ID

VAR-201409-1154


CVE

CVE-2014-6278


TITLE

GNU Bash shell executes commands in exported functions in environment variables

Trust: 0.8

sources: CERT/CC: VU#252743

DESCRIPTION

GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary commands via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271, CVE-2014-7169, and CVE-2014-6277. This vulnerability CVE-2014-6271 , CVE-2014-7169 ,and CVE-2014-6277 Vulnerability due to insufficient fix for.A third party may be able to execute arbitrary commands through a crafted environment. QNAP Systems, Inc. Provided by QTS teeth, Turbo NAS for OS is. QTS for, GNU Bash Vulnerability (JVNVU#97219505) caused by OS Command injection vulnerability (CWE-78) Exists. This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : University of Electro-Communications Wakisaka Yuki MrAny application permission OS The command may be executed. An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. This vulnerability allows users that have been granted access to a shell script to escalate privilege and execute unrestricted commands at the same security level as the Bash script. Customers who need to upgrade the firmware of their Superdome X or HP Converged System 900 for SAP HANA should contact HP Technical Support to obtain the firmware or plan to schedule an onsite visit with an HP Services field service professional. NOTE: HP strongly recommends implementing the following security best practices to help reduce both known and future security vulnerability risks: Isolate the HP Superdome X or HP Converged System 900 for SAP HANA's management network by keeping it separate from the data or production network, and not connecting it directly to the Internet without additional access authentication. Patch and maintain Lightweight Directory Access Protocol (LDAP) and web servers. Use virus scanners, intrusion detection/prevention systems (IDS/IPS), and vulnerability scanners regularly. Apply all recommended HP Firmware updates. ============================================================================ Ubuntu Security Notice USN-2380-1 October 09, 2014 bash vulnerabilities ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS - Ubuntu 10.04 LTS Summary: Several security issues were fixed in Bash. Software Description: - bash: GNU Bourne Again SHell Details: Michal Zalewski discovered that Bash incorrectly handled parsing certain function definitions. (CVE-2014-6277, CVE-2014-6278) Please note that the previous Bash security update, USN-2364-1, includes a hardening measure that prevents these issues from being used in a Shellshock attack. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 LTS: bash 4.3-7ubuntu1.5 Ubuntu 12.04 LTS: bash 4.2-2ubuntu2.6 Ubuntu 10.04 LTS: bash 4.1-2ubuntu3.5 In general, a standard system update will make all the necessary changes. References: http://www.ubuntu.com/usn/usn-2380-1 CVE-2014-6277, CVE-2014-6278 Package Information: https://launchpad.net/ubuntu/+source/bash/4.3-7ubuntu1.5 https://launchpad.net/ubuntu/+source/bash/4.2-2ubuntu2.6 https://launchpad.net/ubuntu/+source/bash/4.1-2ubuntu3.5 . HP Product Firmware Version HP StoreEver ESL G3 Tape Libraries with MCB version 2 680H_GS40701 HP StoreEver ESL G3 Tape Libraries with MCB version 1 656H_GS10801 The firmware is customer installable and is available in the Drivers, Software & Firmware section at the following location: http://www.hp.com/support/eslg3 Notes: - Updating the library firmware requires a reboot of the library. Mitigation Instructions HP recommends the following mitigation steps to reduce the risk of this vulnerability for HP StoreEver ESL G3 Tape Library. - Disable DHCP and only use static IP addressing. This bulletin will be revised when the updates are available. All MDS and Nexus 5K switches can function in this configuration. Access is available through the console port. Open the PXE Configuration Utility on the HP Insight Control server deployment window Select Linux Managed from the Boot Menu options Click the Edit button. Clicking the Edit button displays the Edit Shared Menu Option window Uncheck the x86 option in Operating System and Processor Options and click OK. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04478866 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04478866 Version: 1 HPSBST03129 rev.1 - HP StoreFabric B-series switches running Bash Shell, Remote Code Execution NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2014-10-16 Last Updated: 2014-10-16 Potential Security Impact: Remote code execution Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY A potential security vulnerability has been identified with HP StoreFabric B-series switches running Bash Shell. References: CVE-2014-6271 CVE-2014-6277 CVE-2014-6278 CVE-2014-7169 CVE-2014-7186 CVE-2014-7187 SSRT101747 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. All HP StoreFabric B-series switches BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2014-6271 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2014-6277 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2014-6278 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2014-7169 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2014-7186 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2014-7187 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has released the following software updates to resolve the vulnerability in HP StoreFabric B-series switches running Bash Shell. Note: HP and the switch vendor recommend running an active version of Fabric OS (FOS) listed on the HP Single Point of Connectivity Knowledge (SPOCK) website ( http://h20272.www2.hp.com/ ) and applying the work-around information provided in the MITIGATION INFORMATION section below to protect HP StoreFabric B-series switches from this vulnerability. Fabric OS (FOS) v7.3.0b (This version will be available soon and this bulletin will revised at that time) The following focused fix FOS versions are available for the previously released versions and have been renamed to include an additional hexadecimal character appended to the FOS version on which it is based: FOS v7.2.1c1 FOS v7.2.0d6 FOS v7.1.2b1 FOS v7.1.1c1 FOS v7.1.0cb FOS v7.0.2e1 FOS v7.0.0d1 FOS v6.4.3f3 FOS v6.4.2a3 FOS v6.2.2f9 MITIGATION INFORMATION HP recommends the following steps to reduce the risk of this vulnerability: - Place the HP StoreFabric SAN switch and other data center critical infrastructure behind a firewall to disallow access from the Internet. - Change all HP StoreFabric switch default account passwords, including the root passwords, from the default factory passwords. - Examine the list of accounts, including ones on the switch and those existing on remote authentication servers such as RADIUS, LDAP, and TACAS+, to ensure only necessary personnel can gain access to HP StoreFabric FOS switches. Delete guest accounts and temporary accounts created for one-time usage needs. - Utilize FOS password policy management to strengthen the complexity, age, and history requirements of switch account passwords. HISTORY Version:1 (rev.1) - 16 October 2014 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2014 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (GNU/Linux) iEYEARECAAYFAlRAJ/cACgkQ4B86/C0qfVnY5wCbB6BuI/1jNKooORagufjsKfmo 5ikAnjlwLbaE1YWaqIqBsmMXPERqtuB7 =ceqx -----END PGP SIGNATURE-----

Trust: 4.05

sources: NVD: CVE-2014-6278 // CERT/CC: VU#252743 // JVNDB: JVNDB-2014-004476 // JVNDB: JVNDB-2014-000126 // BID: 70166 // VULMON: CVE-2014-6278 // PACKETSTORM: 128764 // PACKETSTORM: 128606 // PACKETSTORM: 129069 // PACKETSTORM: 129070 // PACKETSTORM: 128864 // PACKETSTORM: 130335 // PACKETSTORM: 128760

