Russian Vulnerability Scanner Database

Back to List

CVE-2014-6271

Scores

EPSS

0.942high94.2%
0%20%40%60%80%100%

Percentile: 94.2%

CVSS

9.8critical3.x
0246810

CVSS Score: 9.8/10

All CVSS Scores

CVSS 3.x
9.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS 2.0
7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Description

GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka “ShellShock.” NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.

Scaner-VS 7 — a modern vulnerability management solution

Uses this database for vulnerability detection. High-speed search, cross-platform, advanced configuration audit, and flexible filtering. Suitable for organizations of any size.
Learn more about Scaner-VS 7

Sources

debiannvdredhatubuntu

CWEs

CWE-78

Related Vulnerabilities

BDU:2014-00319BDU:2015-00149BDU:2015-00150BDU:2015-00152BDU:2015-00154BDU:2015-00156BDU:2015-00158BDU:2015-00353BDU:2015-04143BDU:2015-04144BDU:2015-04145BDU:2015-04146BDU:2015-04147BDU:2015-04148BDU:2015-05950BDU:2015-05951BDU:2015-05952BDU:2015-05953BDU:2015-05954BDU:2015-05955BDU:2015-05956BDU:2015-05957BDU:2015-05958BDU:2015-09793BDU:2015-09818

Exploits

Exploit ID: CVE-2014-6271

Source: cisa

URL: https://www.cisa.gov/known-exploited-vulnerabilities-catalog

Exploit ID: 34765

Source: exploitdb

URL: https://www.exploit-db.com/exploits/34765

Exploit ID: 34766

Source: exploitdb

URL: https://www.exploit-db.com/exploits/34766

Exploit ID: 34777

Source: exploitdb

URL: https://www.exploit-db.com/exploits/34777

Exploit ID: 34839

Source: exploitdb

URL: https://www.exploit-db.com/exploits/34839

Exploit ID: 34860

Source: exploitdb

URL: https://www.exploit-db.com/exploits/34860

Exploit ID: 34862

Source: exploitdb

URL: https://www.exploit-db.com/exploits/34862

Exploit ID: 34879

Source: exploitdb

URL: https://www.exploit-db.com/exploits/34879

Exploit ID: 34895

Source: exploitdb

URL: https://www.exploit-db.com/exploits/34895

Exploit ID: 34896

Source: exploitdb

URL: https://www.exploit-db.com/exploits/34896

Exploit ID: 34900

Source: exploitdb

URL: https://www.exploit-db.com/exploits/34900

Exploit ID: 35081

Source: exploitdb

URL: https://www.exploit-db.com/exploits/35081

Exploit ID: 35115

Source: exploitdb

URL: https://www.exploit-db.com/exploits/35115

Exploit ID: 35146

Source: exploitdb

URL: https://www.exploit-db.com/exploits/35146

Exploit ID: 36503

Source: exploitdb

URL: https://www.exploit-db.com/exploits/36503

Exploit ID: 36504

Source: exploitdb

URL: https://www.exploit-db.com/exploits/36504

Exploit ID: 36609

Source: exploitdb

URL: https://www.exploit-db.com/exploits/36609

Exploit ID: 36933

Source: exploitdb

URL: https://www.exploit-db.com/exploits/36933

Exploit ID: 37816

Source: exploitdb

URL: https://www.exploit-db.com/exploits/37816

Exploit ID: 38849

Source: exploitdb

URL: https://www.exploit-db.com/exploits/38849

Exploit ID: 39568

Source: exploitdb

URL: https://www.exploit-db.com/exploits/39568

Exploit ID: 39887

Source: exploitdb

URL: https://www.exploit-db.com/exploits/39887

Exploit ID: 39918

Source: exploitdb

URL: https://www.exploit-db.com/exploits/39918

Exploit ID: 40619

Source: exploitdb

URL: https://www.exploit-db.com/exploits/40619

Exploit ID: 40938

Source: exploitdb

URL: https://www.exploit-db.com/exploits/40938

Exploit ID: 42938

Source: exploitdb

URL: https://www.exploit-db.com/exploits/42938

Recommendations

Source: nvd

Before applying this update, make sure all previously released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258

