Russian Vulnerability Scanner Database

Back to List

BDU:2015-00158

Scores

EPSS

0.000none0.0%
0%20%40%60%80%100%

Percentile: 0.0%

CVSS

10.0critical2.0
0246810

CVSS Score: 10.0/10

All CVSS Scores

CVSS 2.0
10.0

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Description

Командная оболочка GNU Bash до версии 4.3 включительно ошибочно обрабатывает строки, следующие за объявлением функции, которую экспортируют в качестве переменной. Это позволяет злоумышленнику, действующему удаленно, выполнить произвольный код с помощью вмешательства в переменные окружения. Исследователи безопасности подтвердили возможность эксплуатации этой уязвимости в OpenSSH (sshd, опция ForceCommand), модулях mod_cgi и mod_cgid сервера Apache HTTP, внешних вызовах различных DHCP-клиентов, а также других ситуациях, где переданные извне переменные окружения влияют на выполнение сценариев Bash

Scaner-VS 7 — a modern vulnerability management solution

Uses this database for vulnerability detection. High-speed search, cross-platform, advanced configuration audit, and flexible filtering. Suitable for organizations of any size.
Learn more about Scaner-VS 7

Sources

bdu

Related Vulnerabilities

CVE-2014-6271

Exploits

Exploit ID: 34765

Source: exploitdb

URL: https://www.exploit-db.com/exploits/34765

Exploit ID: 34766

Source: exploitdb

URL: https://www.exploit-db.com/exploits/34766

Exploit ID: 34777

Source: exploitdb

URL: https://www.exploit-db.com/exploits/34777

Exploit ID: 34839

Source: exploitdb

URL: https://www.exploit-db.com/exploits/34839

Exploit ID: 34860

Source: exploitdb

URL: https://www.exploit-db.com/exploits/34860

Exploit ID: 34862

Source: exploitdb

URL: https://www.exploit-db.com/exploits/34862

Exploit ID: 34879

Source: exploitdb

URL: https://www.exploit-db.com/exploits/34879

Exploit ID: 34895

Source: exploitdb

URL: https://www.exploit-db.com/exploits/34895

Exploit ID: 34896

Source: exploitdb

URL: https://www.exploit-db.com/exploits/34896

Exploit ID: 34900

Source: exploitdb

URL: https://www.exploit-db.com/exploits/34900

Exploit ID: 35081

Source: exploitdb

URL: https://www.exploit-db.com/exploits/35081

Exploit ID: 35115

Source: exploitdb

URL: https://www.exploit-db.com/exploits/35115

Exploit ID: 35146

Source: exploitdb

URL: https://www.exploit-db.com/exploits/35146

Exploit ID: 36503

Source: exploitdb

URL: https://www.exploit-db.com/exploits/36503

Exploit ID: 36504

Source: exploitdb

URL: https://www.exploit-db.com/exploits/36504

Exploit ID: 36609

Source: exploitdb

URL: https://www.exploit-db.com/exploits/36609

Exploit ID: 36933

Source: exploitdb

URL: https://www.exploit-db.com/exploits/36933

Exploit ID: 37816

Source: exploitdb

URL: https://www.exploit-db.com/exploits/37816

Exploit ID: 38849

Source: exploitdb

URL: https://www.exploit-db.com/exploits/38849

Exploit ID: 39568

Source: exploitdb

URL: https://www.exploit-db.com/exploits/39568

Exploit ID: 39887

Source: exploitdb

URL: https://www.exploit-db.com/exploits/39887

Exploit ID: 39918

Source: exploitdb

URL: https://www.exploit-db.com/exploits/39918

Exploit ID: 40619

Source: exploitdb

URL: https://www.exploit-db.com/exploits/40619

Exploit ID: 40938

Source: exploitdb

URL: https://www.exploit-db.com/exploits/40938

Exploit ID: 42938

Source: exploitdb

URL: https://www.exploit-db.com/exploits/42938

Reference Links

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271

Recommendations

Source: bdu

Обновление программного обеспечения до версии 10.5.1.98000

URL: https://bdu.fstec.ru/vul/2015-00158

Vulnerable Software (1)

Type: Configuration

Vendor: cisco systems inc.

Product: микропрограммное обеспечение системы коммуникаций cisco unified communications manager

Operating System: * *

Trait: 
{  "version_end_excluding": "10.5.1.98000"}

Source: bdu

End of list