product Vulnerability Response Team at vuln@ca.com. PGP key: support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=177782 Security Notices https://support.ca.com/irj/portal/anonymous/phpsbpldgpg Regards, Ken Williams Director, Product Vulnerability Response Team CA Technologies | One CA Plaza | Islandia, NY 11749 | www.ca.com Ken.Williams@ca.com | vuln@ca.com Copyright © 2014 CA. All Rights Reserved. One CA Plaza, Islandia, N.Y. 11749. All other trademarks, trade names, service marks, and logos referenced herein belong to their respective companies. -----BEGIN PGP SIGNATURE----- Version: Encryption Desktop 10.3.2 (Build 15238) Charset: utf-8 wsBVAwUBVDK+PZI1FvIeMomJAQFl/Af/TqrSE/h4r3gs9PwrWKdt21PCRI3za9Lx M5ZyTdVDIQ9ybgPkLqsovNRPgVqd7zwDHsx0rzvF5Y82uO+vQ63BuEV2GnczAax/ EiAW4WVxUgWG+lAowGV55Of8ruv/gOiAWTjFhkqpsyVg96ZMw2HLG62IwZL1j0qa oLCu0y3VrGvqH0g2hi75QwHAjNCdlEsD4onUqTCc9cRTdLwFCZrUQ8KTrqIL7LK5 Uo5T9C1UeAyNTo3KiJ/zw3BCOTkpl99dmg3NW0onU/1r1CXdlyS7opLB+GJ+xGwP xRQdUsOIhzfRzx7bsao2D43IhDnzJBBFJHdeMPo18WBTfJ7aUgBwGQ== =B62b -----END PGP SIGNATURE----- . Go to the HP Software Depot site at http://www.software.hp.com and search for HP OneView. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04558068 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04558068 Version: 1 HPSBMU03246 rev.1 - HP Insight Control for Linux Central Management Server Pre-boot Execution Environment running Bash Shell, Multiple Vulnerabilities NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2015-02-02 Last Updated: 2015-02-02 Potential Security Impact: Multiple vulnerabilities Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP Insight Control for Linux Central Management Server Pre-boot Execution Environment that could be exploited remotely resulting in Denial of Service (DoS), disclosure of information, and other vulnerabilities. References: CVE-2014-6271 CVE-2014-6277 CVE-2014-6278 CVE-2014-7169 CVE-2014-7186 CVE-2014-7187 CVE-2014-7196 SSRT101742 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP Insight Control for Linux Central Management Server Pre-boot Execution Environment running Bash Shell BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2014-6271 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2014-6277 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2014-6278 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2014-7169 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2014-7186 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2014-7187 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2014-7196 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has provided the following instructions to resolve these vulnerabilities. Follow these steps to update the HP Insight Control for Linux Central Management Server Pre-boot Execution Environment: NOTE: The following procedure updates the bash shell on the Linux Pre-boot Execution Environment. On the Production RHEL 6.2 OS: a. Prepare temporary directory for Bash update software: # mkdir -p $HOME/tmp/bash # cd $HOME/tmp/bash # pwd <home directory>/tmp/bash b. Download the file 'bash-4.1.2-15.el6_4.2.i686.rpm' for Insight Control for Linux Red Hat 6.2 i386 from https://rhn.redhat.com/errata/RHSA-2014-1311.html to the temporary directory '$HOME/tmp/bash'. c. Extract the Bash update software package. # rpm2cpio bash-4.1.2-15.el6_4.2.i686.rpm| cpio -idmv d. Verify the version of the Bash update software: # ./bin/bash --version GNU bash, version 4.1.2(1)-release (i686-redhat-linux-gnu) e. Verify version dependencies: # ldd ./bin/bash linux-gate.so.1 => (0x008a7000) libtinfo.so.5 => /lib/libtinfo.so.5 (0x00459000) libdl.so.2 => /lib/libdl.so.2 (0x002c0000) libc.so.6 => /lib/libc.so.6 (0x0012e000) /lib/ld-linux.so.2 (0x00108000) f. Create archive file from '/lib' to copy and install on the Insight Control for Linux Central Management Server Pre-boot Execution Environment system: # mkdir $HOME/tmp/lib # cd /lib # cp * $HOME/tmp/lib # cd $HOME/tmp # pwd <home directory>/tmp # tar cvf bash_lib.tar * 2. Download the new archive file '$HOME/tmp/bash_lib.tar' from the Production RHEL 6.2 OS system to the Insight Control for Linux Central Management Server Pre-boot Execution Environment system. On the HP Insight Control for Linux Central Managment Server Pre-boot Execution Environment system: a. Create a temporary folder for the toolkit and copy the toolkit there : # mkdir -p $HOME/tmp/temp-toolkit # cp /usr/share/systemimager/boot/i386/standard/toolkit.tar.gz $HOME/tmp/temp-toolkit b. Extract the file 'toolkit.tar.gz' into the temporary folder: # cd $HOME/tmp/temp-toolkit # tar zxvf toolkit.tar.gz # mv $HOME/tmp/temp-toolkit/toolkit.tar.gz /tmp c. Verify the version of the toolkit Bash: # $HOME/tmp/temp-toolkit/bin/bash --version GNU bash, version 3.2.0(1)-release (i386-pc-linux-gnu) Copyright (C) 2005 Free Software Foundation, Inc. d. Verify dependencies versions: # ldd $HOME/tmp/temp-toolkit/bin/bash linux-gate.so.1 => (0xffffe000) libtermcap.so.2 => /lib/libtermcap.so.2 (0xf7f8c000) libdl.so.2 => /lib/libdl.so.2 (0x008bf000) libc.so.6 => /lib/libc.so.6 (0x00777000) /lib/ld-linux.so.2 (0x00755000) e. Extract the archive 'bash_lib.tar' to directory '$HOME/tmp/bash_lib' . Then copy the bash binary and the library files to their respective locations: # tar xvf $HOME/tmp/bash_lib # cp $HOME/tmp/bash_lib/bash/bash $HOME/tmp/temp-toolkit/bin # cp $HOME/tmp/bash_lib/lib/* $HOME/tmp/temp-toolkit/lib f. Create the updated toolkit gzipped archive file and place in /usr/share/systemimager/boot/i386/standard # tar czvf toolkit.tar.gz * # cp toolkit.tar.gz /usr/share/systemimager/boot/i386/standard HISTORY Version:1 (rev.1) - 2 February 2015 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2015 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. NOTE: This vulnerability can only be exploited if the attacker already has valid administrative login credentials. Note: All versions of HP Thin Pro and HP Smart Zero Core operating systems prior to version 5.1.0 are affected by these vulnerabilities. Following is a complete list of affected operating systems and Hardware Platforms Affected. Product Affected Product Versions Patch Status HP ThinPro and HP Smart Zero Core (X86) v5.1.0 and above No update required; the Bash shell patch is incorporated into the base image. Note: If you participated in the ThinPro 5.1.0 beta program then upgrade to the release version as soon as it becomes available. HP ThinPro and HP Smart Zero Core (x86) v5.0.x A component update is currently available through Easy Update as: SecurityUpdate-Shellshock-2.0-all-5.0-x86.xar . The update can be also downloaded directly from HP as part of softpaq sp69382 at the following address: ftp://ftp.hp.com/pub/softpaq/sp69001-69500/sp69382.exe HP ThinPro and HP Smart Zero Core (x86) v4.4.x A component update is currently available through Easy Update as: SecurityUpdate-Shellshock-2.0-all-4.4-x86.xar . The update can be also downloaded directly from HP as part of softpaq sp69382 at the following address: ftp://ftp.hp.com/pub/softpaq/sp69001-69500/sp69382.exe HP ThinPro and HP Smart Zero Core (ARM) v4.4.x A component update is currently available through Easy Update as: SecurityUpdate-Shellshock-2.0-all-4.4-arm.xar . The update can be also downloaded directly from HP as part of softpaq sp69382 at the following address: ftp://ftp.hp.com/pub/softpaq/sp69001-69500/sp69382.exe HP ThinPro and HP Smart Zero Core (X86) v4.1, v4.2, and v4.3 A component update is currently available through Easy Update as: SecurityUpdate-Shellshock-2.0-all-4.1-4.2-4.3-x86.xar . The update can be also downloaded directly from HP as part of softpaq sp69382 at the following address: ftp://ftp.hp.com/pub/softpaq/sp69001-69500/sp69382.exe HP ThinPro and HP Smart Zero Core (ARM) v4.1, v4.2, and v4.3 A component update is currently available through Easy Update as: SecurityUpdate-Shellshock-2.0-all-4.1-4.2-4.3-arm.xar . The update can be also downloaded directly from HP as part of softpaq sp69382 at the following address: ftp://ftp.hp.com/pub/softpaq/sp69001-69500/sp69382.exe HP ThinPro and HP Smart Zero Core (X86) v3.1, v3.2, and v3.3 Download softpaq sp69382 from: ftp://ftp.hp.com/pub/softpaq/sp69001-69500/sp69382.exe which contains an update package as: bash_4.1-3+deb6u2_i386.deb . HP ThinPro and HP Smart Zero Core (ARM) v3.1, v3.2, and v3.3 Download softpaq sp69382 from: ftp://ftp.hp.com/pub/softpaq/sp69001-69500/sp69382.exe which contains an update package as: bash_4.1-3+deb6u2_armel.deb