AFFECTED PRODUCTS

vendor:gnumodel:bashscope:eqversion:4.2

Trust: 1.3

vendor:gnumodel:bashscope:eqversion:3.0.16

Trust: 1.0

vendor:gnumodel:bashscope:eqversion:2.03

Trust: 1.0

vendor:gnumodel:bashscope:eqversion:3.2.48

Trust: 1.0

vendor:gnumodel:bashscope:eqversion:1.14.7

Trust: 1.0

vendor:gnumodel:bashscope:eqversion:1.14.3

Trust: 1.0

vendor:gnumodel:bashscope:eqversion:1.14.4

Trust: 1.0

vendor:gnumodel:bashscope:eqversion:2.01.1

Trust: 1.0

vendor:gnumodel:bashscope:eqversion:2.02.1

Trust: 1.0

vendor:gnumodel:bashscope:eqversion:2.02

Trust: 1.0

vendor:gnumodel:bashscope:eqversion:1.14.2

Trust: 1.0

vendor:gnumodel:bashscope:eqversion:3.0

Trust: 1.0

vendor:gnumodel:bashscope:eqversion:2.0

Trust: 1.0

vendor:gnumodel:bashscope:eqversion:3.2

Trust: 1.0

vendor:gnumodel:bashscope:eqversion:1.14.6

Trust: 1.0

vendor:gnumodel:bashscope:eqversion:4.0

Trust: 1.0

vendor:gnumodel:bashscope:eqversion:2.01

Trust: 1.0

vendor:gnumodel:bashscope:eqversion:3.1

Trust: 1.0

vendor:gnumodel:bashscope:eqversion:4.1

Trust: 1.0

vendor:gnumodel:bashscope:eqversion:2.04

Trust: 1.0

vendor:gnumodel:bashscope:eqversion:1.14.0

Trust: 1.0

vendor:gnumodel:bashscope:eqversion:1.14.5

Trust: 1.0

vendor:gnumodel:bashscope:eqversion:4.3

Trust: 1.0

vendor:gnumodel:bashscope:eqversion:2.05

Trust: 1.0

vendor:gnumodel:bashscope:eqversion:1.14.1

Trust: 1.0

vendor:applemodel: - scope: - version: -

Trust: 0.8

vendor:avayamodel: - scope: - version: -

Trust: 0.8

vendor:barracudamodel: - scope: - version: -

Trust: 0.8

vendor:blue coatmodel: - scope: - version: -

Trust: 0.8

vendor:centosmodel: - scope: - version: -

Trust: 0.8

vendor:check pointmodel: - scope: - version: -

Trust: 0.8

vendor:ciscomodel: - scope: - version: -

Trust: 0.8

vendor:cygwinmodel: - scope: - version: -

Trust: 0.8

vendor:d linkmodel: - scope: - version: -

Trust: 0.8

vendor:debian gnu linuxmodel: - scope: - version: -

Trust: 0.8

vendor:dell computermodel: - scope: - version: -

Trust: 0.8

vendor:extrememodel: - scope: - version: -

Trust: 0.8

vendor:f5model: - scope: - version: -

Trust: 0.8

vendor:fedoramodel: - scope: - version: -

Trust: 0.8

vendor:fireeyemodel: - scope: - version: -

Trust: 0.8

vendor:fortinetmodel: - scope: - version: -

Trust: 0.8

vendor:gnu bashmodel: - scope: - version: -

Trust: 0.8

vendor:gentoo linuxmodel: - scope: - version: -

Trust: 0.8

vendor:hewlett packardmodel: - scope: - version: -

Trust: 0.8

vendor:ibmmodel: - scope: - version: -

Trust: 0.8

vendor:junipermodel: - scope: - version: -

Trust: 0.8

vendor:mageiamodel: - scope: - version: -

Trust: 0.8

vendor:mcafeemodel: - scope: - version: -

Trust: 0.8

vendor:monroemodel: - scope: - version: -

Trust: 0.8

vendor:necmodel: - scope: - version: -

Trust: 0.8

vendor:niksunmodel: - scope: - version: -

Trust: 0.8

vendor:netappmodel: - scope: - version: -

Trust: 0.8

vendor:novellmodel: - scope: - version: -

Trust: 0.8

vendor:oraclemodel: - scope: - version: -

Trust: 0.8

vendor:palo altomodel: - scope: - version: -

Trust: 0.8

vendor:qnap securitymodel: - scope: - version: -

Trust: 0.8

vendor:red hatmodel: - scope: - version: -

Trust: 0.8

vendor:suse linuxmodel: - scope: - version: -

Trust: 0.8

vendor:slackware linuxmodel: - scope: - version: -

Trust: 0.8

vendor:sophosmodel: - scope: - version: -

Trust: 0.8

vendor:trend micromodel: - scope: - version: -

Trust: 0.8

vendor:ubuntumodel: - scope: - version: -

Trust: 0.8

vendor:vmwaremodel: - scope: - version: -

Trust: 0.8

vendor:xirrusmodel: - scope: - version: -

Trust: 0.8

vendor:gnumodel:bashscope:lteversion:4.3 bash43-026

Trust: 0.8

vendor:qnapmodel:qtsscope:lteversion:4.1.1 build 0927 and earlier

Trust: 0.8

vendor:qnapmodel:qtsscope:eqversion: -

Trust: 0.8

vendor:xeroxmodel:workcentrescope:eqversion:7245

Trust: 0.3

vendor:xeroxmodel:workcentrescope:eqversion:7242

Trust: 0.3

vendor:xeroxmodel:workcentrescope:eqversion:7238

Trust: 0.3

vendor:xeroxmodel:workcentrescope:eqversion:7235

Trust: 0.3

vendor:xeroxmodel:workcentrescope:eqversion:7232

Trust: 0.3

vendor:xeroxmodel:workcentrescope:eqversion:7228

Trust: 0.3

vendor:xeroxmodel:phaserscope:eqversion:78000

Trust: 0.3

vendor:xeroxmodel:phaserscope:eqversion:67000

Trust: 0.3

vendor:xeroxmodel:colorqubescope:eqversion:9393

Trust: 0.3

vendor:xeroxmodel:colorqubescope:eqversion:9303

Trust: 0.3

vendor:xeroxmodel:colorqubescope:eqversion:9302

Trust: 0.3

vendor:xeroxmodel:colorqubescope:eqversion:9301

Trust: 0.3

vendor:ubuntumodel:linux lts i386scope:eqversion:12.04

Trust: 0.3

vendor:ubuntumodel:linux lts amd64scope:eqversion:12.04

Trust: 0.3

vendor:ubuntumodel:linux sparcscope:eqversion:10.04

Trust: 0.3

vendor:ubuntumodel:linux powerpcscope:eqversion:10.04

Trust: 0.3

vendor:ubuntumodel:linux i386scope:eqversion:10.04

Trust: 0.3

vendor:ubuntumodel:linux armscope:eqversion:10.04

Trust: 0.3

vendor:ubuntumodel:linux amd64scope:eqversion:10.04

Trust: 0.3

vendor:sunmodel:solarisscope:eqversion:11

Trust: 0.3

vendor:oraclemodel:vm virtualboxscope:eqversion:3.2

Trust: 0.3

vendor:oraclemodel:vm virtualboxscope:eqversion:3.1

Trust: 0.3

vendor:oraclemodel:linuxscope:eqversion:5

Trust: 0.3

vendor:oraclemodel:enterprise linuxscope:eqversion:6.2

Trust: 0.3

vendor:oraclemodel:enterprise linuxscope:eqversion:6

Trust: 0.3

vendor:oraclemodel:enterprise linuxscope:eqversion:5

Trust: 0.3

vendor:mcafeemodel:email gateway patchscope:eqversion:7.01

Trust: 0.3

vendor:mcafeemodel:email gatewayscope:eqversion:7.0

Trust: 0.3

vendor:mcafeemodel:email gateway hotfixscope:eqversion:6.7.22

Trust: 0.3

vendor:mcafeemodel:email gateway hotfixscope:eqversion:6.7.21

Trust: 0.3

vendor:ibmmodel:ds8000scope:eqversion:0

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:7.1

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:6.1

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:5.3

Trust: 0.3

vendor:hpmodel:insight controlscope:eqversion:0

Trust: 0.3

vendor:gentoomodel:linuxscope: - version: -

Trust: 0.3

