Vulnerability CVE-2014-6278 - Russian Vulnerability Scanner Database

Scores

EPSS

0.901high90.1%

0%20%40%60%80%100%

Percentile: 90.1%

CVSS

8.8high3.x

0246810

CVSS Score: 8.8/10

All CVSS Scores

CVSS 3.x

8.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0

7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Description

GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary commands via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271, CVE-2014-7169, and CVE-2014-6277.

Sources

debiannvdredhatubuntu

CWEs

CWE-119CWE-78

Related Vulnerabilities

BDU:2014-00319 BDU:2015-09794 BDU:2015-09818

Exploits

Exploit ID: CVE-2014-6278

Source: cisa

URL: https://www.cisa.gov/known-exploited-vulnerabilities-catalog

Exploit ID: 34765

Source: exploitdb

URL: https://www.exploit-db.com/exploits/34765

Exploit ID: 34766

Source: exploitdb

URL: https://www.exploit-db.com/exploits/34766

Exploit ID: 34777

Source: exploitdb

URL: https://www.exploit-db.com/exploits/34777

Exploit ID: 34839

Source: exploitdb

URL: https://www.exploit-db.com/exploits/34839

Exploit ID: 34860

Source: exploitdb

URL: https://www.exploit-db.com/exploits/34860

Exploit ID: 34862

Source: exploitdb

URL: https://www.exploit-db.com/exploits/34862

Exploit ID: 34879

Source: exploitdb

URL: https://www.exploit-db.com/exploits/34879

Exploit ID: 34895

Source: exploitdb

URL: https://www.exploit-db.com/exploits/34895

Exploit ID: 34896

Source: exploitdb

URL: https://www.exploit-db.com/exploits/34896

Exploit ID: 34900

Source: exploitdb

URL: https://www.exploit-db.com/exploits/34900

Exploit ID: 35081

Source: exploitdb

URL: https://www.exploit-db.com/exploits/35081

Exploit ID: 35115

Source: exploitdb

URL: https://www.exploit-db.com/exploits/35115

Exploit ID: 35146

Source: exploitdb

URL: https://www.exploit-db.com/exploits/35146

Exploit ID: 36503

Source: exploitdb

URL: https://www.exploit-db.com/exploits/36503

Exploit ID: 36504

Source: exploitdb

URL: https://www.exploit-db.com/exploits/36504

Exploit ID: 36609

Source: exploitdb

URL: https://www.exploit-db.com/exploits/36609

Exploit ID: 36933

Source: exploitdb

URL: https://www.exploit-db.com/exploits/36933

Exploit ID: 37816

Source: exploitdb

URL: https://www.exploit-db.com/exploits/37816

Exploit ID: 38849

Source: exploitdb

URL: https://www.exploit-db.com/exploits/38849

Exploit ID: 39568

Source: exploitdb

URL: https://www.exploit-db.com/exploits/39568

Exploit ID: 39887

Source: exploitdb

URL: https://www.exploit-db.com/exploits/39887

Exploit ID: 39918

Source: exploitdb

URL: https://www.exploit-db.com/exploits/39918

Exploit ID: 40619

Source: exploitdb

URL: https://www.exploit-db.com/exploits/40619

Exploit ID: 40938

Source: exploitdb

URL: https://www.exploit-db.com/exploits/40938

Exploit ID: 42938

Source: exploitdb

URL: https://www.exploit-db.com/exploits/42938

Vulnerable Software (10)

Type: Configuration

Product: bash

Operating System: debian

Trait:

{  "fixed": "4.3-9.2"}

Source: debian

Type: Configuration

Product: bash

Operating System: debian wheezy 7

Trait:

{  "fixed": "4.2+dfsg-0.1+deb7u3"}

Source: debian

Type: Configuration

Product: bash

Operating System: debian squeeze 6

Trait:

{  "fixed": "4.1-3+deb6u2"}

Source: debian

Type: Configuration

Product: bash

Operating System: ubuntu trusty 14.04

Trait:

{  "fixed": "4.3-7ubuntu1.5"}

Source: ubuntu

Type: Configuration

Product: bash4

Operating System: altlinux

Trait:

{  "fixed": "0:4.2.50-alt1"}

Source: redhat

Type: Configuration

Product: bash4-devel

Operating System: altlinux

Trait:

{  "fixed": "0:4.2.50-alt1"}

Source: redhat

Type: Configuration

Product: bash4-doc

Operating System: altlinux

Trait:

{  "fixed": "0:4.2.50-alt1"}

Source: redhat

Type: Configuration

Product: bash4-examples

Operating System: altlinux

Trait:

{  "fixed": "0:4.2.50-alt1"}

Source: redhat

Type: Configuration

Product: sh4

Operating System: altlinux

Trait:

{  "fixed": "0:4.2.50-alt1"}

Source: redhat

Type: Configuration

Vendor: *

Product: bash

Operating System: * * *

Trait:

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:gnu:bash:1.14.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:gnu:bash:1.14.1:*:*:*:*:*:*:*",      "vulnerab...

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:gnu:bash:1.14.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:gnu:bash:1.14.1:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:gnu:bash:1.14.2:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:gnu:bash:1.14.3:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:gnu:bash:1.14.4:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:gnu:bash:1.14.5:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:gnu:bash:1.14.6:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:gnu:bash:1.14.7:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:gnu:bash:2.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:gnu:bash:2.01:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:gnu:bash:2.01.1:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:gnu:bash:2.02:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:gnu:bash:2.02.1:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:gnu:bash:2.03:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:gnu:bash:2.04:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:gnu:bash:2.05:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:gnu:bash:2.05:a:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:gnu:bash:2.05:b:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:gnu:bash:3.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:gnu:bash:3.0.16:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:gnu:bash:3.1:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:gnu:bash:3.2:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:gnu:bash:3.2.48:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:gnu:bash:4.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:gnu:bash:4.0:rc1:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:gnu:bash:4.1:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:gnu:bash:4.2:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:gnu:bash:4.3:*:*:*:*:*:*:*",      "vulnerable": true    }  ],  "operator": "OR"}

Source: nvd

End of list

Russian Vulnerability Scanner Database

CVE-2014-6278

Scores

EPSS

CVSS

All CVSS Scores

Vector Breakdown

CVSS

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact

Vector Breakdown

CVSS

Attack Vector

Attack Complexity

Authentication

Confidentiality Impact

Integrity Impact

Availability Impact

Description

Scaner-VS 7 — a modern vulnerability management solution

Sources

CWEs

Related Vulnerabilities

Exploits

Vulnerable Software (10)