Trust: 3.24

sources: NVD: CVE-2014-6278 // JVNDB: JVNDB-2014-004476 // BID: 70166 // PACKETSTORM: 128864 // PACKETSTORM: 128765 // PACKETSTORM: 129617 // PACKETSTORM: 128762 // PACKETSTORM: 128563 // PACKETSTORM: 129438 // PACKETSTORM: 128520 // VULMON: CVE-2014-6278 // PACKETSTORM: 129069 // PACKETSTORM: 128567 // PACKETSTORM: 128753 // PACKETSTORM: 129932 // PACKETSTORM: 130336 // PACKETSTORM: 128716 // PACKETSTORM: 129068

AFFECTED PRODUCTS

vendor:gnumodel:bashscope:eqversion:1.14.7

Trust: 1.6

vendor:gnumodel:bashscope:eqversion:2.01

Trust: 1.6

vendor:gnumodel:bashscope:eqversion:2.0

Trust: 1.6

vendor:gnumodel:bashscope:eqversion:1.14.4

Trust: 1.6

vendor:gnumodel:bashscope:eqversion:1.14.1

Trust: 1.6

vendor:gnumodel:bashscope:eqversion:1.14.0

Trust: 1.6

vendor:gnumodel:bashscope:eqversion:1.14.6

Trust: 1.6

vendor:gnumodel:bashscope:eqversion:1.14.3

Trust: 1.6

vendor:gnumodel:bashscope:eqversion:1.14.2

Trust: 1.6

vendor:gnumodel:bashscope:eqversion:1.14.5

Trust: 1.6

vendor:gnumodel:bashscope:eqversion:4.2

Trust: 1.3

vendor:gnumodel:bashscope:eqversion:3.0.16

Trust: 1.0

vendor:gnumodel:bashscope:eqversion:2.03

Trust: 1.0

vendor:gnumodel:bashscope:eqversion:3.2.48

Trust: 1.0

vendor:gnumodel:bashscope:eqversion:2.01.1

Trust: 1.0

vendor:gnumodel:bashscope:eqversion:2.02.1

Trust: 1.0

vendor:gnumodel:bashscope:eqversion:2.02

Trust: 1.0

vendor:gnumodel:bashscope:eqversion:3.0

Trust: 1.0

vendor:gnumodel:bashscope:eqversion:3.2

Trust: 1.0

vendor:gnumodel:bashscope:eqversion:4.0

Trust: 1.0

vendor:gnumodel:bashscope:eqversion:3.1

Trust: 1.0

vendor:gnumodel:bashscope:eqversion:4.1

Trust: 1.0

vendor:gnumodel:bashscope:eqversion:2.04

Trust: 1.0

vendor:gnumodel:bashscope:eqversion:4.3

Trust: 1.0

vendor:gnumodel:bashscope:eqversion:2.05

Trust: 1.0

vendor:gnumodel:bashscope:lteversion:4.3 bash43-026

Trust: 0.8

vendor:xeroxmodel:workcentrescope:eqversion:7245

Trust: 0.3

vendor:xeroxmodel:workcentrescope:eqversion:7242

Trust: 0.3

vendor:xeroxmodel:workcentrescope:eqversion:7238

Trust: 0.3

vendor:xeroxmodel:workcentrescope:eqversion:7235

Trust: 0.3

vendor:xeroxmodel:workcentrescope:eqversion:7232

Trust: 0.3

vendor:xeroxmodel:workcentrescope:eqversion:7228

Trust: 0.3

vendor:xeroxmodel:phaserscope:eqversion:78000

Trust: 0.3

vendor:xeroxmodel:phaserscope:eqversion:67000

Trust: 0.3

vendor:xeroxmodel:colorqubescope:eqversion:9393

Trust: 0.3

vendor:xeroxmodel:colorqubescope:eqversion:9303

Trust: 0.3

vendor:xeroxmodel:colorqubescope:eqversion:9302

Trust: 0.3

vendor:xeroxmodel:colorqubescope:eqversion:9301

Trust: 0.3

vendor:ubuntumodel:linux lts i386scope:eqversion:12.04

Trust: 0.3

vendor:ubuntumodel:linux lts amd64scope:eqversion:12.04

Trust: 0.3

vendor:ubuntumodel:linux sparcscope:eqversion:10.04

Trust: 0.3

vendor:ubuntumodel:linux powerpcscope:eqversion:10.04

Trust: 0.3

vendor:ubuntumodel:linux i386scope:eqversion:10.04

Trust: 0.3

vendor:ubuntumodel:linux armscope:eqversion:10.04

Trust: 0.3

vendor:ubuntumodel:linux amd64scope:eqversion:10.04

Trust: 0.3

vendor:sunmodel:solarisscope:eqversion:11

Trust: 0.3

vendor:oraclemodel:vm virtualboxscope:eqversion:3.2

Trust: 0.3

vendor:oraclemodel:vm virtualboxscope:eqversion:3.1

Trust: 0.3

vendor:oraclemodel:linuxscope:eqversion:5

Trust: 0.3

vendor:oraclemodel:enterprise linuxscope:eqversion:6.2

Trust: 0.3

vendor:oraclemodel:enterprise linuxscope:eqversion:6

Trust: 0.3

vendor:oraclemodel:enterprise linuxscope:eqversion:5

Trust: 0.3

vendor:mcafeemodel:email gateway patchscope:eqversion:7.01

Trust: 0.3

vendor:mcafeemodel:email gatewayscope:eqversion:7.0

Trust: 0.3

vendor:mcafeemodel:email gateway hotfixscope:eqversion:6.7.22

Trust: 0.3

vendor:mcafeemodel:email gateway hotfixscope:eqversion:6.7.21

Trust: 0.3

vendor:ibmmodel:ds8000scope:eqversion:0

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:7.1

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:6.1

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:5.3

Trust: 0.3

vendor:hpmodel:insight controlscope:eqversion:0

Trust: 0.3

vendor:gentoomodel:linuxscope: - version: -

Trust: 0.3

vendor:ciscomodel:wide area application servicesscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:unified ip phonescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:unified contact center expressscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:network analysis modulescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:mdsscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:gss 4492r global site selectorscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:emergency responderscope:eqversion:1.1

Trust: 0.3

vendor:ciscomodel:digital media managerscope:eqversion:5.0

Trust: 0.3

vendor:ciscomodel:digital media managerscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:show and sharescope:eqversion:5(2)

Trust: 0.3

vendor:avayamodel:ip deskphonescope:eqversion:96x16.2

Trust: 0.3

vendor:avayamodel:ip deskphonescope:eqversion:96x16

Trust: 0.3

sources: BID: 70166 // JVNDB: JVNDB-2014-004476 // CNNVD: CNNVD-201409-1110 // NVD: CVE-2014-6278

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-6278
value: HIGH

Trust: 1.0

NVD: CVE-2014-6278
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201409-1110
value: CRITICAL

Trust: 0.6

VULMON: CVE-2014-6278