URL: http://rhn.redhat.com/errata/RHSA-2014-1295.html

Source: nvd

Before applying this update, make sure all previously released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258

URL: http://rhn.redhat.com/errata/RHSA-2014-1294.html

Source: nvd

Before applying this update, make sure all previously released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258

URL: http://rhn.redhat.com/errata/RHSA-2014-1293.html

Vulnerable Software (92)

Type: Configuration

Product: bash

Operating System: ubuntu trusty 14.04

Trait: 
{  "fixed": "4.3-7ubuntu1.1"}

Source: ubuntu

Type: Configuration

Product: bash

Operating System: rhel 4

Trait: 
{  "fixed": "3.0-27.el4.2"}

Source: redhat

Type: Configuration

Product: bash

Operating System: rhel 5

Trait: 
{  "fixed": "3.2-33.el5.1"}

Source: redhat

Type: Configuration

Product: bash

Operating System: rhel 5.6

Trait: 
{  "fixed": "3.2-24.el5_6.1"}

Source: redhat

Type: Configuration

Product: bash

Operating System: rhel 5.9

Trait: 
{  "fixed": "3.2-32.el5_9.2"}

Source: redhat

Type: Configuration

Product: bash

Operating System: rhel 6

Trait: 
{  "fixed": "4.1.2-15.el6_5.1"}

Source: redhat

Type: Configuration

Product: bash

Operating System: rhel 6.2

Trait: 
{  "fixed": "4.1.2-9.el6_2.1"}

Source: redhat

Type: Configuration

Product: bash

Operating System: rhel 6.4

Trait: 
{  "fixed": "4.1.2-15.el6_4.1"}

Source: redhat

Type: Configuration

Product: bash

Operating System: rhel 7

Trait: 
{  "fixed": "4.2.45-5.el7_0.2"}

Source: redhat

Type: Configuration

Product: bash

Operating System: rhel

Trait: 
{  "fixed": "3.2-33.el5_11.1.sjis.1"}

Source: redhat

Type: Configuration

Product: bash

Operating System: rhel

Trait: 
{  "fixed": "4.1.2-15.el6_5.1.sjis.1"}

Source: redhat

Type: Configuration

Product: bash

Operating System: debian

Trait: 
{  "fixed": "4.3-9.1"}

Source: debian

Type: Configuration

Product: bash4

Operating System: altlinux

Trait: 
{  "fixed": "0:4.2.45-alt2"}

Source: redhat

Type: Configuration

Product: bash4-devel

Operating System: altlinux

Trait: 
{  "fixed": "0:4.2.45-alt2"}

Source: redhat

Type: Configuration

Product: bash4-doc

Operating System: altlinux

Trait: 
{  "fixed": "0:4.2.45-alt2"}

Source: redhat

Type: Configuration

Product: bash4-examples

Operating System: altlinux

Trait: 
{  "fixed": "0:4.2.45-alt2"}

Source: redhat

Type: Configuration

Product: rhev-hypervisor6

Operating System: rhel

Trait: 
{  "fixed": "6.5-20140930.1.el6ev"}

Source: redhat

Type: Configuration

Product: sh4

Operating System: altlinux

Trait: 
{  "fixed": "0:4.2.45-alt2"}

Source: redhat

Type: Configuration

Vendor: *

Product: arx_firmware

Operating System: * * *

Trait: 
{  "children": [    {      "cpe_match": [        {          "cpe23uri": "cpe:2.3:o:f5:arx_firmware:*:*:*:*:*:*:*:*",          "versionEndIncluding": "6.4.0",          "versionStartIncluding": "...

Source: nvd

Type: Configuration

Vendor: *

Product: bash

Operating System: * * *

Trait: 
{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:gnu:bash:*:*:*:*:*:*:*:*",      "versionEndIncluding": "4.3",      "vulnerable": true    }  ],  "operator": "OR"}

Source: nvd