← back
CVE-2014-6271

CVE-2014-6271

CVSS 9.8 CRITICALEPSS 100.0%● KEVCWE-78
In short

Bash processes extra code hidden in environment variables, allowing attackers to run arbitrary commands on systems using vulnerable versions. This affects servers using SSH, web servers, and DHCP clients.

Technical detail

The vulnerability exists in how Bash parses function definitions in environment variables; attackers can inject arbitrary code after a function definition that executes with the privileges of the Bash process. Attack vectors include SSH forced commands, CGI scripts, and DHCP client environments across privilege boundaries. The initial patch (CVE-2014-7169) proved incomplete, leaving exploitation paths open.

Summary generated and translated by AI from the official description.
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/a
public PoCs found123
githubgithub.com/opsxcq/exploit-CVE-2014-6271232githubgithub.com/scottjpack/shellshock_scanner46githubgithub.com/hmlio/vaas-cve-2014-627122githubgithub.com/b4keSn4ke/CVE-2014-627115githubgithub.com/cj1324/CGIShell13githubgithub.com/francisck/shellshock-cgi12githubgithub.com/indiandragon/Shellshock-Vulnerability-Scan11githubgithub.com/npm/ansible-bashpocalypse6githubgithub.com/P0cL4bs/ShellShock-CGI-Scan6githubgithub.com/zalalov/CVE-2014-62714githubgithub.com/securusglobal/BadBash4githubgithub.com/akr3ch/CVE-2014-62714githubgithub.com/akiraaisha/shellshocker-python3githubgithub.com/K3ysTr0K3R/CVE-2014-6271-EXPLOIT3githubgithub.com/0x00-0x00/CVE-2014-62713githubgithub.com/ramnes/pyshellshock2githubgithub.com/sch3m4/RIS2githubgithub.com/RainMak3r/Rainstorm2githubgithub.com/0xN7y/CVE-2014-62711githubgithub.com/im2sinister/CVE-2014-62711githubgithub.com/Gurguii/cgi-bin-shellshock1githubgithub.com/sunnyjiang/shellshocker-android1githubgithub.com/TheRealCiscoo/Shellshock-Exploit1githubgithub.com/gabemarshall/shocknaww1githubgithub.com/RadYio/CVE-2014-62711githubgithub.com/mochizuki875/CVE-2014-6271-Apache-Debian1githubgithub.com/themson/shellshock1githubgithub.com/Anklebiter87/Cgi-bin_bash_Reverse1githubgithub.com/somhm-solutions/Shell-Shock1githubgithub.com/APSL/salt-shellshock1githubgithub.com/ryeyao/CVE-2014-6271_Test1githubgithub.com/Any3ite/CVE-2014-62711githubgithub.com/proclnas/ShellShock-CGI-Scan1githubgithub.com/teedeedubya/bash-fix-exploit0githubgithub.com/dlitz/bash-cve-2014-6271-fixes0githubgithub.com/ryancnelson/patched-bash-4.30githubgithub.com/jblaine/cookbook-bash-CVE-2014-62710githubgithub.com/rrreeeyyy/cve-2014-6271-spec0githubgithub.com/justzx2011/bash-up0githubgithub.com/mattclegg/CVE-2014-62710githubgithub.com/ilismal/Nessus_CVE-2014-6271_check0githubgithub.com/woltage/CVE-2014-62710githubgithub.com/ariarijp/vagrant-shellshock0githubgithub.com/villadora/CVE-2014-62710githubgithub.com/internero/debian-lenny-bash_3.2.52-cve-2014-62710githubgithub.com/u20024804/bash-3.2-fixed-CVE-2014-62710githubgithub.com/u20024804/bash-4.2-fixed-CVE-2014-62710githubgithub.com/u20024804/bash-4.3-fixed-CVE-2014-62710githubgithub.com/renanvicente/puppet-shellshock0githubgithub.com/352926/shellshock_crawler0githubgithub.com/kelleykong/cve-2014-6271-mengjia-kong0githubgithub.com/huanlu/cve-2014-6271-huan-lu0githubgithub.com/Pilou-Pilou/docker_CVE-2014-6271.0githubgithub.com/heikipikker/shellshock-shell0githubgithub.com/cved-sources/cve-2014-62710githubgithub.com/shawntns/exploit-CVE-2014-62710githubgithub.com/Sindadziy/cve-2014-62710githubgithub.com/wenyu1999/bash-shellshock0githubgithub.com/Sindayifu/CVE-2019-14287-CVE-2014-62710githubgithub.com/rashmikadileeshara/CVE-2014-6271-Shellshock-0githubgithub.com/Dilith006/CVE-2014-62710githubgithub.com/cyberharsh/Shellbash-CVE-2014-62710githubgithub.com/MuirlandOracle/CVE-2014-6271-IPFire0githubgithub.com/anujbhan/shellshock-victim-host0githubgithub.com/FilipStudeny/-CVE-2014-6271-Shellshock-Remote-Command-Injection-0githubgithub.com/mritunjay-k/CVE-2014-62710githubgithub.com/Brandaoo/CVE-2014-62710githubgithub.com/hanmin0512/CVE-2014-6271_pwnable0githubgithub.com/AlissonFaoli/Shellshock0githubgithub.com/ajansha/shellshock0githubgithub.com/YunchoHang/CVE-2014-6271-SHELLSHOCK0githubgithub.com/moften/CVE-2014-62710githubgithub.com/knightc0de/Shellshock_vuln_Exploit0githubgithub.com/rsherstnev/CVE-2014-62710githubgithub.com/RAJMadhusankha/Shellshock-CVE-2014-6271-Exploitation-and-Analysis0githubgithub.com/DrHaitham/CVE-2014-6271-Shellshock-0githubgithub.com/mtaha-sec/bash-apocalypse0githubgithub.com/andres101c/Shellshock-CVE-2014-62710githubgithub.com/Industri4l-H3ll-Xpl0it3rs/CVE-2014-6271-Shellshock0githubgithub.com/0xBlackash/CVE-2014-62710githubgithub.com/ambjlou/it355-lab4-enterprise-lan-security0githubgithub.com/kaleth4/-CVE-2014-62710githubgithub.com/kaleth4/CVE-2014-62710githubgithub.com/V3nG4mxV1p3r/Mobile-Drop-Device-SOC-Detection0githubgithub.com/HevenTafese/Penetration-Testing-Walkthrough-Hacksudo-Thor0githubgithub.com/FacundoMfernandez/pentesting-obioba0githubgithub.com/R3fr4kt/Shocker-TJNULL-OSCP-0githubgithub.com/kowshik-sundararajan/CVE-2014-62710githubgithub.com/w4fz5uck5/ShockZaum-CVE-2014-62710githubgithub.com/Aruthw/CVE-2014-62710cve_referencepacketstormsecurity.com/files/128517/VMware-Security-Advisory-2014-0010.htmlunverifiedexploitdbwww.exploit-db.com/exploits/40619unverifiedexploitdbwww.exploit-db.com/exploits/40938unverifiedexploitdbwww.exploit-db.com/exploits/34900unverifiedexploitdbwww.exploit-db.com/exploits/34766unverifiedexploitdbwww.exploit-db.com/exploits/35115unverifiedexploitdbwww.exploit-db.com/exploits/34765unverifiedexploitdbwww.exploit-db.com/exploits/34860unverifiedexploitdbwww.exploit-db.com/exploits/34879unverifiedcve_referencewww.exploit-db.com/exploits/42938/unverifiedcve_referencewww.exploit-db.com/exploits/40938/unverifiedexploitdbwww.exploit-db.com/exploits/34896unverifiedexploitdbwww.exploit-db.com/exploits/34862unverifiedexploitdbwww.exploit-db.com/exploits/42938unverifiedcve_referencepacketstormsecurity.com/files/128567/CA-Technologies-GNU-Bash-Shellshock.htmlunverifiedcve_referencewww.exploit-db.com/exploits/40619/unverifiedcve_referencewww.exploit-db.com/exploits/39918/unverifiedcve_referencewww.exploit-db.com/exploits/38849/unverifiedcve_referencewww.exploit-db.com/exploits/37816/unverifiedexploitdbwww.exploit-db.com/exploits/37816unverifiedexploitdbwww.exploit-db.com/exploits/36609unverifiedexploitdbwww.exploit-db.com/exploits/35146unverifiedexploitdbwww.exploit-db.com/exploits/38849unverifiedexploitdbwww.exploit-db.com/exploits/34777unverifiedcve_referencewww.exploit-db.com/exploits/34879/unverifiedexploitdbwww.exploit-db.com/exploits/39918unverifiedexploitdbwww.exploit-db.com/exploits/34895unverifiedcve_referencepacketstormsecurity.com/files/161107/SonicWall-SSL-VPN-Shellshock-Remote-Code-Execution.htmlunverifiedcve_referencepacketstormsecurity.com/files/137376/IPFire-Bash-Environment-Variable-Injection-Shellshock.htmlunverifiedcve_referencepacketstormsecurity.com/files/128573/Apache-mod_cgi-Remote-Command-Execution.htmlunverifiedexploitdbwww.exploit-db.com/exploits/34839unverifiedexploitdbwww.exploit-db.com/exploits/36503unverifiedexploitdbwww.exploit-db.com/exploits/36504unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.exploit-db.com/exploits/37816/http://packetstormsecurity.com/files/128517/VMware-Security-Advisory-2014-0010.htmlhttp://lists.opensuse.org/opensuse-security-announce/2014-09/msg00034.htmlhttp://www-01.ibm.com/support/docview.wss?uid=ssg1S1004897http://www-01.ibm.com/support/docview.wss?uid=swg21685749http://marc.info/?l=bugtraq&m=141577137423233&w=2http://marc.info/?l=bugtraq&m=142719845423222&w=2https://www.exploit-db.com/exploits/39918/http://marc.info/?l=bugtraq&m=141216668515282&w=2http://rhn.redhat.com/errata/RHSA-2014-1295.htmlhttp://lists.opensuse.org/opensuse-security-announce/2014-09/msg00037.htmlhttps://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/