← volver
CVE-2014-6271

CVE-2014-6271

CVSS 9.8 CRITICALEPSS 100.0%● KEVCWE-78
En resumen

Bash procesa código extra oculto en variables de entorno, permitiendo que atacantes ejecuten comandos arbitrarios en sistemas con versiones vulnerables. Esto afecta servidores que utilizan SSH, servidores web y clientes DHCP.

Detalle técnico

La vulnerabilidad existe en la forma en que Bash analiza definiciones de funciones en variables de entorno; los atacantes pueden inyectar código arbitrario después de una definición de función que se ejecuta con los privilegios del proceso Bash. Los vectores de ataque incluyen comandos forzados SSH, scripts CGI y entornos de cliente DHCP a través de límites de privilegio. El parche inicial (CVE-2014-7169) resultó ser incompleto, dejando abiertos caminos de explotación.

Resumen generado y traducido por IA a partir de la descripción oficial.
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Productos afectados
n/a · n/a
PoCs públicas encontradas123
githubgithub.com/opsxcq/exploit-CVE-2014-6271232githubgithub.com/scottjpack/shellshock_scanner46githubgithub.com/hmlio/vaas-cve-2014-627122githubgithub.com/b4keSn4ke/CVE-2014-627115githubgithub.com/cj1324/CGIShell13githubgithub.com/francisck/shellshock-cgi12githubgithub.com/indiandragon/Shellshock-Vulnerability-Scan11githubgithub.com/npm/ansible-bashpocalypse6githubgithub.com/P0cL4bs/ShellShock-CGI-Scan6githubgithub.com/zalalov/CVE-2014-62714githubgithub.com/securusglobal/BadBash4githubgithub.com/akr3ch/CVE-2014-62714githubgithub.com/akiraaisha/shellshocker-python3githubgithub.com/K3ysTr0K3R/CVE-2014-6271-EXPLOIT3githubgithub.com/0x00-0x00/CVE-2014-62713githubgithub.com/ramnes/pyshellshock2githubgithub.com/sch3m4/RIS2githubgithub.com/RainMak3r/Rainstorm2githubgithub.com/0xN7y/CVE-2014-62711githubgithub.com/im2sinister/CVE-2014-62711githubgithub.com/Gurguii/cgi-bin-shellshock1githubgithub.com/sunnyjiang/shellshocker-android1githubgithub.com/TheRealCiscoo/Shellshock-Exploit1githubgithub.com/gabemarshall/shocknaww1githubgithub.com/RadYio/CVE-2014-62711githubgithub.com/mochizuki875/CVE-2014-6271-Apache-Debian1githubgithub.com/themson/shellshock1githubgithub.com/Anklebiter87/Cgi-bin_bash_Reverse1githubgithub.com/somhm-solutions/Shell-Shock1githubgithub.com/APSL/salt-shellshock1githubgithub.com/ryeyao/CVE-2014-6271_Test1githubgithub.com/Any3ite/CVE-2014-62711githubgithub.com/proclnas/ShellShock-CGI-Scan1githubgithub.com/teedeedubya/bash-fix-exploit0githubgithub.com/dlitz/bash-cve-2014-6271-fixes0githubgithub.com/ryancnelson/patched-bash-4.30githubgithub.com/jblaine/cookbook-bash-CVE-2014-62710githubgithub.com/rrreeeyyy/cve-2014-6271-spec0githubgithub.com/justzx2011/bash-up0githubgithub.com/mattclegg/CVE-2014-62710githubgithub.com/ilismal/Nessus_CVE-2014-6271_check0githubgithub.com/woltage/CVE-2014-62710githubgithub.com/ariarijp/vagrant-shellshock0githubgithub.com/villadora/CVE-2014-62710githubgithub.com/internero/debian-lenny-bash_3.2.52-cve-2014-62710githubgithub.com/u20024804/bash-3.2-fixed-CVE-2014-62710githubgithub.com/u20024804/bash-4.2-fixed-CVE-2014-62710githubgithub.com/u20024804/bash-4.3-fixed-CVE-2014-62710githubgithub.com/renanvicente/puppet-shellshock0githubgithub.com/352926/shellshock_crawler0githubgithub.com/kelleykong/cve-2014-6271-mengjia-kong0githubgithub.com/huanlu/cve-2014-6271-huan-lu0githubgithub.com/Pilou-Pilou/docker_CVE-2014-6271.0githubgithub.com/heikipikker/shellshock-shell0githubgithub.com/cved-sources/cve-2014-62710githubgithub.com/shawntns/exploit-CVE-2014-62710githubgithub.com/Sindadziy/cve-2014-62710githubgithub.com/wenyu1999/bash-shellshock0githubgithub.com/Sindayifu/CVE-2019-14287-CVE-2014-62710githubgithub.com/rashmikadileeshara/CVE-2014-6271-Shellshock-0githubgithub.com/Dilith006/CVE-2014-62710githubgithub.com/cyberharsh/Shellbash-CVE-2014-62710githubgithub.com/MuirlandOracle/CVE-2014-6271-IPFire0githubgithub.com/anujbhan/shellshock-victim-host0githubgithub.com/FilipStudeny/-CVE-2014-6271-Shellshock-Remote-Command-Injection-0githubgithub.com/mritunjay-k/CVE-2014-62710githubgithub.com