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2014-6278
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

sources: VULMON: CVE-2014-6278 // JVNDB: JVNDB-2014-004476 // CNNVD: CNNVD-201409-1110 // NVD: CVE-2014-6278

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.8

sources: JVNDB: JVNDB-2014-004476 // NVD: CVE-2014-6278

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 128563 // CNNVD: CNNVD-201409-1110

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201409-1110

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-004476

EXPLOIT AVAILABILITY

sources: VULMON: CVE-2014-6278

PATCH

title:bash-3.2-33.AXS3.4url:https://tsn.miraclelinux.com/tsn_local/index.php?m=errata&a=detail&eid=3918

Trust: 0.8

title:bash-4.1.2-15.AXS4.2url:https://tsn.miraclelinux.com/tsn_local/index.php?m=errata&a=detail&eid=3919

Trust: 0.8

title:cisco-sa-20140926-bashurl:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash

Trust: 0.8

title:CTX200223url:https://support.citrix.com/article/CTX200223

Trust: 0.8

title:CTX200217url:https://support.citrix.com/article/CTX200217

Trust: 0.8

title:GNU Bashurl:http://www.gnu.org/software/bash/

Trust: 0.8

title:HPSBST03157 SSRT101718url:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04488200

Trust: 0.8

title:HPSBST03122 SSRT101717url:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04471532

Trust: 0.8

title:HPSBMU03217 SSRT101827url:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04512907

Trust: 0.8

title:HPSBST03129 SSRT101760url:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04478866

Trust: 0.8

title:HPSBMU03182 SSRT101787url:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04497042

Trust: 0.8

title:HPSBHF03125 SSRT101724url:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04471538

Trust: 0.8

title:HPSBGN03233url:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04540692

Trust: 0.8

title:HPSBGN03141 SSRT101763url:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04479398

Trust: 0.8

title:HPSBST03154 SSRT101747url:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04487558

Trust: 0.8

title:HPSBGN03138 SSRT101755url:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04475942

Trust: 0.8

title:HPSBMU03236 SSRT101830url:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04552143

Trust: 0.8

title:HPSBGN03142 SSRT101764url:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04479402

Trust: 0.8

title:HPSBST03181 SSRT101811url:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04496383

Trust: 0.8

title:HPSBMU03245 SSRT101742url:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04556845

Trust: 0.8

title:HPSBMU03144 SSRT101762url:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04479492

Trust: 0.8

title:HPSBMU03165 SSRT101783url:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04497075

Trust: 0.8

title:HPSBHF03145 SSRT101765url:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04479505

Trust: 0.8

title:HPSBMU03143 SSRT101761url:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04479536

Trust: 0.8

title:HPSBST03155 SSRT101747url:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04487573

Trust: 0.8

title:HPSBHF03146 SSRT101765url:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04479601

Trust: 0.8

title:MIGR-5096315url:http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096315

Trust: 0.8

title:T1021279url:http://www-01.ibm.com/support/docview.wss?uid=isg3T1021279

Trust: 0.8

title:S1004897url:http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004897

Trust: 0.8

title:S1004898url:http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004898

Trust: 0.8

title:1686479url:http://www-01.ibm.com/support/docview.wss?uid=swg21686479

Trust: 0.8

title:1685433url:http://www-01.ibm.com/support/docview.wss?uid=swg21685433

Trust: 0.8

title:1685541url:http://www-01.ibm.com/support/docview.wss?uid=swg21685541

Trust: 0.8

title:1685604url:http://www-01.ibm.com/support/docview.wss?uid=swg21685604

Trust: 0.8

title:1685522url:http://www-01.ibm.com/support/docview.wss?uid=swg21685522

Trust: 0.8

title:S1004915url:http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004915

Trust: 0.8

title:1685914url:http://www-01.ibm.com/support/docview.wss?uid=swg21685914

Trust: 0.8

title:1686493url:http://www-01.ibm.com/support/docview.wss?uid=swg21686493

Trust: 0.8

title:T1021272url:http://www-01.ibm.com/support/docview.wss?uid=isg3T1021272

Trust: 0.8

title:1685733url:http://www-01.ibm.com/support/docview.wss?uid=swg21685733

Trust: 0.8

title:S1004879url:http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004879

Trust: 0.8

title:1686131url:http://www-01.ibm.com/support/docview.wss?uid=swg21686131

Trust: 0.8

title:1685749url:http://www-01.ibm.com/support/docview.wss?uid=swg21685749

Trust: 0.8

title:1685798url:http://www-01.ibm.com/support/docview.wss?uid=swg21685798

Trust: 0.8

title:1686299url:http://www-01.ibm.com/support/docview.wss?uid=swg21686299

Trust: 0.8

title:1686635url:http://www-01.ibm.com/support/docview.wss?uid=swg21686635

Trust: 0.8

title:アライドテレシス株式会社からの情報url:http://jvn.jp/vu/JVNVU97219505/522154/index.html

Trust: 0.8

title:OES11 SP2, OES11SP1, OES2 SP3 vulnerability with GNU Bash Remote Code Execution (aka ShellShock) and Mozilla NSS vulnerabilitiesurl:https://www.novell.com/support/kb/doc.php?id=7015701

