// For flags

CVE-2014-6277

Binary File Descriptor Library (libbfd) - Out-of-Bounds Crash

Severity Score

10.0
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

4
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access, and untrusted-pointer read and write operations) via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271 and CVE-2014-7169.

GNU Bash hasta 4.3 bash43-026 no analiza debidamente las definiciones de funciones en los valores de las variables de entornos, lo que permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (acceso a memoria no inicializada, y operaciones de leer y escribir de puntero no confiables) a través de un entorno manipulado, como fue demostrado por vectores que involucran la característica ForceCommand en OpenSSH sshd, los módulos mod_cgi y mod_cgid en el servidor de Apache HTTP , secuencias de comandos ejecutados por clientes DHCP no especificados, y otras situaciones en que la configuración del entorno ocurre cruzando un límite de privilegios de la ejecución de Bash. NOTA: esta vulnerabilidad existe debido a una solución incompleta para CVE-2014-6271 y CVE-2014-7169.

DNS reverse lookups can be used as a vector of attack for the bash shellshock vulnerability.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2014-09-09 CVE Reserved
  • 2014-09-27 CVE Published
  • 2014-09-29 First Exploit
  • 2024-08-06 CVE Updated
  • 2024-11-13 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CAPEC
References (112)
URL Tag Source
http://jvn.jp/en/jp/JVN55667175/index.html Third Party Advisory
http://jvndb.jvn.jp/jvndb/JVNDB-2014-000126 Third Party Advisory
http://lcamtuf.blogspot.com/2014/10/bash-bug-how-we-finally-cracked.html X_refsource_misc
http://linux.oracle.com/errata/ELSA-2014-3093 X_refsource_confirm
http://linux.oracle.com/errata/ELSA-2014-3094 X_refsource_confirm
http://packetstormsecurity.com/files/128567/CA-Technologies-GNU-Bash-Shellshock.html X_refsource_misc
http://secunia.com/advisories/58200 Third Party Advisory
http://secunia.com/advisories/59907 Third Party Advisory
http://secunia.com/advisories/59961 Third Party Advisory
http://secunia.com/advisories/60024 Third Party Advisory
http://secunia.com/advisories/60034 Third Party Advisory
http://secunia.com/advisories/60044 Third Party Advisory
http://secunia.com/advisories/60055 Third Party Advisory
http://secunia.com/advisories/60063 Third Party Advisory
http://secunia.com/advisories/60193 Third Party Advisory
http://secunia.com/advisories/60325 Third Party Advisory
http://secunia.com/advisories/60433 Third Party Advisory
http://secunia.com/advisories/61065 Third Party Advisory
http://secunia.com/advisories/61128 Third Party Advisory
http://secunia.com/advisories/61129 Third Party Advisory
http://secunia.com/advisories/61283 Third Party Advisory
http://secunia.com/advisories/61287 Third Party Advisory
http://secunia.com/advisories/61291 Third Party Advisory
http://secunia.com/advisories/61312 Third Party Advisory
http://secunia.com/advisories/61313 Third Party Advisory
http://secunia.com/advisories/61328 Third Party Advisory
http://secunia.com/advisories/61442 Third Party Advisory
http://secunia.com/advisories/61471 Third Party Advisory
http://secunia.com/advisories/61485 Third Party Advisory
http://secunia.com/advisories/61503 Third Party Advisory
http://secunia.com/advisories/61550 Third Party Advisory
http://secunia.com/advisories/61552 Third Party Advisory
http://secunia.com/advisories/61565 Third Party Advisory
http://secunia.com/advisories/61603 Third Party Advisory
http://secunia.com/advisories/61633 Third Party Advisory
http://secunia.com/advisories/61641 Third Party Advisory
http://secunia.com/advisories/61643 Third Party Advisory
http://secunia.com/advisories/61654 Third Party Advisory
http://secunia.com/advisories/61703 Third Party Advisory
http://secunia.com/advisories/61780 Third Party Advisory
http://secunia.com/advisories/61816 Third Party Advisory
http://secunia.com/advisories/61857 Third Party Advisory
http://secunia.com/advisories/62312 Third Party Advisory
http://secunia.com/advisories/62343 Third Party Advisory
http://support.apple.com/HT204244 X_refsource_confirm