vendor:ciscomodel:wide area application servicesscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:unified ip phonescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:unified contact center expressscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:network analysis modulescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:mdsscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:gss 4492r global site selectorscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:emergency responderscope:eqversion:1.1

Trust: 0.3

vendor:ciscomodel:digital media managerscope:eqversion:5.0

Trust: 0.3

vendor:ciscomodel:digital media managerscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:show and sharescope:eqversion:5(2)

Trust: 0.3

vendor:avayamodel:ip deskphonescope:eqversion:96x16.2

Trust: 0.3

vendor:avayamodel:ip deskphonescope:eqversion:96x16

Trust: 0.3

sources: CERT/CC: VU#252743 // BID: 70166 // JVNDB: JVNDB-2014-004476 // JVNDB: JVNDB-2014-000126 // NVD: CVE-2014-6278

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-6278
value: HIGH

Trust: 1.0

NVD: CVE-2014-6278
value: HIGH

Trust: 0.8

IPA: JVNDB-2014-000126
value: HIGH

Trust: 0.8

VULMON: CVE-2014-6278
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2014-6278
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

IPA: JVNDB-2014-000126
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

sources: VULMON: CVE-2014-6278 // JVNDB: JVNDB-2014-004476 // JVNDB: JVNDB-2014-000126 // NVD: CVE-2014-6278

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.8

problemtype:OS Command injection (CWE-78) [IPA evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2014-004476 // JVNDB: JVNDB-2014-000126 // NVD: CVE-2014-6278

THREAT TYPE

network

Trust: 0.3

sources: BID: 70166

TYPE

Design Error

Trust: 0.3

sources: BID: 70166

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-004476

EXPLOIT AVAILABILITY

sources: VULMON: CVE-2014-6278

PATCH

title:NAS-201410-05url:http://www.qnap.com/i/en/support/con_show.php?cid=61

Trust: 1.6

title:bash-3.2-33.AXS3.4url:https://tsn.miraclelinux.com/tsn_local/index.php?m=errata&a=detail&eid=3918

Trust: 0.8

title:bash-4.1.2-15.AXS4.2url:https://tsn.miraclelinux.com/tsn_local/index.php?m=errata&a=detail&eid=3919

Trust: 0.8

title:cisco-sa-20140926-bashurl:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash

Trust: 0.8

title:CTX200223url:https://support.citrix.com/article/CTX200223

Trust: 0.8

title:CTX200217url:https://support.citrix.com/article/CTX200217

Trust: 0.8

title:GNU Bashurl:http://www.gnu.org/software/bash/

Trust: 0.8

title:HPSBST03157 SSRT101718url:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04488200

Trust: 0.8

title:HPSBST03122 SSRT101717url:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04471532

Trust: 0.8

title:HPSBMU03217 SSRT101827url:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04512907

Trust: 0.8

title:HPSBST03129 SSRT101760url:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04478866

Trust: 0.8

title:HPSBMU03182 SSRT101787url:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04497042

Trust: 0.8

title:HPSBHF03125 SSRT101724url:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04471538

Trust: 0.8

title:HPSBGN03233url:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04540692

Trust: 0.8

title:HPSBGN03141 SSRT101763url:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04479398

Trust: 0.8

title:HPSBST03154 SSRT101747url:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04487558

Trust: 0.8

title:HPSBGN03138 SSRT101755url:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04475942

Trust: 0.8

title:HPSBMU03236 SSRT101830url:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04552143

Trust: 0.8

title:HPSBGN03142 SSRT101764url:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04479402

Trust: 0.8

title:HPSBST03181 SSRT101811url:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04496383

Trust: 0.8

title:HPSBMU03245 SSRT101742url:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04556845

Trust: 0.8

title:HPSBMU03144 SSRT101762url:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04479492

Trust: 0.8

title:HPSBMU03165 SSRT101783url:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04497075

Trust: 0.8

title:HPSBHF03145 SSRT101765url:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04479505

Trust: 0.8

title:HPSBMU03143 SSRT101761url:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04479536

Trust: 0.8

title:HPSBST03155 SSRT101747url:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04487573

Trust: 0.8

title:HPSBHF03146 SSRT101765url:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04479601

Trust: 0.8

title:MIGR-5096315url:http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096315

Trust: 0.8

title:T1021279url:http://www-01.ibm.com/support/docview.wss?uid=isg3T1021279

Trust: 0.8

title:S1004897url:http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004897

Trust: 0.8

title:S1004898url:http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004898

Trust: 0.8

title:1686479url:http://www-01.ibm.com/support/docview.wss?uid=swg21686479

Trust: 0.8

title:1685433url:http://www-01.ibm.com/support/docview.wss?uid=swg21685433

Trust: 0.8

title:1685541url:http://www-01.ibm.com/support/docview.wss?uid=swg21685541

Trust: 0.8

title:1685604url:http://www-01.ibm.com/support/docview.wss?uid=swg21685604

Trust: 0.8

title:1685522url:http://www-01.ibm.com/support/docview.wss?uid=swg21685522

Trust: 0.8

title:S1004915url:http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004915

Trust: 0.8

title:1685914url:http://www-01.ibm.com/support/docview.wss?uid=swg21685914

Trust: 0.8

title:1686493url:http://www-01.ibm.com/support/docview.wss?uid=swg21686493

Trust: 0.8

title:T1021272url:http://www-01.ibm.com/support/docview.wss?uid=isg3T1021272

Trust: 0.8

title:1685733url:http://www-01.ibm.com/support/docview.wss?uid=swg21685733

Trust: 0.8

title:S1004879url:http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004879