Trust: 0.8

title:ZENworks Configuration Management vulnerability with GNU Bash Remote Code Execution (aka ShellShock)url:https://www.novell.com/support/kb/doc.php?id=7015721

Trust: 0.8

title:AV14-003url:http://jpn.nec.com/security-info/av14-003.html

Trust: 0.8

title:ShellShock 101 - What you need to know and do, to ensure your systems are secureurl:https://www.suse.com/support/shellshock/

Trust: 0.8

title:ELSA-2014-3094url:http://linux.oracle.com/errata/ELSA-2014-3094

Trust: 0.8

title:ELSA-2014-3093url:http://linux.oracle.com/errata/ELSA-2014-3093

Trust: 0.8

title:Bash "Shellshock" Vulnerabilities - CVE-2014-7169url:http://www.oracle.com/technetwork/topics/security/bashcve-2014-7169-2317675.html

Trust: 0.8

title:NAS-201410-05url:http://www.qnap.com/i/en/support/con_show.php?cid=61

Trust: 0.8

title:Bug 1147414url:https://bugzilla.redhat.com/show_bug.cgi?id=1147414

Trust: 0.8

title:Resolution for Bash Code Injection Vulnerability via Specially Crafted Environment Variables (CVE-2014-6271, CVE-2014-7169) in Red Hat Enterprise Linuxurl:https://access.redhat.com/solutions/1207723

Trust: 0.8

title:Bash specially-crafted environment variables code injection attackurl:https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/

Trust: 0.8

title:GNU Bash 「OS コマンドインジェクション」の脆弱性についてurl:http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/VU252743.html

Trust: 0.8

title:SA82url:https://bto.bluecoat.com/security-advisory/sa82

Trust: 0.8

title:SOL15629url:https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15629.html

Trust: 0.8

title:Multiple vulnerabilities in Bashurl:https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_bash

Trust: 0.8

title:CVE-2014-6278url:https://security-tracker.debian.org/tracker/CVE-2014-6278

Trust: 0.8

title:JSA10648url:https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10648

Trust: 0.8

title:VMSA-2014-0010url:http://www.vmware.com/security/advisories/VMSA-2014-0010.html

Trust: 0.8

title:GNU bash の脆弱性に関する弊社調査・対応状況についてurl:http://www.iodata.jp/support/information/2014/bash/

Trust: 0.8

title:bashの脆弱性(CVE-2014-6271,CVE-2014-7169 他)によるHA8500への影響についてurl:http://www.hitachi.co.jp/products/it/server/security/info/vulnerable/bash_ha8500.html

Trust: 0.8

title:サーバ・クライアント製品 bashの脆弱性(CVE-2014-6271,CVE-2014-7169他)による影響についてurl:http://www.hitachi.co.jp/products/it/server/security/info/vulnerable/bash_cve20146271.html

Trust: 0.8

title:cisco-sa-20140926-bashurl:http://www.cisco.com/cisco/web/support/JP/112/1126/1126247_cisco-sa-20140926-bash-j.html

Trust: 0.8

title:TLSA-2014-10url:http://www.turbolinux.co.jp/security/2014/TLSA-2014-10j.html

Trust: 0.8

title:GNU BashにおけるOSコマンドインジェクションの脆弱性url:http://buffalo.jp/support_s/s20141002.html

Trust: 0.8

title:GNU Bash に OS コマンドインジェクションの脆弱性url:http://software.fujitsu.com/jp/security/vulnerabilities/jvn-97219505.html

Trust: 0.8

title:GNU Bash Fixes for operating system command injection vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=168880

Trust: 0.6

title:Ubuntu Security Notice: bash vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-2380-1

Trust: 0.1

title:VMware Security Advisories: VMware product updates address critical Bash security vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=vmware_security_advisories&qid=86cb6b3955e100fdc9667a7ca916c772

Trust: 0.1

title:Symantec Security Advisories: SA82 : GNU Bash Shellshock Command Injection Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories&qid=2b57ceaadfde2a8b03482273e1fd21ea

Trust: 0.1

title:Citrix Security Bulletins: Citrix XenServer Shellshock Security Updateurl:https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins&qid=64ae0aae8269062686789e3a3fa1d2bf

Trust: 0.1

title:Tenable Security Advisories: [R7] Tenable Appliance Affected by GNU bash 'Shellshock' Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories&qid=TNS-2014-07

Trust: 0.1

title:Citrix Security Bulletins: Citrix Security Advisory for GNU Bash Shellshock Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins&qid=73443a6db89dc66fc6bcb49f85bfd1ab

Trust: 0.1

title:CiscoUCS-Shellshockurl:https://github.com/thatchriseckert/CiscoUCS-Shellshock

Trust: 0.1

title:0day-WriteUp-TryHackme-CTF-Mediumurl:https://github.com/elc4br4/0day-WriteUp-TryHackme-CTF-Medium

Trust: 0.1

title:ShellScanurl:https://github.com/0xICF/ShellScan

Trust: 0.1

title:cvesploiturl:https://github.com/swapravo/cvesploit

Trust: 0.1

title:fabric-shellshockurl:https://github.com/ericlake/fabric-shellshock

Trust: 0.1

title:w-testurl:https://github.com/inspirion87/w-test

Trust: 0.1

title:Xpl-SHELLSHOCK-Ch3ckurl:https://github.com/googleinurl/Xpl-SHELLSHOCK-Ch3ck

Trust: 0.1

title:bashcheckurl:https://github.com/hannob/bashcheck

Trust: 0.1

title:shellshockFixOSXurl:https://github.com/opragel/shellshockFixOSX

Trust: 0.1

title:shocktrooperurl:https://github.com/EvanK/shocktrooper

Trust: 0.1

title:ShellShockHunterurl:https://github.com/MrCl0wnLab/ShellShockHunter

Trust: 0.1

title:shellshocker-pocsurl:https://github.com/mubix/shellshocker-pocs

Trust: 0.1

title:ActiveScanPlusPlusurl:https://github.com/albinowax/ActiveScanPlusPlus

Trust: 0.1

title:afl-cveurl:https://github.com/mrash/afl-cve

Trust: 0.1

title:Threatposturl:https://threatpost.com/researcher-takes-wraps-off-two-undisclosed-shellshock-vulnerabilities-in-bash/108674/