http://support.novell.com/security/cve/CVE-2014-6277.html X_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=isg3T1021272 X_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=isg3T1021279 X_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=isg3T1021361 X_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004879 X_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004897 X_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004898 X_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004915 X_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21685541 X_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21685604 X_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21685733 X_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21685749 X_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21685914 X_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21686131 X_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21686246 X_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21686445 X_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21686479 X_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21686494 X_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21687079 X_refsource_confirm
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096315 X_refsource_confirm
http://www.novell.com/support/kb/doc.php?id=7015721 X_refsource_confirm
http://www.oracle.com/technetwork/topics/security/bashcve-2014-7169-2317675.html X_refsource_confirm
http://www.qnap.com/i/en/support/con_show.php?cid=61 X_refsource_confirm
http://www.vmware.com/security/advisories/VMSA-2014-0010.html X_refsource_confirm
https://kb.bluecoat.com/index?page=content&id=SA82 X_refsource_confirm
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10648 X_refsource_confirm
https://kc.mcafee.com/corporate/index?page=content&id=SB10085 X_refsource_confirm
https://support.apple.com/HT205267 X_refsource_confirm
https://support.citrix.com/article/CTX200217 X_refsource_confirm
https://support.citrix.com/article/CTX200223 X_refsource_confirm
https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15629.html X_refsource_confirm
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04497075 X_refsource_confirm
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04518183 X_refsource_confirm
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk102673&src=securityAlerts X_refsource_confirm
https://www.suse.com/support/shellshock X_refsource_confirm
URL Date SRC
URL Date SRC
http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html 2018-08-09
http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html 2018-08-09
http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00004.html 2018-08-09
http://lists.opensuse.org/opensuse-updates/2014-10/msg00025.html 2018-08-09
http://marc.info/?l=bugtraq&m=141330468527613&w=2 2018-08-09
http://marc.info/?l=bugtraq&m=141345648114150&w=2 2018-08-09
http://marc.info/?l=bugtraq&m=141383026420882&w=2 2018-08-09
http://marc.info/?l=bugtraq&m=141383081521087&w=2 2018-08-09
http://marc.info/?l=bugtraq&m=141383196021590&w=2 2018-08-09
http://marc.info/?l=bugtraq&m=141383244821813&w=2 2018-08-09
http://marc.info/?l=bugtraq&m=141383304022067&w=2 2018-08-09
http://marc.info/?l=bugtraq&m=141383353622268&w=2 2018-08-09
http://marc.info/?l=bugtraq&m=141383465822787&w=2 2018-08-09
http://marc.info/?l=bugtraq&m=141450491804793&w=2 2018-08-09
http://marc.info/?l=bugtraq&m=141576728022234&w=2 2018-08-09
http://marc.info/?l=bugtraq&m=141577137423233&w=2 2018-08-09
http://marc.info/?l=bugtraq&m=141577241923505&w=2 2018-08-09
http://marc.info/?l=bugtraq&m=141577297623641&w=2 2018-08-09
http://marc.info/?l=bugtraq&m=141585637922673&w=2 2018-08-09
http://marc.info/?l=bugtraq&m=141879528318582&w=2 2018-08-09
http://marc.info/?l=bugtraq&m=142118135300698&w=2 2018-08-09
http://marc.info/?l=bugtraq&m=142289270617409&w=2 2018-08-09
http://marc.info/?l=bugtraq&m=142358026505815&w=2 2018-08-09
http://marc.info/?l=bugtraq&m=142358078406056&w=2 2018-08-09
http://marc.info/?l=bugtraq&m=142721162228379&w=2 2018-08-09
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash 2018-08-09