Trust: 0.8

title:1686131url:http://www-01.ibm.com/support/docview.wss?uid=swg21686131

Trust: 0.8

title:1685749url:http://www-01.ibm.com/support/docview.wss?uid=swg21685749

Trust: 0.8

title:1685798url:http://www-01.ibm.com/support/docview.wss?uid=swg21685798

Trust: 0.8

title:1686299url:http://www-01.ibm.com/support/docview.wss?uid=swg21686299

Trust: 0.8

title:1686635url:http://www-01.ibm.com/support/docview.wss?uid=swg21686635

Trust: 0.8

title:アライドテレシス株式会社からの情報url:http://jvn.jp/vu/JVNVU97219505/522154/index.html

Trust: 0.8

title:OES11 SP2, OES11SP1, OES2 SP3 vulnerability with GNU Bash Remote Code Execution (aka ShellShock) and Mozilla NSS vulnerabilitiesurl:https://www.novell.com/support/kb/doc.php?id=7015701

Trust: 0.8

title:ZENworks Configuration Management vulnerability with GNU Bash Remote Code Execution (aka ShellShock)url:https://www.novell.com/support/kb/doc.php?id=7015721

Trust: 0.8

title:AV14-003url:http://jpn.nec.com/security-info/av14-003.html

Trust: 0.8

title:ShellShock 101 - What you need to know and do, to ensure your systems are secureurl:https://www.suse.com/support/shellshock/

Trust: 0.8

title:ELSA-2014-3094url:http://linux.oracle.com/errata/ELSA-2014-3094

Trust: 0.8

title:ELSA-2014-3093url:http://linux.oracle.com/errata/ELSA-2014-3093

Trust: 0.8

title:Bash "Shellshock" Vulnerabilities - CVE-2014-7169url:http://www.oracle.com/technetwork/topics/security/bashcve-2014-7169-2317675.html

Trust: 0.8

title:Bug 1147414url:https://bugzilla.redhat.com/show_bug.cgi?id=1147414

Trust: 0.8

title:Resolution for Bash Code Injection Vulnerability via Specially Crafted Environment Variables (CVE-2014-6271, CVE-2014-7169) in Red Hat Enterprise Linuxurl:https://access.redhat.com/solutions/1207723

Trust: 0.8

title:Bash specially-crafted environment variables code injection attackurl:https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/

Trust: 0.8

title:GNU Bash 「OS コマンドインジェクション」の脆弱性についてurl:http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/VU252743.html

Trust: 0.8

title:SA82url:https://bto.bluecoat.com/security-advisory/sa82

Trust: 0.8

title:SOL15629url:https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15629.html

Trust: 0.8

title:Multiple vulnerabilities in Bashurl:https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_bash

Trust: 0.8

title:CVE-2014-6278url:https://security-tracker.debian.org/tracker/CVE-2014-6278

Trust: 0.8

title:JSA10648url:https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10648

Trust: 0.8

title:VMSA-2014-0010url:http://www.vmware.com/security/advisories/VMSA-2014-0010.html

Trust: 0.8

title:GNU bash の脆弱性に関する弊社調査・対応状況についてurl:http://www.iodata.jp/support/information/2014/bash/

Trust: 0.8

title:bashの脆弱性(CVE-2014-6271,CVE-2014-7169 他)によるHA8500への影響についてurl:http://www.hitachi.co.jp/products/it/server/security/info/vulnerable/bash_ha8500.html

Trust: 0.8

title:サーバ・クライアント製品 bashの脆弱性(CVE-2014-6271,CVE-2014-7169他)による影響についてurl:http://www.hitachi.co.jp/products/it/server/security/info/vulnerable/bash_cve20146271.html

Trust: 0.8

title:cisco-sa-20140926-bashurl:http://www.cisco.com/cisco/web/support/JP/112/1126/1126247_cisco-sa-20140926-bash-j.html

Trust: 0.8

title:TLSA-2014-10url:http://www.turbolinux.co.jp/security/2014/TLSA-2014-10j.html

Trust: 0.8

title:GNU BashにおけるOSコマンドインジェクションの脆弱性url:http://buffalo.jp/support_s/s20141002.html

Trust: 0.8

title:GNU Bash に OS コマンドインジェクションの脆弱性url:http://software.fujitsu.com/jp/security/vulnerabilities/jvn-97219505.html

Trust: 0.8

title:Ubuntu Security Notice: bash vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-2380-1

Trust: 0.1

title:VMware Security Advisories: VMware product updates address critical Bash security vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=vmware_security_advisories&qid=86cb6b3955e100fdc9667a7ca916c772

Trust: 0.1

title:Symantec Security Advisories: SA82 : GNU Bash Shellshock Command Injection Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories&qid=2b57ceaadfde2a8b03482273e1fd21ea

Trust: 0.1

title:Citrix Security Bulletins: Citrix XenServer Shellshock Security Updateurl:https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins&qid=64ae0aae8269062686789e3a3fa1d2bf

Trust: 0.1

title:Tenable Security Advisories: [R7] Tenable Appliance Affected by GNU bash 'Shellshock' Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories&qid=TNS-2014-07

Trust: 0.1

title:Citrix Security Bulletins: Citrix Security Advisory for GNU Bash Shellshock Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins&qid=73443a6db89dc66fc6bcb49f85bfd1ab

Trust: 0.1

title:CiscoUCS-Shellshockurl:https://github.com/thatchriseckert/CiscoUCS-Shellshock

Trust: 0.1

title:0day-WriteUp-TryHackme-CTF-Mediumurl:https://github.com/elc4br4/0day-WriteUp-TryHackme-CTF-Medium

Trust: 0.1

title:ShellScanurl:https://github.com/0xICF/ShellScan

Trust: 0.1

title:cvesploiturl:https://github.com/swapravo/cvesploit

Trust: 0.1

title:fabric-shellshockurl:https://github.com/ericlake/fabric-shellshock

Trust: 0.1

title:w-testurl:https://github.com/inspirion87/w-test

Trust: 0.1

title:Xpl-SHELLSHOCK-Ch3ckurl:https://github.com/googleinurl/Xpl-SHELLSHOCK-Ch3ck

Trust: 0.1

title:bashcheckurl:https://github.com/hannob/bashcheck

Trust: 0.1

title:shellshockFixOSXurl:https://github.com/opragel/shellshockFixOSX

Trust: 0.1

title:shocktrooperurl:https://github.com/EvanK/shocktrooper

Trust: 0.1

title:ShellShockHunterurl:https://github.com/MrCl0wnLab/ShellShockHunter

Trust: 0.1

title:shellshocker-pocsurl:https://github.com/mubix/shellshocker-pocs

Trust: 0.1

title:ActiveScanPlusPlusurl:https://github.com/albinowax/ActiveScanPlusPlus

Trust: 0.1

title:afl-cveurl:https://github.com/mrash/afl-cve

Trust: 0.1

title:Threatposturl:https://threatpost.com/researcher-takes-wraps-off-two-undisclosed-shellshock-vulnerabilities-in-bash/108674/