Trust: 0.1

sources: VULMON: CVE-2014-6278 // JVNDB: JVNDB-2014-004476 // CNNVD: CNNVD-201409-1110

EXTERNAL IDS

db:NVDid:CVE-2014-6278

Trust: 4.2

db:JVNid:JVN55667175

Trust: 2.5

db:JVNDBid:JVNDB-2014-000126

Trust: 2.5

db:MCAFEEid:SB10085

Trust: 2.0

db:JUNIPERid:JSA10648

Trust: 2.0

db:PACKETSTORMid:128567

Trust: 1.8

db:SECUNIAid:61641

Trust: 1.7

db:SECUNIAid:61603

Trust: 1.7

db:SECUNIAid:61287

Trust: 1.7

db:SECUNIAid:60055

Trust: 1.7

db:SECUNIAid:61654

Trust: 1.7

db:SECUNIAid:61313

Trust: 1.7

db:SECUNIAid:60044

Trust: 1.7

db:SECUNIAid:58200

Trust: 1.7

db:SECUNIAid:61550

Trust: 1.7

db:SECUNIAid:61780

Trust: 1.7

db:SECUNIAid:61552

Trust: 1.7

db:SECUNIAid:61565

Trust: 1.7

db:SECUNIAid:61312

Trust: 1.7

db:SECUNIAid:60193

Trust: 1.7

db:SECUNIAid:61129

Trust: 1.7

db:SECUNIAid:61703

Trust: 1.7

db:SECUNIAid:60433

Trust: 1.7

db:SECUNIAid:61128

Trust: 1.7

db:SECUNIAid:60063

Trust: 1.7

db:SECUNIAid:61816

Trust: 1.7

db:SECUNIAid:61633

Trust: 1.7

db:SECUNIAid:60034

Trust: 1.7

db:SECUNIAid:61643

Trust: 1.7

db:SECUNIAid:61485

Trust: 1.7

db:SECUNIAid:61503

Trust: 1.7

db:SECUNIAid:62343

Trust: 1.7

db:SECUNIAid:60325

Trust: 1.7

db:SECUNIAid:61291

Trust: 1.7

db:SECUNIAid:61328

Trust: 1.7

db:SECUNIAid:61283

Trust: 1.7

db:SECUNIAid:60024

Trust: 1.7

db:SECUNIAid:61442

Trust: 1.7

db:SECUNIAid:59961

Trust: 1.7

db:SECUNIAid:61471

Trust: 1.7

db:SECUNIAid:61857

Trust: 1.7

db:SECUNIAid:61065

Trust: 1.7

db:SECUNIAid:59907

Trust: 1.7

db:SECUNIAid:62312

Trust: 1.7

db:PACKETSTORMid:137344

Trust: 1.7

db:EXPLOIT-DBid:39568

Trust: 1.6

db:EXPLOIT-DBid:39887

Trust: 1.6

db:CERT/CCid:VU#252743

Trust: 1.1

db:JVNid:JVNVU97219505

Trust: 0.8

db:USCERTid:TA14-268A

Trust: 0.8

db:JVNDBid:JVNDB-2014-004476

Trust: 0.8

db:CNNVDid:CNNVD-201409-1110

Trust: 0.6

db:BIDid:70166

Trust: 0.4

db:JUNIPERid:JSA10661

Trust: 0.3

db:ICS CERTid:ICSA-14-269-01

Trust: 0.3

db:EXPLOITDBid:39568

Trust: 0.1

db:EXPLOITDBid:39887

Trust: 0.1

db:VULMONid:CVE-2014-6278

Trust: 0.1

db:PACKETSTORMid:128716

Trust: 0.1

db:PACKETSTORMid:130336

Trust: 0.1

db:PACKETSTORMid:129932

Trust: 0.1

db:PACKETSTORMid:128753

Trust: 0.1

db:PACKETSTORMid:129069

Trust: 0.1

db:PACKETSTORMid:129068

Trust: 0.1

db:PACKETSTORMid:128864

Trust: 0.1

db:OPENWALLid:OSS-SECURITY/2014/09/25/13

Trust: 0.1

db:PACKETSTORMid:128520

Trust: 0.1

db:PACKETSTORMid:129438

Trust: 0.1

db:PACKETSTORMid:128563

Trust: 0.1

db:PACKETSTORMid:128762

Trust: 0.1

db:PACKETSTORMid:129617

Trust: 0.1

db:PACKETSTORMid:128765

Trust: 0.1

sources: VULMON: CVE-2014-6278 // BID: 70166 // JVNDB: JVNDB-2014-004476 // PACKETSTORM: 128716 // PACKETSTORM: 130336 // PACKETSTORM: 129932 // PACKETSTORM: 128753 // PACKETSTORM: 128567 // PACKETSTORM: 129069 // PACKETSTORM: 129068 // PACKETSTORM: 128864 // PACKETSTORM: 128520 // PACKETSTORM: 129438 // PACKETSTORM: 128563 // PACKETSTORM: 128762 // PACKETSTORM: 129617 // PACKETSTORM: 128765 // CNNVD: CNNVD-201409-1110 // NVD: CVE-2014-6278

REFERENCES

url:http://jvndb.jvn.jp/jvndb/jvndb-2014-000126

Trust: 2.5

url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20140926-bash

Trust: 2.0

url:http://www-01.ibm.com/support/docview.wss?uid=swg21685749

Trust: 2.0

url:http://www.vmware.com/security/advisories/vmsa-2014-0010.html

Trust: 2.0

url:https://kb.juniper.net/infocenter/index?page=content&id=jsa10648

Trust: 2.0

url:http://www.oracle.com/technetwork/topics/security/bashcve-2014-7169-2317675.html

Trust: 2.0

url:http://www-01.ibm.com/support/docview.wss?uid=swg21685914

Trust: 2.0

url:http://www-01.ibm.com/support/docview.wss?uid=isg3t1021272

Trust: 2.0

url:http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004898

Trust: 2.0

url:http://www-01.ibm.com/support/docview.wss?uid=isg3t1021279

Trust: 2.0

url:http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004897

Trust: 2.0

url:http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5096315

Trust: 2.0

url:http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004915

Trust: 2.0

url:http://www-01.ibm.com/support/docview.wss?uid=swg21685604

Trust: 2.0

url:http://www-01.ibm.com/support/docview.wss?uid=swg21686131

Trust: 2.0

url:http://www-01.ibm.com/support/docview.wss?uid=swg21686246

Trust: 2.0

url:http://www-01.ibm.com/support/docview.wss?uid=swg21687079

Trust: 2.0

url:https://kc.mcafee.com/corporate/index?page=content&id=sb10085

Trust: 2.0

url:http://lcamtuf.blogspot.com/2014/09/bash-bug-apply-unofficial-patch-now.html

Trust: 1.8

url:https://www.exploit-db.com/exploits/39568/

Trust: 1.8

url:https://security-tracker.debian.org/tracker/cve-2014-6278

Trust: 1.7

url:https://bugzilla.redhat.com/show_bug.cgi?id=1147414

Trust: 1.7

url:https://www.suse.com/support/shellshock/

Trust: 1.7

url:http://support.novell.com/security/cve/cve-2014-6278.html

Trust: 1.7

url:http://secunia.com/advisories/61641

Trust: 1.7

url:http://lcamtuf.blogspot.com/2014/10/bash-bug-how-we-finally-cracked.html

Trust: 1.7

url:https://kb.bluecoat.com/index?page=content&id=sa82

Trust: 1.7

url:http://secunia.com/advisories/61485

Trust: 1.7

url:http://secunia.com/advisories/59907

Trust: 1.7

url:http://www.ubuntu.com/usn/usn-2380-1

Trust: 1.7

url:http://secunia.com/advisories/61654

Trust: 1.7

url:http://packetstormsecurity.com/files/128567/ca-technologies-gnu-bash-shellshock.html