http://www.mandriva.com/security/advisories?name=MDVSA-2015:164 2018-08-09
http://www.ubuntu.com/usn/USN-2380-1 2018-08-09
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Gnu
Search vendor "Gnu"
Bash
Search vendor "Gnu" for product "Bash"
1.14.0
Search vendor "Gnu" for product "Bash" and version "1.14.0"
-
Affected
Gnu
Search vendor "Gnu"
Bash
Search vendor "Gnu" for product "Bash"
1.14.1
Search vendor "Gnu" for product "Bash" and version "1.14.1"
-
Affected
Gnu
Search vendor "Gnu"
Bash
Search vendor "Gnu" for product "Bash"
1.14.2
Search vendor "Gnu" for product "Bash" and version "1.14.2"
-
Affected
Gnu
Search vendor "Gnu"
Bash
Search vendor "Gnu" for product "Bash"
1.14.3
Search vendor "Gnu" for product "Bash" and version "1.14.3"
-
Affected
Gnu
Search vendor "Gnu"
Bash
Search vendor "Gnu" for product "Bash"
1.14.4
Search vendor "Gnu" for product "Bash" and version "1.14.4"
-
Affected
Gnu
Search vendor "Gnu"
Bash
Search vendor "Gnu" for product "Bash"
1.14.5
Search vendor "Gnu" for product "Bash" and version "1.14.5"
-
Affected
Gnu
Search vendor "Gnu"
Bash
Search vendor "Gnu" for product "Bash"
1.14.6
Search vendor "Gnu" for product "Bash" and version "1.14.6"
-
Affected
Gnu
Search vendor "Gnu"
Bash
Search vendor "Gnu" for product "Bash"
1.14.7
Search vendor "Gnu" for product "Bash" and version "1.14.7"
-
Affected
Gnu
Search vendor "Gnu"
Bash
Search vendor "Gnu" for product "Bash"
2.0
Search vendor "Gnu" for product "Bash" and version "2.0"
-
Affected
Gnu
Search vendor "Gnu"
Bash
Search vendor "Gnu" for product "Bash"
2.01
Search vendor "Gnu" for product "Bash" and version "2.01"
-
Affected
Gnu
Search vendor "Gnu"
Bash
Search vendor "Gnu" for product "Bash"
2.01.1
Search vendor "Gnu" for product "Bash" and version "2.01.1"
-
Affected
Gnu
Search vendor "Gnu"
Bash
Search vendor "Gnu" for product "Bash"
2.02
Search vendor "Gnu" for product "Bash" and version "2.02"
-
Affected
Gnu
Search vendor "Gnu"
Bash
Search vendor "Gnu" for product "Bash"
2.02.1
Search vendor "Gnu" for product "Bash" and version "2.02.1"
-
Affected
Gnu
Search vendor "Gnu"
Bash
Search vendor "Gnu" for product "Bash"
2.03
Search vendor "Gnu" for product "Bash" and version "2.03"
-
Affected
Gnu
Search vendor "Gnu"
Bash
Search vendor "Gnu" for product "Bash"
2.04
Search vendor "Gnu" for product "Bash" and version "2.04"
-
Affected
Gnu
Search vendor "Gnu"
Bash
Search vendor "Gnu" for product "Bash"
2.05
Search vendor "Gnu" for product "Bash" and version "2.05"
-
Affected
Gnu
Search vendor "Gnu"
Bash
Search vendor "Gnu" for product "Bash"
2.05
Search vendor "Gnu" for product "Bash" and version "2.05"
a
Affected
Gnu
Search vendor "Gnu"
Bash
Search vendor "Gnu" for product "Bash"
2.05
Search vendor "Gnu" for product "Bash" and version "2.05"
b
Affected
Gnu
Search vendor "Gnu"
Bash
Search vendor "Gnu" for product "Bash"
3.0
Search vendor "Gnu" for product "Bash" and version "3.0"
-
Affected
Gnu
Search vendor "Gnu"
Bash
Search vendor "Gnu" for product "Bash"
3.0.16
Search vendor "Gnu" for product "Bash" and version "3.0.16"
-
Affected
Gnu
Search vendor "Gnu"
Bash
Search vendor "Gnu" for product "Bash"
3.1
Search vendor "Gnu" for product "Bash" and version "3.1"
-
Affected
Gnu
Search vendor "Gnu"
Bash
Search vendor "Gnu" for product "Bash"
3.2
Search vendor "Gnu" for product "Bash" and version "3.2"
-
Affected
Gnu
Search vendor "Gnu"
Bash
Search vendor "Gnu" for product "Bash"
3.2.48
Search vendor "Gnu" for product "Bash" and version "3.2.48"
-
Affected
Gnu
Search vendor "Gnu"
Bash
Search vendor "Gnu" for product "Bash"
4.0
Search vendor "Gnu" for product "Bash" and version "4.0"
-
Affected
Gnu
Search vendor "Gnu"
Bash
Search vendor "Gnu" for product "Bash"
4.0
Search vendor "Gnu" for product "Bash" and version "4.0"
rc1
Affected
Gnu
Search vendor "Gnu"
Bash
Search vendor "Gnu" for product "Bash"
4.1
Search vendor "Gnu" for product "Bash" and version "4.1"
-
Affected
Gnu
Search vendor "Gnu"
Bash
Search vendor "Gnu" for product "Bash"
4.2
Search vendor "Gnu" for product "Bash" and version "4.2"
-
Affected
Gnu
Search vendor "Gnu"
Bash
Search vendor "Gnu" for product "Bash"
4.3
Search vendor "Gnu" for product "Bash" and version "4.3"
-
Affected