Trust: 0.1

sources: VULMON: CVE-2014-6278 // JVNDB: JVNDB-2014-004476 // JVNDB: JVNDB-2014-000126

EXTERNAL IDS

db:NVDid:CVE-2014-6278

Trust: 4.5

db:CERT/CCid:VU#252743

Trust: 2.7

db:JVNid:JVN55667175

Trust: 2.7

db:JVNDBid:JVNDB-2014-000126

Trust: 2.7

db:JVNid:JVNVU97219505

Trust: 1.6

db:JVNDBid:JVNDB-2014-004476

Trust: 1.6

db:MCAFEEid:SB10085

Trust: 1.4

db:JUNIPERid:JSA10648

Trust: 1.4

db:SECUNIAid:61641

Trust: 1.1

db:SECUNIAid:61603

Trust: 1.1

db:SECUNIAid:61287

Trust: 1.1

db:SECUNIAid:60055

Trust: 1.1

db:SECUNIAid:61654

Trust: 1.1

db:SECUNIAid:61313

Trust: 1.1

db:SECUNIAid:60044

Trust: 1.1

db:SECUNIAid:58200

Trust: 1.1

db:SECUNIAid:61550

Trust: 1.1

db:SECUNIAid:61780

Trust: 1.1

db:SECUNIAid:61552

Trust: 1.1

db:SECUNIAid:61565

Trust: 1.1

db:SECUNIAid:61312

Trust: 1.1

db:SECUNIAid:60193

Trust: 1.1

db:SECUNIAid:61129

Trust: 1.1

db:SECUNIAid:61703

Trust: 1.1

db:SECUNIAid:60433

Trust: 1.1

db:SECUNIAid:61128

Trust: 1.1

db:SECUNIAid:60063

Trust: 1.1

db:SECUNIAid:61816

Trust: 1.1

db:SECUNIAid:61633

Trust: 1.1

db:SECUNIAid:60034

Trust: 1.1

db:SECUNIAid:61643

Trust: 1.1

db:SECUNIAid:61485

Trust: 1.1

db:SECUNIAid:61503

Trust: 1.1

db:SECUNIAid:62343

Trust: 1.1

db:SECUNIAid:60325

Trust: 1.1

db:SECUNIAid:61291

Trust: 1.1

db:SECUNIAid:61328

Trust: 1.1

db:SECUNIAid:61283

Trust: 1.1

db:SECUNIAid:60024

Trust: 1.1

db:SECUNIAid:61442

Trust: 1.1

db:SECUNIAid:59961

Trust: 1.1

db:SECUNIAid:61471

Trust: 1.1

db:SECUNIAid:61857

Trust: 1.1

db:SECUNIAid:61065

Trust: 1.1

db:SECUNIAid:59907

Trust: 1.1

db:SECUNIAid:62312

Trust: 1.1

db:PACKETSTORMid:128567

Trust: 1.1

db:PACKETSTORMid:137344

Trust: 1.1

db:EXPLOIT-DBid:39568

Trust: 1.0

db:EXPLOIT-DBid:39887

Trust: 1.0

db:USCERTid:TA14-268A

Trust: 0.8

db:JVNid:JVNVU97220341

Trust: 0.8

db:JVNDBid:JVNDB-2014-004431

Trust: 0.8

db:JVNDBid:JVNDB-2014-004433

Trust: 0.8

db:JVNDBid:JVNDB-2014-004399

Trust: 0.8

db:JVNDBid:JVNDB-2014-004410

Trust: 0.8

db:JVNDBid:JVNDB-2014-004432

Trust: 0.8

db:ICS CERTid:ICSA-14-269-01A

Trust: 0.8

db:ICS CERTid:ICSA-15-344-01

Trust: 0.8

db:BIDid:70166

Trust: 0.4

db:JUNIPERid:JSA10661

Trust: 0.3

db:ICS CERTid:ICSA-14-269-01

Trust: 0.3

db:EXPLOITDBid:39568

Trust: 0.1

db:EXPLOITDBid:39887

Trust: 0.1

db:VULMONid:CVE-2014-6278

Trust: 0.1

db:PACKETSTORMid:128764

Trust: 0.1

db:PACKETSTORMid:128606

Trust: 0.1

db:PACKETSTORMid:129069

Trust: 0.1

db:PACKETSTORMid:129070

Trust: 0.1

db:PACKETSTORMid:128864

Trust: 0.1

db:PACKETSTORMid:130335

Trust: 0.1

db:PACKETSTORMid:128760

Trust: 0.1

sources: CERT/CC: VU#252743 // VULMON: CVE-2014-6278 // BID: 70166 // JVNDB: JVNDB-2014-004476 // JVNDB: JVNDB-2014-000126 // PACKETSTORM: 128764 // PACKETSTORM: 128606 // PACKETSTORM: 129069 // PACKETSTORM: 129070 // PACKETSTORM: 128864 // PACKETSTORM: 130335 // PACKETSTORM: 128760 // NVD: CVE-2014-6278

REFERENCES

url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20140926-bash

Trust: 2.2

url:https://kc.mcafee.com/corporate/index?page=content&id=sb10085

Trust: 2.2

url:http://lcamtuf.blogspot.com/2014/09/bash-bug-apply-unofficial-patch-now.html

Trust: 1.9

url:https://kb.bluecoat.com/index?page=content&id=sa82

Trust: 1.9

url:https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15629.html

Trust: 1.9

url:http://jvndb.jvn.jp/jvndb/jvndb-2014-000126

Trust: 1.9

url:https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/

Trust: 1.6

url:http://www.ipa.go.jp/security/ciadr/vul/20140926-bash.html

Trust: 1.6

url:http://jvn.jp/jp/jvn55667175/index.html

Trust: 1.6

url:http://jvn.jp/vu/jvnvu97219505/index.html

Trust: 1.6

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-6278

Trust: 1.6

url:http://www.kb.cert.org/vuls/id/252743

Trust: 1.6

url:http://www-01.ibm.com/support/docview.wss?uid=swg21685749

Trust: 1.4

url:http://www.vmware.com/security/advisories/vmsa-2014-0010.html

Trust: 1.4

url:https://kb.juniper.net/infocenter/index?page=content&id=jsa10648

Trust: 1.4

url:http://www.oracle.com/technetwork/topics/security/bashcve-2014-7169-2317675.html