Trust: 1.7

url:http://secunia.com/advisories/61565

Trust: 1.7

url:http://www.novell.com/support/kb/doc.php?id=7015721

Trust: 1.7

url:http://secunia.com/advisories/61643

Trust: 1.7

url:http://secunia.com/advisories/61503

Trust: 1.7

url:http://secunia.com/advisories/61633

Trust: 1.7

url:http://secunia.com/advisories/61552

Trust: 1.7

url:http://secunia.com/advisories/61703

Trust: 1.7

url:http://secunia.com/advisories/61283

Trust: 1.7

url:http://secunia.com/advisories/61603

Trust: 1.7

url:http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00004.html

Trust: 1.7

url:http://marc.info/?l=bugtraq&m=141330468527613&w=2

Trust: 1.7

url:http://marc.info/?l=bugtraq&m=141345648114150&w=2

Trust: 1.7

url:https://support.citrix.com/article/ctx200217

Trust: 1.7

url:http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004879

Trust: 1.7

url:http://secunia.com/advisories/60034

Trust: 1.7

url:http://secunia.com/advisories/61816

Trust: 1.7

url:http://secunia.com/advisories/61128

Trust: 1.7

url:http://secunia.com/advisories/61313

Trust: 1.7

url:http://www-01.ibm.com/support/docview.wss?uid=swg21685733

Trust: 1.7

url:http://secunia.com/advisories/61442

Trust: 1.7

url:http://secunia.com/advisories/61287

Trust: 1.7

url:https://support.citrix.com/article/ctx200223

Trust: 1.7

url:http://secunia.com/advisories/60055

Trust: 1.7

url:http://secunia.com/advisories/61129

Trust: 1.7

url:http://secunia.com/advisories/61780

Trust: 1.7

url:http://www-01.ibm.com/support/docview.wss?uid=swg21686479

Trust: 1.7

url:http://www-01.ibm.com/support/docview.wss?uid=swg21685541

Trust: 1.7

url:https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15629.html

Trust: 1.7

url:http://secunia.com/advisories/61471

Trust: 1.7

url:http://secunia.com/advisories/58200

Trust: 1.7

url:http://secunia.com/advisories/61328

Trust: 1.7

url:http://secunia.com/advisories/61857

Trust: 1.7

url:http://secunia.com/advisories/60193

Trust: 1.7

url:http://secunia.com/advisories/61065

Trust: 1.7

url:http://secunia.com/advisories/61550

Trust: 1.7

url:http://secunia.com/advisories/60325

Trust: 1.7

url:http://secunia.com/advisories/61312

Trust: 1.7

url:http://www-01.ibm.com/support/docview.wss?uid=swg21686494

Trust: 1.7

url:http://secunia.com/advisories/60063

Trust: 1.7

url:http://secunia.com/advisories/61291

Trust: 1.7

url:http://secunia.com/advisories/60044

Trust: 1.7

url:http://www-01.ibm.com/support/docview.wss?uid=swg21686445

Trust: 1.7

url:https://supportcenter.checkpoint.com/supportcenter/portal?eventsubmit_dogoviewsolutiondetails=&solutionid=sk102673&src=securityalerts

Trust: 1.7

url:http://www-01.ibm.com/support/docview.wss?uid=isg3t1021361

Trust: 1.7

url:http://secunia.com/advisories/60433

Trust: 1.7

url:http://secunia.com/advisories/60024

Trust: 1.7

url:http://marc.info/?l=bugtraq&m=141383353622268&w=2

Trust: 1.7

url:http://marc.info/?l=bugtraq&m=141383304022067&w=2

Trust: 1.7

url:http://marc.info/?l=bugtraq&m=141383244821813&w=2

Trust: 1.7

url:http://lists.opensuse.org/opensuse-updates/2014-10/msg00025.html

Trust: 1.7

url:http://marc.info/?l=bugtraq&m=141450491804793&w=2

Trust: 1.7

url:http://jvn.jp/en/jp/jvn55667175/index.html

Trust: 1.7

url:http://marc.info/?l=bugtraq&m=141383081521087&w=2

Trust: 1.7

url:http://www.qnap.com/i/en/support/con_show.php?cid=61

Trust: 1.7

url:http://marc.info/?l=bugtraq&m=141383026420882&w=2

Trust: 1.7

url:http://marc.info/?l=bugtraq&m=141383196021590&w=2

Trust: 1.7

url:http://marc.info/?l=bugtraq&m=141383465822787&w=2

Trust: 1.7

url:http://marc.info/?l=bugtraq&m=141577137423233&w=2

Trust: 1.7

url:http://marc.info/?l=bugtraq&m=141577241923505&w=2

Trust: 1.7

url:http://marc.info/?l=bugtraq&m=141576728022234&w=2

Trust: 1.7

url:http://marc.info/?l=bugtraq&m=141577297623641&w=2

Trust: 1.7

url:http://marc.info/?l=bugtraq&m=141585637922673&w=2

Trust: 1.7

url:http://secunia.com/advisories/62312

Trust: 1.7

url:http://secunia.com/advisories/59961

Trust: 1.7

url:http://secunia.com/advisories/62343

Trust: 1.7

url:http://linux.oracle.com/errata/elsa-2014-3093

Trust: 1.7

url:http://linux.oracle.com/errata/elsa-2014-3094

Trust: 1.7

url:http://marc.info/?l=bugtraq&m=142358026505815&w=2

Trust: 1.7

url:http://marc.info/?l=bugtraq&m=142358078406056&w=2

Trust: 1.7

url:http://marc.info/?l=bugtraq&m=141879528318582&w=2

Trust: 1.7

url:http://marc.info/?l=bugtraq&m=142118135300698&w=2

Trust: 1.7

url:http://marc.info/?l=bugtraq&m=142721162228379&w=2

Trust: 1.7

url:http://www.mandriva.com/security/advisories?name=mdvsa-2015:164

Trust: 1.7

url:http://packetstormsecurity.com/files/137344/sun-secure-global-desktop-oracle-global-desktop-shellshock.html

Trust: 1.7

url:https://www.exploit-db.com/exploits/39887/

Trust: 1.7

url:https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-c04518183

Trust: 1.7

url:https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-c04497075

Trust: 1.7

url:https://www.arista.com/en/support/advisories-notices/security-advisories/1008-security-advisory-0006

