CVE-2014-7169
CVE-2014-7169
In short
Bash processes commands hidden after function definitions in environment variables, allowing attackers to execute arbitrary code when Bash runs with elevated privileges. This is a critical flaw because many systems use environment variables to pass data to programs.
Technical detail
CWE-78 OS command injection via environment variable processing. GNU Bash ≤4.3 fails to properly parse function definitions, permitting arbitrary command execution in trailing strings when environment variables cross privilege boundaries (e.g., sshd ForceCommand, Apache CGI, DHCP clients). Incomplete remediation of CVE-2014-6271 leaves the injection vector partially functional.
Summary generated and translated by AI from the official description.
GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/apublic PoCs found — 21
githubgithub.com/chef-boneyard/bash-shellshock★ 5githubgithub.com/Gobinath-B/SHELL-SCHOCK★ 1githubgithub.com/gina-alaska/bash-cve-2014-7169-cookbook★ 0exploitdbwww.exploit-db.com/exploits/34777unverifiedexploitdbwww.exploit-db.com/exploits/34895unverifiedexploitdbwww.exploit-db.com/exploits/34839unverifiedexploitdbwww.exploit-db.com/exploits/36503unverifiedexploitdbwww.exploit-db.com/exploits/36504unverifiedexploitdbwww.exploit-db.com/exploits/34766unverifiedexploitdbwww.exploit-db.com/exploits/35115unverifiedexploitdbwww.exploit-db.com/exploits/36933unverifiedexploitdbwww.exploit-db.com/exploits/34765unverifiedexploitdbwww.exploit-db.com/exploits/34860unverifiedexploitdbwww.exploit-db.com/exploits/34879unverifiedexploitdbwww.exploit-db.com/exploits/34896unverifiedexploitdbwww.exploit-db.com/exploits/34862unverifiedexploitdbwww.exploit-db.com/exploits/36609unverifiedcve_referencepacketstormsecurity.com/files/128517/VMware-Security-Advisory-2014-0010.htmlunverifiedexploitdbwww.exploit-db.com/exploits/35146unverifiedcve_referencepacketstormsecurity.com/files/128567/CA-Technologies-GNU-Bash-Shellshock.htmlunverifiedcve_referencewww.exploit-db.com/exploits/34879/unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://advisories.mageia.org/MGASA-2014-0393.htmlhttp://archives.neohapsis.com/archives/bugtraq/2014-10/0101.htmlhttp://jvndb.jvn.jp/jvndb/JVNDB-2014-000126http://jvn.jp/en/jp/JVN55667175/index.htmlhttp://lcamtuf.blogspot.com/2014/09/quick-notes-about-bash-bug-its-impact.htmlhttp://linux.oracle.com/errata/ELSA-2014-1306.htmlhttp://linux.oracle.com/errata/ELSA-2014-3075.htmlhttp://linux.oracle.com/errata/ELSA-2014-3077.htmlhttp://linux.oracle.com/errata/ELSA-2014-3078.htmlhttp://lists.opensuse.org/opensuse-security-announce/2014-09/msg00038.htmlhttp://lists.opensuse.org/opensuse-security-announce/2014-09/msg00041.htmlhttp://lists.opensuse.org/opensuse-security-announce/2014-09/msg00042.html