Trust: 1.4

url:http://www-01.ibm.com/support/docview.wss?uid=swg21685914

Trust: 1.4

url:http://www-01.ibm.com/support/docview.wss?uid=isg3t1021272

Trust: 1.4

url:http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004898

Trust: 1.4

url:http://www-01.ibm.com/support/docview.wss?uid=isg3t1021279

Trust: 1.4

url:http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004897

Trust: 1.4

url:http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5096315

Trust: 1.4

url:http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004915

Trust: 1.4

url:http://www-01.ibm.com/support/docview.wss?uid=swg21685604

Trust: 1.4

url:http://www-01.ibm.com/support/docview.wss?uid=swg21686131

Trust: 1.4

url:http://www-01.ibm.com/support/docview.wss?uid=swg21686246

Trust: 1.4

url:http://www-01.ibm.com/support/docview.wss?uid=swg21687079

Trust: 1.4

url:http://www.ubuntu.com/usn/usn-2380-1

Trust: 1.2

url:https://www.exploit-db.com/exploits/39568/

Trust: 1.2

url:http://www.fortiguard.com/advisory/fg-ir-14-030/

Trust: 1.1

url:https://security-tracker.debian.org/tracker/cve-2014-6278

Trust: 1.1

url:https://bugzilla.redhat.com/show_bug.cgi?id=1147414

Trust: 1.1

url:https://www.suse.com/support/shellshock/

Trust: 1.1

url:http://support.novell.com/security/cve/cve-2014-6278.html

Trust: 1.1

url:http://secunia.com/advisories/61641

Trust: 1.1

url:http://lcamtuf.blogspot.com/2014/10/bash-bug-how-we-finally-cracked.html

Trust: 1.1

url:http://secunia.com/advisories/61485

Trust: 1.1

url:http://secunia.com/advisories/59907

Trust: 1.1

url:http://secunia.com/advisories/61654

Trust: 1.1

url:http://packetstormsecurity.com/files/128567/ca-technologies-gnu-bash-shellshock.html

Trust: 1.1

url:http://secunia.com/advisories/61565

Trust: 1.1

url:http://www.novell.com/support/kb/doc.php?id=7015721

Trust: 1.1

url:http://secunia.com/advisories/61643

Trust: 1.1

url:http://secunia.com/advisories/61503

Trust: 1.1

url:http://secunia.com/advisories/61633

Trust: 1.1

url:http://secunia.com/advisories/61552

Trust: 1.1

url:http://secunia.com/advisories/61703

Trust: 1.1

url:http://secunia.com/advisories/61283

Trust: 1.1

url:http://secunia.com/advisories/61603

Trust: 1.1

url:http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00004.html

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=141330468527613&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=141345648114150&w=2

Trust: 1.1

url:https://support.citrix.com/article/ctx200217

Trust: 1.1

url:http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004879

Trust: 1.1

url:http://secunia.com/advisories/60034

Trust: 1.1

url:http://secunia.com/advisories/61816

Trust: 1.1

url:http://secunia.com/advisories/61128

Trust: 1.1

url:http://secunia.com/advisories/61313

Trust: 1.1

url:http://www-01.ibm.com/support/docview.wss?uid=swg21685733

Trust: 1.1

url:http://secunia.com/advisories/61442

Trust: 1.1

url:http://secunia.com/advisories/61287

Trust: 1.1

url:https://support.citrix.com/article/ctx200223

Trust: 1.1

url:http://secunia.com/advisories/60055

Trust: 1.1

url:http://secunia.com/advisories/61129

Trust: 1.1

url:http://secunia.com/advisories/61780

Trust: 1.1

url:http://www-01.ibm.com/support/docview.wss?uid=swg21686479

Trust: 1.1

url:http://www-01.ibm.com/support/docview.wss?uid=swg21685541

Trust: 1.1

url:http://secunia.com/advisories/61471

Trust: 1.1

url:http://secunia.com/advisories/58200

Trust: 1.1

url:http://secunia.com/advisories/61328

Trust: 1.1

url:http://secunia.com/advisories/61857

Trust: 1.1

url:http://secunia.com/advisories/60193

Trust: 1.1

url:http://secunia.com/advisories/61065

Trust: 1.1

url:http://secunia.com/advisories/61550

Trust: 1.1

url:http://secunia.com/advisories/60325

Trust: 1.1

url:http://secunia.com/advisories/61312

Trust: 1.1

url:http://www-01.ibm.com/support/docview.wss?uid=swg21686494

Trust: 1.1

url:http://secunia.com/advisories/60063

Trust: 1.1

url:http://secunia.com/advisories/61291

Trust: 1.1

url:http://secunia.com/advisories/60044

Trust: 1.1

url:http://www-01.ibm.com/support/docview.wss?uid=swg21686445

Trust: 1.1

url:https://supportcenter.checkpoint.com/supportcenter/portal?eventsubmit_dogoviewsolutiondetails=&solutionid=sk102673&src=securityalerts

Trust: 1.1

url:http://www-01.ibm.com/support/docview.wss?uid=isg3t1021361

Trust: 1.1

url:http://secunia.com/advisories/60433

Trust: 1.1

url:http://secunia.com/advisories/60024

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=141383353622268&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=141383304022067&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=141383244821813&w=2

Trust: 1.1

url:http://lists.opensuse.org/opensuse-updates/2014-10/msg00025.html

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=141450491804793&w=2

Trust: 1.1

url:http://jvn.jp/en/jp/jvn55667175/index.html

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=141383081521087&w=2

Trust: 1.1

url:http://www.qnap.com/i/en/support/con_show.php?cid=61

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=141383026420882&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=141383196021590&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=141383465822787&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=141577137423233&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=141577241923505&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=141576728022234&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=141577297623641&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=141585637922673&w=2

Trust: 1.1

url:http://secunia.com/advisories/62312

Trust: 1.1

url:http://secunia.com/advisories/59961

Trust: 1.1

url:http://secunia.com/advisories/62343

Trust: 1.1

url:http://linux.oracle.com/errata/elsa-2014-3093

Trust: 1.1

url:http://linux.oracle.com/errata/elsa-2014-3094

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=142358026505815&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=142358078406056&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=141879528318582&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=142118135300698&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=142721162228379&w=2

Trust: 1.1

url:http://www.mandriva.com/security/advisories?name=mdvsa-2015:164

Trust: 1.1

url:http://packetstormsecurity.com/files/137344/sun-secure-global-desktop-oracle-global-desktop-shellshock.html

Trust: 1.1

url:https://www.exploit-db.com/exploits/39887/

Trust: 1.1

url:https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-c04518183

Trust: 1.1

url:https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-c04497075

Trust: 1.1

url:https://www.arista.com/en/support/advisories-notices/security-advisories/1008-security-advisory-0006

Trust: 1.1

url:http://seclists.org/oss-sec/2014/q3/650

Trust: 0.8

url:https://access.redhat.com/articles/1200223

Trust: 0.8

url:http://seclists.org/oss-sec/2014/q3/688

Trust: 0.8

url:http://seclists.org/oss-sec/2014/q3/685

Trust: 0.8

url:http://lcamtuf.blogspot.com/2014/09/quick-notes-about-bash-bug-its-impact.html

Trust: 0.8

url:https://gist.github.com/anonymous/929d622f3b36b00c0be1

Trust: 0.8

url:https://www.dfranke.us/posts/2014-09-27-shell-shock-exploitation-vectors.html