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2014-6277

Trust: 1.4

url:https://nvd.nist.gov/vuln/detail/cve-2014-6278

Trust: 1.4

url:https://nvd.nist.gov/vuln/detail/cve-2014-6271

Trust: 1.3

url:https://nvd.nist.gov/vuln/detail/cve-2014-7186

Trust: 1.2

url:https://nvd.nist.gov/vuln/detail/cve-2014-7169

Trust: 1.2

url:https://nvd.nist.gov/vuln/detail/cve-2014-7187

Trust: 1.2

url:https://h20564.www2.hp.com/portal/site/hpsc/public/kb/

Trust: 1.1

url:https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/

Trust: 1.0

url:http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins

Trust: 1.0

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-6278

Trust: 0.8

url:http://www.ipa.go.jp/security/ciadr/vul/20140926-bash.html

Trust: 0.8

url:https://www.jpcert.or.jp/at/2014/at140037.html

Trust: 0.8

url:http://jvn.jp/jp/jvn55667175/index.html

Trust: 0.8

url:http://jvn.jp/vu/jvnvu97219505/index.html

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-6278

Trust: 0.8

url:https://www.us-cert.gov/ncas/alerts/ta14-268a

Trust: 0.8

url:http://www.kb.cert.org/vuls/id/252743

Trust: 0.8

url:http://lcamtuf.blogspot.jp/2014/09/bash-bug-apply-unofficial-patch-now.html

Trust: 0.8

url:http://www.aratana.jp/security/detail.php?id=10

Trust: 0.8

url:http://lcamtuf.blogspot.de/2014/09/bash-bug-apply-unofficial-patch-now.html

Trust: 0.3

url:http://www.gnu.org/software/bash/

Trust: 0.3

url:https://lists.gnu.org/archive/html/bug-bash/2014-10/msg00040.html

Trust: 0.3

url:https://supportcenter.checkpoint.com/supportcenter/portal?eventsubmit_dogoviewsolutiondetails=&solutionid=sk102673

Trust: 0.3

url:https://kc.mcafee.com/corporate/index?page=content&id=kb83017

Trust: 0.3

url:https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_bash

Trust: 0.3

url:http://lcamtuf.blogspot.in/2014/09/quick-notes-about-bash-bug-its-impact.html

Trust: 0.3

url:http://www.fortiguard.com/advisory/fg-ir-14-030/

Trust: 0.3

url:https://www-304.ibm.com/connections/blogs/psirt/entry/security_bulletin_vulnerabilities_in_bash_affect_certain_qlogic_products_that_ibm_resells_for_bladecenter_and_flex_system_products_cve_2014_6271_c

Trust: 0.3

url:http://www.huawei.com/en/security/psirt/security-bulletins/security-notices/archive/hw-372538.htm

Trust: 0.3

url:http://support.f5.com/kb/en-us/solutions/public/15000/600/sol15629.html?ref=rss

Trust: 0.3

url:http://www.ibm.com/support/docview.wss?uid=ssg1s1004932

Trust: 0.3

url:http://www.ibm.com/support/docview.wss?uid=swg21686433

Trust: 0.3

url:http://www.ibm.com/support/docview.wss?uid=isg3t1021361

Trust: 0.3

url:http://www.ibm.com/support/docview.wss?uid=swg21686494

Trust: 0.3

url:http://www.ibm.com/support/docview.wss?uid=swg21686445

Trust: 0.3

url:http://www.ibm.com/support/docview.wss?uid=ssg1s1004903

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004928

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004911

Trust: 0.3

url:http://www.ibm.com/support/docview.wss?uid=swg21686479

Trust: 0.3

url:https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04497075

Trust: 0.3

url:http://seclists.org/fulldisclosure/2014/oct/25

Trust: 0.3

url:http://kb.juniper.net/infocenter/index?page=content&id=jsa10661&cat=sirt_1&actp=list

Trust: 0.3

url:https://downloads.avaya.com/css/p8/documents/100183172

Trust: 0.3

url:https://ics-cert.us-cert.gov/advisories/supplement-icsa-14-269-01

Trust: 0.3

url:http://www.kb.cert.org/vuls/id/bluu-9paps5

Trust: 0.3

url:https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04479398

Trust: 0.3

url:https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04479402

Trust: 0.3

url:https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04479601

Trust: 0.3

url:https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04479505

Trust: 0.3

url:https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04479492

Trust: 0.3

url:https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04475942

Trust: 0.3

url:https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04471532

Trust: 0.3

url:https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04488200

Trust: 0.3

url:https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04478866

Trust: 0.3

url:https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04479536

Trust: 0.3

url:https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04540692

Trust: 0.3

url:http://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04561445

Trust: 0.3

url:https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04471546

Trust: 0.3

url:https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04471538

Trust: 0.3

url:https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04497042

Trust: 0.3

url:https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04512907

Trust: 0.3

url:http://seclists.org/bugtraq/2015/feb/76

Trust: 0.3

url:https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04558068

Trust: 0.3

url:http://seclists.org/bugtraq/2015/feb/77

Trust: 0.3

url:https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04487558

Trust: 0.3

url:https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04487573

Trust: 0.3

url:https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04496383

Trust: 0.3

url:http://www.kb.cert.org/vuls/id/bluu-9paptm

Trust: 0.3

url:http://www.kb.cert.org/vuls/id/bluu-9paptz

Trust: 0.3

url:https://www.xerox.com/download/security/security-bulletin/1a2e5-5116a33c2fb27/cert_security_mini-_bulletin_xrx15k_for_77xx_r15-03_v1.0.pdf

Trust: 0.3

url:https://www.xerox.com/download/security/security-bulletin/2b8d8-513128526dd97/cert_security_mini-_bulletin_xrx15m_for_wc75xx_v1_1.pdf

Trust: 0.3

url:https://www.xerox.com/download/security/security-bulletin/2eeef-51056e459c6d8/cert_security_mini-_bulletin_xrx15h_for_p7800_v1_0.pdf

Trust: 0.3

url:https://www.xerox.com/download/security/security-bulletin/2a20e-5105457a515cc/cert_security_mini-_bulletin_xrx15e_for_wc57xx_v1_0.pdf

Trust: 0.3

url:https://www.xerox.com/download/security/security-bulletin/2a901-510567b876a35/cert_security_mini-_bulletin_xrx15g_for_p6700_v1_0.pdf

Trust: 0.3

url:https://www.xerox.com/download/security/security-bulletin/29a7e-50e49f9c009f9/cert_security_mini_bulletin_xrx14g_for_77xx_v1.1.pdf

Trust: 0.3

url:https://www.xerox.com/download/security/security-bulletin/1a7a1-50f12e334b734/cert_security_mini-_bulletin_xrx14h_for_wc59xx_v1.pdf

Trust: 0.3

url:https://www.xerox.com/download/security/security-bulletin/2df3c-51055b159fd50/cert_security_mini_bulletin_xrx15f_for_connectkey_1.5_v1-01.pdf