/Brandaoo/CVE-2014-62710githubgithub.com/hanmin0512/CVE-2014-6271_pwnable0githubgithub.com/AlissonFaoli/Shellshock0githubgithub.com/ajansha/shellshock0githubgithub.com/YunchoHang/CVE-2014-6271-SHELLSHOCK0githubgithub.com/moften/CVE-2014-62710githubgithub.com/knightc0de/Shellshock_vuln_Exploit0githubgithub.com/rsherstnev/CVE-2014-62710githubgithub.com/RAJMadhusankha/Shellshock-CVE-2014-6271-Exploitation-and-Analysis0githubgithub.com/DrHaitham/CVE-2014-6271-Shellshock-0githubgithub.com/mtaha-sec/bash-apocalypse0githubgithub.com/andres101c/Shellshock-CVE-2014-62710githubgithub.com/Industri4l-H3ll-Xpl0it3rs/CVE-2014-6271-Shellshock0githubgithub.com/0xBlackash/CVE-2014-62710githubgithub.com/ambjlou/it355-lab4-enterprise-lan-security0githubgithub.com/kaleth4/-CVE-2014-62710githubgithub.com/kaleth4/CVE-2014-62710githubgithub.com/V3nG4mxV1p3r/Mobile-Drop-Device-SOC-Detection0githubgithub.com/HevenTafese/Penetration-Testing-Walkthrough-Hacksudo-Thor0githubgithub.com/FacundoMfernandez/pentesting-obioba0githubgithub.com/R3fr4kt/Shocker-TJNULL-OSCP-0githubgithub.com/kowshik-sundararajan/CVE-2014-62710githubgithub.com/w4fz5uck5/ShockZaum-CVE-2014-62710githubgithub.com/Aruthw/CVE-2014-62710cve_referencepacketstormsecurity.com/files/128517/VMware-Security-Advisory-2014-0010.htmlno verificadoexploitdbwww.exploit-db.com/exploits/40619no verificadoexploitdbwww.exploit-db.com/exploits/40938no verificadoexploitdbwww.exploit-db.com/exploits/34900no verificadoexploitdbwww.exploit-db.com/exploits/34766no verificadoexploitdbwww.exploit-db.com/exploits/35115no verificadoexploitdbwww.exploit-db.com/exploits/34765no verificadoexploitdbwww.exploit-db.com/exploits/34860no verificadoexploitdbwww.exploit-db.com/exploits/34879no verificadocve_referencewww.exploit-db.com/exploits/42938/no verificadocve_referencewww.exploit-db.com/exploits/40938/no verificadoexploitdbwww.exploit-db.com/exploits/34896no verificadoexploitdbwww.exploit-db.com/exploits/34862no verificadoexploitdbwww.exploit-db.com/exploits/42938no verificadocve_referencepacketstormsecurity.com/files/128567/CA-Technologies-GNU-Bash-Shellshock.htmlno verificadocve_referencewww.exploit-db.com/exploits/40619/no verificadocve_referencewww.exploit-db.com/exploits/39918/no verificadocve_referencewww.exploit-db.com/exploits/38849/no verificadocve_referencewww.exploit-db.com/exploits/37816/no verificadoexploitdbwww.exploit-db.com/exploits/37816no verificadoexploitdbwww.exploit-db.com/exploits/36609no verificadoexploitdbwww.exploit-db.com/exploits/35146no verificadoexploitdbwww.exploit-db.com/exploits/38849no verificadoexploitdbwww.exploit-db.com/exploits/34777no verificadocve_referencewww.exploit-db.com/exploits/34879/no verificadoexploitdbwww.exploit-db.com/exploits/39918no verificadoexploitdbwww.exploit-db.com/exploits/34895no verificadocve_referencepacketstormsecurity.com/files/161107/SonicWall-SSL-VPN-Shellshock-Remote-Code-Execution.htmlno verificadocve_referencepacketstormsecurity.com/files/137376/IPFire-Bash-Environment-Variable-Injection-Shellshock.htmlno verificadocve_referencepacketstormsecurity.com/files/128573/Apache-mod_cgi-Remote-Command-Execution.htmlno verificadoexploitdbwww.exploit-db.com/exploits/34839no verificadoexploitdbwww.exploit-db.com/exploits/36503no verificadoexploitdbwww.exploit-db.com/exploits/36504no verificado
⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://www.exploit-db.com/exploits/37816/http://packetstormsecurity.com/files/128517/VMware-Security-Advisory-2014-0010.htmlhttp://lists.opensuse.org/opensuse-security-announce/2014-09/msg00034.htmlhttp://www-01.ibm.com/support/docview.wss?uid=ssg1S1004897http://www-01.ibm.com/support/docview.wss?uid=swg21685749http://marc.info/?l=bugtraq&m=141577137423233&w=2http://marc.info/?l=bugtraq&m=142719845423222&w=2https://www.exploit-db.com/exploits/39918/http://marc.info/?l=bugtraq&m=141216668515282&w=2http://rhn.redhat.com/errata/RHSA-2014-1295.htmlhttp://lists.opensuse.org/opensuse-security-announce/2014-09/msg00037.htmlhttps://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/