Trust: 0.8

url:https://shellshocker.net/#

Trust: 0.8

url:http://support.apple.com/kb/ht6495

Trust: 0.8

url:https://www.barracuda.com/support/techalerts

Trust: 0.8

url:http://www.checkpoint.com/blog/protecting-shellshock/index.html

Trust: 0.8

url:http://securityadvisories.dlink.com/security/publication.aspx?name=sap10044

Trust: 0.8

url:https://www.debian.org/security/2014/dsa-3032

Trust: 0.8

url:http://learn.extremenetworks.com/rs/extreme/images/vn-2014-001-%20gnu%20bash%20threats%20-cve-2014-7169%20rev01.pdf

Trust: 0.8

url:http://fedoramagazine.org/shellshock-update-bash-packages-that-resolve-cve-2014-6271-and-cve-2014-7169-available/

Trust: 0.8

url:http://www.gentoo.org/security/en/glsa/glsa-201409-09.xml

Trust: 0.8

url:http://alerts.hp.com/r?2.1.3kt.2zr.15ee22.l8mgqe..n.ghvs.8f9a.bw89mq%5f%5fdbosfqk0

Trust: 0.8

url:http://kb.juniper.net/jsa10648

Trust: 0.8

url:http://jpn.nec.com/security-info/av14-003.html

Trust: 0.8

url:http://support.novell.com/security/cve/cve-2014-6271.html

Trust: 0.8

url:https://www.suse.com/support/kb/doc.php?id=7015702

Trust: 0.8

url:http://www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.522193

Trust: 0.8

url:http://www.ubuntu.com/usn/usn-2362-1/

Trust: 0.8

url:http://kb.vmware.com/selfservice/microsites/search.do?language=en_us&cmd=displaykc&externalid=2090740

Trust: 0.8

url:http://pkgsrc.se/files.php?messageid=20140925202832.9ad9c98@cvs.netbsd.org

Trust: 0.8

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-6278

Trust: 0.8

url:https://www.jpcert.or.jp/at/2014/at140037.html

Trust: 0.8

url:https://www.us-cert.gov/ncas/alerts/ta14-268a

Trust: 0.8

url:http://lcamtuf.blogspot.jp/2014/09/bash-bug-apply-unofficial-patch-now.html

Trust: 0.8

url:http://www.aratana.jp/security/detail.php?id=10

Trust: 0.8

url:http://jvn.jp/vu/jvnvu97220341/index.html

Trust: 0.8

url:http://jvndb.jvn.jp/ja/contents/2014/jvndb-2014-004399.html

Trust: 0.8

url:http://jvndb.jvn.jp/ja/contents/2014/jvndb-2014-004410.html

Trust: 0.8

url:http://jvndb.jvn.jp/ja/contents/2014/jvndb-2014-004431.html

Trust: 0.8

url:http://jvndb.jvn.jp/ja/contents/2014/jvndb-2014-004476.html

Trust: 0.8

url:http://jvndb.jvn.jp/ja/contents/2014/jvndb-2014-004432.html

Trust: 0.8

url:http://jvndb.jvn.jp/ja/contents/2014/jvndb-2014-004433.html

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-7169

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-6271

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-6277

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-7186

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-7187

Trust: 0.8

url:https://ics-cert.us-cert.gov/advisories/icsa-15-344-01

Trust: 0.8

url:https://www.cisa.gov/news-events/ics-advisories/icsa-14-269-01a

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2014-6277

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2014-6278

Trust: 0.7

url:https://h20564.www2.hp.com/portal/site/hpsc/public/kb/

Trust: 0.6

url:https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/

Trust: 0.6

url:http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2014-7169

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2014-6271

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2014-7186

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2014-7187

Trust: 0.5

url:http://lcamtuf.blogspot.de/2014/09/bash-bug-apply-unofficial-patch-now.html

Trust: 0.3

url:http://www.gnu.org/software/bash/

Trust: 0.3

url:https://lists.gnu.org/archive/html/bug-bash/2014-10/msg00040.html

Trust: 0.3

url:https://supportcenter.checkpoint.com/supportcenter/portal?eventsubmit_dogoviewsolutiondetails=&solutionid=sk102673

Trust: 0.3

url:https://kc.mcafee.com/corporate/index?page=content&id=kb83017

Trust: 0.3

url:https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_bash

Trust: 0.3

url:http://lcamtuf.blogspot.in/2014/09/quick-notes-about-bash-bug-its-impact.html

Trust: 0.3

url:https://www-304.ibm.com/connections/blogs/psirt/entry/security_bulletin_vulnerabilities_in_bash_affect_certain_qlogic_products_that_ibm_resells_for_bladecenter_and_flex_system_products_cve_2014_6271_c

Trust: 0.3

url:http://www.huawei.com/en/security/psirt/security-bulletins/security-notices/archive/hw-372538.htm

Trust: 0.3

url:http://support.f5.com/kb/en-us/solutions/public/15000/600/sol15629.html?ref=rss

Trust: 0.3

url:http://www.ibm.com/support/docview.wss?uid=ssg1s1004932

Trust: 0.3

url:http://www.ibm.com/support/docview.wss?uid=swg21686433

Trust: 0.3

url:http://www.ibm.com/support/docview.wss?uid=isg3t1021361

Trust: 0.3

url:http://www.ibm.com/support/docview.wss?uid=swg21686494

Trust: 0.3

url:http://www.ibm.com/support/docview.wss?uid=swg21686445

Trust: 0.3

url:http://www.ibm.com/support/docview.wss?uid=ssg1s1004903

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004928

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004911

Trust: 0.3

url:http://www.ibm.com/support/docview.wss?uid=swg21686479

Trust: 0.3

url:https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04497075

Trust: 0.3

url:http://seclists.org/fulldisclosure/2014/oct/25

Trust: 0.3

url:http://kb.juniper.net/infocenter/index?page=content&id=jsa10661&cat=sirt_1&actp=list

Trust: 0.3

url:https://downloads.avaya.com/css/p8/documents/100183172

Trust: 0.3

url:https://ics-cert.us-cert.gov/advisories/supplement-icsa-14-269-01

Trust: 0.3

url:http://www.kb.cert.org/vuls/id/bluu-9paps5

Trust: 0.3

url:https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04479398

Trust: 0.3

url:https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04479402

Trust: 0.3

url:https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04479601

Trust: 0.3

url:https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04479505

Trust: 0.3

url:https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04479492

Trust: 0.3

url:https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04475942

Trust: 0.3

url:https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04471532

Trust: 0.3

url:https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04488200

Trust: 0.3

url:https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04478866

Trust: 0.3

url:https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04479536

Trust: 0.3

url:https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04540692

Trust: 0.3

url:http://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04561445

Trust: 0.3

url:https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04471546

Trust: 0.3

url:https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04471538

Trust: 0.3

url:https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04497042

Trust: 0.3

url:https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04512907

Trust: 0.3

url:http://seclists.org/bugtraq/2015/feb/76

Trust: 0.3

url:https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04558068

Trust: 0.3

url:http://seclists.org/bugtraq/2015/feb/77

Trust: 0.3

url:https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04487558

Trust: 0.3

url:https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04487573

Trust: 0.3

url:https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04496383

Trust: 0.3

url:http://www.kb.cert.org/vuls/id/bluu-9paptm

Trust: 0.3

url:http://www.kb.cert.org/vuls/id/bluu-9paptz

Trust: 0.3

url:https://www.xerox.com/download/security/security-bulletin/1a2e5-5116a33c2fb27/cert_security_mini-_bulletin_xrx15k_for_77xx_r15-03_v1.0.pdf

