CVE-2014-7186
dhclient 4.1 - Bash Environment Variable Command Injection (Shellshock)
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
3Exploited in Wild
-Decision
Descriptions
The redirection implementation in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted use of here documents, aka the "redir_stack" issue.
La implementación de redirección en parse.y en GNU Bash hasta 4.3 bash43-026 permite a atacantes remotos causar una denegación de servicio (acceso a array fuera de rango y caída de la aplicación) o posiblemente tener otro impacto no especificado a través de el uso manipulado de documentos here, también conocido como el problema 'redir_stack'.
It was discovered that the fixed-sized redir_stack could be forced to overflow in the Bash parser, resulting in memory corruption, and possibly leading to arbitrary code execution when evaluating untrusted input that would not otherwise be run as code.
DNS reverse lookups can be used as a vector of attack for the bash shellshock vulnerability.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2014-09-25 CVE Reserved
- 2014-09-27 CVE Published
- 2014-09-29 First Exploit
- 2024-06-24 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (129)
URL | Date | SRC |
---|---|---|
https://www.exploit-db.com/exploits/36933 | 2014-09-29 | |
https://www.exploit-db.com/exploits/34860 | 2014-10-02 | |
http://openwall.com/lists/oss-security/2014/09/25/32 | 2024-08-06 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Gnu Search vendor "Gnu" | Bash Search vendor "Gnu" for product "Bash" | 1.14.0 Search vendor "Gnu" for product "Bash" and version "1.14.0" | - |
Affected
| ||||||
Gnu Search vendor "Gnu" | Bash Search vendor "Gnu" for product "Bash" | 1.14.1 Search vendor "Gnu" for product "Bash" and version "1.14.1" | - |
Affected
| ||||||
Gnu Search vendor "Gnu" | Bash Search vendor "Gnu" for product "Bash" | 1.14.2 Search vendor "Gnu" for product "Bash" and version "1.14.2" | - |
Affected
| ||||||
Gnu Search vendor "Gnu" | Bash Search vendor "Gnu" for product "Bash" | 1.14.3 Search vendor "Gnu" for product "Bash" and version "1.14.3" | - |
Affected
| ||||||
Gnu Search vendor "Gnu" | Bash Search vendor "Gnu" for product "Bash" | 1.14.4 Search vendor "Gnu" for product "Bash" and version "1.14.4" | - |
Affected
| ||||||
Gnu Search vendor "Gnu" | Bash Search vendor "Gnu" for product "Bash" | 1.14.5 Search vendor "Gnu" for product "Bash" and version "1.14.5" | - |
Affected
| ||||||
Gnu Search vendor "Gnu" | Bash Search vendor "Gnu" for product "Bash" | 1.14.6 Search vendor "Gnu" for product "Bash" and version "1.14.6" | - |
Affected
| ||||||
Gnu Search vendor "Gnu" | Bash Search vendor "Gnu" for product "Bash" | 1.14.7 Search vendor "Gnu" for product "Bash" and version "1.14.7" | - |
Affected
| ||||||
Gnu Search vendor "Gnu" | Bash Search vendor "Gnu" for product "Bash" | 2.0 Search vendor "Gnu" for product "Bash" and version "2.0" | - |
Affected
| ||||||
Gnu Search vendor "Gnu" | Bash Search vendor "Gnu" for product "Bash" | 2.01 Search vendor "Gnu" for product "Bash" and version "2.01" | - |
Affected
| ||||||
Gnu Search vendor "Gnu" | Bash Search vendor "Gnu" for product "Bash" | 2.01.1 Search vendor "Gnu" for product "Bash" and version "2.01.1" | - |
Affected
| ||||||
Gnu Search vendor "Gnu" | Bash Search vendor "Gnu" for product "Bash" | 2.02 Search vendor "Gnu" for product "Bash" and version "2.02" | - |
Affected
| ||||||
Gnu Search vendor "Gnu" | Bash Search vendor "Gnu" for product "Bash" | 2.02.1 Search vendor "Gnu" for product "Bash" and version "2.02.1" | - |
Affected
| ||||||
Gnu Search vendor "Gnu" | Bash Search vendor "Gnu" for product "Bash" | 2.03 Search vendor "Gnu" for product "Bash" and version "2.03" | - |
Affected
| ||||||
Gnu Search vendor "Gnu" | Bash Search vendor "Gnu" for product "Bash" | 2.04 Search vendor "Gnu" for product "Bash" and version "2.04" | - |
Affected
| ||||||
Gnu Search vendor "Gnu" | Bash Search vendor "Gnu" for product "Bash" | 2.05 Search vendor "Gnu" for product "Bash" and version "2.05" | - |
Affected
| ||||||
Gnu Search vendor "Gnu" | Bash Search vendor "Gnu" for product "Bash" | 2.05 Search vendor "Gnu" for product "Bash" and version "2.05" | a |
Affected
| ||||||
Gnu Search vendor "Gnu" | Bash Search vendor "Gnu" for product "Bash" | 2.05 Search vendor "Gnu" for product "Bash" and version "2.05" | b |
Affected
| ||||||
Gnu Search vendor "Gnu" | Bash Search vendor "Gnu" for product "Bash" | 3.0 Search vendor "Gnu" for product "Bash" and version "3.0" | - |
Affected
| ||||||
Gnu Search vendor "Gnu" | Bash Search vendor "Gnu" for product "Bash" | 3.0.16 Search vendor "Gnu" for product "Bash" and version "3.0.16" | - |
Affected
| ||||||
Gnu Search vendor "Gnu" | Bash Search vendor "Gnu" for product "Bash" | 3.1 Search vendor "Gnu" for product "Bash" and version "3.1" | - |
Affected
| ||||||
Gnu Search vendor "Gnu" | Bash Search vendor "Gnu" for product "Bash" | 3.2 Search vendor "Gnu" for product "Bash" and version "3.2" | - |
Affected
| ||||||
Gnu Search vendor "Gnu" | Bash Search vendor "Gnu" for product "Bash" | 3.2.48 Search vendor "Gnu" for product "Bash" and version "3.2.48" | - |
Affected
| ||||||
Gnu Search vendor "Gnu" | Bash Search vendor "Gnu" for product "Bash" | 4.0 Search vendor "Gnu" for product "Bash" and version "4.0" | - |
Affected
| ||||||
Gnu Search vendor "Gnu" | Bash Search vendor "Gnu" for product "Bash" | 4.0 Search vendor "Gnu" for product "Bash" and version "4.0" | rc1 |
Affected
| ||||||
Gnu Search vendor "Gnu" | Bash Search vendor "Gnu" for product "Bash" | 4.1 Search vendor "Gnu" for product "Bash" and version "4.1" | - |
Affected
| ||||||
Gnu Search vendor "Gnu" | Bash Search vendor "Gnu" for product "Bash" | 4.2 Search vendor "Gnu" for product "Bash" and version "4.2" | - |
Affected
| ||||||
Gnu Search vendor "Gnu" | Bash Search vendor "Gnu" for product "Bash" | 4.3 Search vendor "Gnu" for product "Bash" and version "4.3" | - |
Affected
|