Trust: 0.3

url:http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-377648.htm

Trust: 0.3

url:https://www-304.ibm.com/support/docview.wss?uid=ssg1s1004982

Trust: 0.3

url:https://www-304.ibm.com/support/docview.wss?uid=ssg1s1004879

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21685873

Trust: 0.3

url:https://www-304.ibm.com/support/docview.wss?uid=swg21686132

Trust: 0.3

url:http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5096533

Trust: 0.3

url:https://www-304.ibm.com/support/docview.wss?uid=swg21686024

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21686037

Trust: 0.3

url:https://www-304.ibm.com/support/docview.wss?uid=swg21685733

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21686171

Trust: 0.3

url:https://www-304.ibm.com/support/docview.wss?uid=swg21686098

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21685875

Trust: 0.3

url:https://www-304.ibm.com/support/docview.wss?uid=nas8n1020272

Trust: 0.3

url:https://www-304.ibm.com/support/docview.wss?uid=swg21685541

Trust: 0.3

url:https://www-304.ibm.com/support/docview.wss?uid=ssg1s1004905

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21685673

Trust: 0.3

url:https://www-304.ibm.com/support/docview.wss?uid=swg21685837

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21687971

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21685691

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004933

Trust: 0.3

url:http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5096503

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004945

Trust: 0.3

url:https://downloads.avaya.com/css/p8/documents/100183088

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2104-6277

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2104-6278

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/78.html

Trust: 0.1

url:https://www.securityfocus.com/bid/70166

Trust: 0.1

url:http://tools.cisco.com/security/center/viewalert.x?alertid=35880

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://usn.ubuntu.com/2380-1/

Trust: 0.1

url:https://tmc.tippingpoint.com/

Trust: 0.1

url:https://rhn.redhat.com/errata/rhsa-2014-1311.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-7196

Trust: 0.1

url:http://www.software.hp.com

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-3567

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-3513

Trust: 0.1

url:https://h20392.www2.hp.com/portal/swdepot/displayproductinfo.do?productnumber

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-3566

Trust: 0.1

url:https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetsea

Trust: 0.1

url:https://www.ca.com

Trust: 0.1

url:https://support.ca.com/irj/portal/anonymous/phpsbpldgpg

Trust: 0.1

url:https://support.ca.com.

Trust: 0.1

url:http://www.hp.com/support/eslg3

Trust: 0.1

url:http://lcamtuf.blogspot.com/2014/09/quick-notes-about-bash-bug-its-impact.html

Trust: 0.1

url:http://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-026

Trust: 0.1

url:http://www.pcworld.com/article/2688932/improved-patch-tackles-new-shellshock-attack-vectors.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-6279

Trust: 0.1

url:https://code.google.com/p/american-fuzzy-lop

Trust: 0.1

url:http://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-027

Trust: 0.1

url:http://www.openwall.com/lists/oss-security/2014/09/25/13

Trust: 0.1

url:http://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-025

Trust: 0.1

url:http://creativecommons.org/licenses/by-sa/2.5

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-6277

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-7186

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-7187

Trust: 0.1

url:http://security.gentoo.org/

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-6278

Trust: 0.1

url:https://bugs.gentoo.org.

Trust: 0.1

url:http://security.gentoo.org/glsa/glsa-201410-01.xml

Trust: 0.1

url:http://support.openview.hp.com/selfsolve/document/km01194259

Trust: 0.1

url:http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na&langcode=useng

Trust: 0.1

url:http://www.itrc.hp.com/service/cki/secbullarchive.do

Trust: 0.1

url:https://my.vertica.com

Trust: 0.1

url:http://h30046.www3.hp.com/subsignin.php

Trust: 0.1

url:http://h20565.www2.hp.com/portal/site/hpsc/template.page/public/psi/swddetail

Trust: 0.1

sources: VULMON: CVE-2014-6278 // BID: 70166 // JVNDB: JVNDB-2014-004476 // PACKETSTORM: 128716 // PACKETSTORM: 130336 // PACKETSTORM: 129932 // PACKETSTORM: 128753 // PACKETSTORM: 128567 // PACKETSTORM: 129069 // PACKETSTORM: 129068 // PACKETSTORM: 128864 // PACKETSTORM: 128520 // PACKETSTORM: 129438 // PACKETSTORM: 128563 // PACKETSTORM: 128762 // PACKETSTORM: 129617 // PACKETSTORM: 128765 // CNNVD: CNNVD-201409-1110 // NVD: CVE-2014-6278

CREDITS

HP

Trust: 1.1

sources: PACKETSTORM: 128716 // PACKETSTORM: 130336 // PACKETSTORM: 129932 // PACKETSTORM: 128753 // PACKETSTORM: 129069 // PACKETSTORM: 129068 // PACKETSTORM: 128864 // PACKETSTORM: 129438 // PACKETSTORM: 128762 // PACKETSTORM: 129617 // PACKETSTORM: 128765

SOURCES

db:VULMONid:CVE-2014-6278
db:BIDid:70166
db:JVNDBid:JVNDB-2014-004476
db:PACKETSTORMid:128716
db:PACKETSTORMid:130336
db:PACKETSTORMid:129932
db:PACKETSTORMid:128753
db:PACKETSTORMid:128567
db:PACKETSTORMid:129069
db:PACKETSTORMid:129068
db:PACKETSTORMid:128864
db:PACKETSTORMid:128520
db:PACKETSTORMid:129438
db:PACKETSTORMid:128563
db:PACKETSTORMid:128762
db:PACKETSTORMid:129617
db:PACKETSTORMid:128765
db:CNNVDid:CNNVD-201409-1110
db:NVDid:CVE-2014-6278

LAST UPDATE DATE

2024-11-11T21:09:03.410000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2014-6278date:2021-11-17T00:00:00
db:BIDid:70166date:2016-07-05T21:53:00
db:JVNDBid:JVNDB-2014-004476date:2015-12-24T00:00:00
db:CNNVDid:CNNVD-201409-1110date:2021-11-08T00:00:00
db:NVDid:CVE-2014-6278date:2021-11-17T22:15:36.700

SOURCES RELEASE DATE

db:VULMONid:CVE-2014-6278date:2014-09-30T00:00:00
db:BIDid:70166date:2014-09-27T00:00:00
db:JVNDBid:JVNDB-2014-004476date:2014-10-01T00:00:00
db:PACKETSTORMid:128716date:2014-10-16T13:33:00
db:PACKETSTORMid:130336date:2015-02-10T17:43:27
db:PACKETSTORMid:129932date:2015-01-14T03:51:42
db:PACKETSTORMid:128753date:2014-10-20T13:55:00
db:PACKETSTORMid:128567date:2014-10-06T16:47:01
db:PACKETSTORMid:129069date:2014-11-12T18:13:47
db:PACKETSTORMid:129068date:2014-11-12T18:13:39
db:PACKETSTORMid:128864date:2014-10-27T23:44:00
db:PACKETSTORMid:128520date:2014-10-01T23:55:55
db:PACKETSTORMid:129438date:2014-12-09T23:15:30
db:PACKETSTORMid:128563date:2014-10-06T16:37:31
db:PACKETSTORMid:128762date:2014-10-20T17:44:00
db:PACKETSTORMid:129617date:2014-12-17T18:27:35
db:PACKETSTORMid:128765date:2014-10-20T18:22:00
db:CNNVDid:CNNVD-201409-1110date:2014-09-30T00:00:00
db:NVDid:CVE-2014-6278date:2014-09-30T10:55:04.723