Trust: 0.3

url:https://www.xerox.com/download/security/security-bulletin/2b8d8-513128526dd97/cert_security_mini-_bulletin_xrx15m_for_wc75xx_v1_1.pdf

Trust: 0.3

url:https://www.xerox.com/download/security/security-bulletin/2eeef-51056e459c6d8/cert_security_mini-_bulletin_xrx15h_for_p7800_v1_0.pdf

Trust: 0.3

url:https://www.xerox.com/download/security/security-bulletin/2a20e-5105457a515cc/cert_security_mini-_bulletin_xrx15e_for_wc57xx_v1_0.pdf

Trust: 0.3

url:https://www.xerox.com/download/security/security-bulletin/2a901-510567b876a35/cert_security_mini-_bulletin_xrx15g_for_p6700_v1_0.pdf

Trust: 0.3

url:https://www.xerox.com/download/security/security-bulletin/29a7e-50e49f9c009f9/cert_security_mini_bulletin_xrx14g_for_77xx_v1.1.pdf

Trust: 0.3

url:https://www.xerox.com/download/security/security-bulletin/1a7a1-50f12e334b734/cert_security_mini-_bulletin_xrx14h_for_wc59xx_v1.pdf

Trust: 0.3

url:https://www.xerox.com/download/security/security-bulletin/2df3c-51055b159fd50/cert_security_mini_bulletin_xrx15f_for_connectkey_1.5_v1-01.pdf

Trust: 0.3

url:http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-377648.htm

Trust: 0.3

url:https://www-304.ibm.com/support/docview.wss?uid=ssg1s1004982

Trust: 0.3

url:https://www-304.ibm.com/support/docview.wss?uid=ssg1s1004879

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21685873

Trust: 0.3

url:https://www-304.ibm.com/support/docview.wss?uid=swg21686132

Trust: 0.3

url:http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5096533

Trust: 0.3

url:https://www-304.ibm.com/support/docview.wss?uid=swg21686024

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21686037

Trust: 0.3

url:https://www-304.ibm.com/support/docview.wss?uid=swg21685733

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21686171

Trust: 0.3

url:https://www-304.ibm.com/support/docview.wss?uid=swg21686098

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21685875

Trust: 0.3

url:https://www-304.ibm.com/support/docview.wss?uid=nas8n1020272

Trust: 0.3

url:https://www-304.ibm.com/support/docview.wss?uid=swg21685541

Trust: 0.3

url:https://www-304.ibm.com/support/docview.wss?uid=ssg1s1004905

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21685673

Trust: 0.3

url:https://www-304.ibm.com/support/docview.wss?uid=swg21685837

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21687971

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21685691

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004933

Trust: 0.3

url:http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5096503

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004945

Trust: 0.3

url:https://downloads.avaya.com/css/p8/documents/100183088

Trust: 0.3

url:https://cwe.mitre.org/data/definitions/78.html

Trust: 0.1

url:https://www.securityfocus.com/bid/70166

Trust: 0.1

url:http://tools.cisco.com/security/center/viewalert.x?alertid=35880

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://usn.ubuntu.com/2380-1/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-0224

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/bash/4.2-2ubuntu2.6

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/bash/4.3-7ubuntu1.5

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/bash/4.1-2ubuntu3.5

Trust: 0.1

url:http://www.hp.com/support/eslg3

Trust: 0.1

url:http://h20272.www2.hp.com/

Trust: 0.1

sources: CERT/CC: VU#252743 // VULMON: CVE-2014-6278 // BID: 70166 // JVNDB: JVNDB-2014-004476 // JVNDB: JVNDB-2014-000126 // PACKETSTORM: 128764 // PACKETSTORM: 128606 // PACKETSTORM: 129069 // PACKETSTORM: 129070 // PACKETSTORM: 128864 // PACKETSTORM: 130335 // PACKETSTORM: 128760 // NVD: CVE-2014-6278

CREDITS

HP

Trust: 0.6

sources: PACKETSTORM: 128764 // PACKETSTORM: 129069 // PACKETSTORM: 129070 // PACKETSTORM: 128864 // PACKETSTORM: 130335 // PACKETSTORM: 128760

SOURCES

db:CERT/CCid:VU#252743
db:VULMONid:CVE-2014-6278
db:BIDid:70166
db:JVNDBid:JVNDB-2014-004476
db:JVNDBid:JVNDB-2014-000126
db:PACKETSTORMid:128764
db:PACKETSTORMid:128606
db:PACKETSTORMid:129069
db:PACKETSTORMid:129070
db:PACKETSTORMid:128864
db:PACKETSTORMid:130335
db:PACKETSTORMid:128760
db:NVDid:CVE-2014-6278

LAST UPDATE DATE

2024-11-20T21:55:13.242000+00:00


SOURCES UPDATE DATE

db:CERT/CCid:VU#252743date:2015-04-14T00:00:00
db:VULMONid:CVE-2014-6278date:2021-11-17T00:00:00
db:BIDid:70166date:2016-07-05T21:53:00
db:JVNDBid:JVNDB-2014-004476date:2015-12-24T00:00:00
db:JVNDBid:JVNDB-2014-000126date:2024-07-18T02:27:00
db:NVDid:CVE-2014-6278date:2021-11-17T22:15:36.700

SOURCES RELEASE DATE

db:CERT/CCid:VU#252743date:2014-09-25T00:00:00
db:VULMONid:CVE-2014-6278date:2014-09-30T00:00:00
db:BIDid:70166date:2014-09-27T00:00:00
db:JVNDBid:JVNDB-2014-004476date:2014-10-01T00:00:00
db:JVNDBid:JVNDB-2014-000126date:2014-10-28T00:00:00
db:PACKETSTORMid:128764date:2014-10-20T17:57:00
db:PACKETSTORMid:128606date:2014-10-09T23:44:16
db:PACKETSTORMid:129069date:2014-11-12T18:13:47
db:PACKETSTORMid:129070date:2014-11-12T18:13:53
db:PACKETSTORMid:128864date:2014-10-27T23:44:00
db:PACKETSTORMid:130335date:2015-02-10T17:43:19
db:PACKETSTORMid:128760date:2014-10-20T17:03:00
db:NVDid:CVE-2014-6278date:2014-09-30T10:55:04.723