← voltar
CVE-2014-6271

CVE-2014-6271

CVSS 9.8 CRITICALEPSS 100.0%● KEVCWE-78
Em resumo

O Bash processa código extra escondido em variáveis de ambiente, permitindo que atacantes executem comandos arbitrários em sistemas com versões vulneráveis. Isso afeta servidores usando SSH, servidores web e clientes DHCP.

Detalhe técnico

A vulnerabilidade existe na forma como o Bash analisa definições de funções em variáveis de ambiente; atacantes podem injetar código arbitrário após uma definição de função que é executado com os privilégios do processo Bash. Vetores de ataque incluem comandos forçados SSH, scripts CGI e ambientes de cliente DHCP através de limites de privilégio. O patch inicial (CVE-2014-7169) se mostrou incompleto, deixando caminhos de exploração abertos.

Resumo gerado e traduzido por IA a partir da descrição oficial.
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Produtos afetados
n/a · n/a
PoCs públicas encontradas123
githubgithub.com/opsxcq/exploit-CVE-2014-6271232githubgithub.com/scottjpack/shellshock_scanner46githubgithub.com/hmlio/vaas-cve-2014-627122githubgithub.com/b4keSn4ke/CVE-2014-627115githubgithub.com/cj1324/CGIShell13githubgithub.com/francisck/shellshock-cgi12githubgithub.com/indiandragon/Shellshock-Vulnerability-Scan11githubgithub.com/npm/ansible-bashpocalypse6githubgithub.com/P0cL4bs/ShellShock-CGI-Scan6githubgithub.com/zalalov/CVE-2014-62714githubgithub.com/securusglobal/BadBash4githubgithub.com/akr3ch/CVE-2014-62714githubgithub.com/akiraaisha/shellshocker-python3githubgithub.com/K3ysTr0K3R/CVE-2014-6271-EXPLOIT3githubgithub.com/0x00-0x00/CVE-2014-62713githubgithub.com/ramnes/pyshellshock2githubgithub.com/sch3m4/RIS2githubgithub.com/RainMak3r/Rainstorm2githubgithub.com/0xN7y/CVE-2014-62711githubgithub.com/im2sinister/CVE-2014-62711githubgithub.com/Gurguii/cgi-bin-shellshock1githubgithub.com/sunnyjiang/shellshocker-android1githubgithub.com/TheRealCiscoo/Shellshock-Exploit1githubgithub.com/gabemarshall/shocknaww1githubgithub.com/RadYio/CVE-2014-62711githubgithub.com/mochizuki875/CVE-2014-6271-Apache-Debian1githubgithub.com/themson/shellshock1githubgithub.com/Anklebiter87/Cgi-bin_bash_Reverse1githubgithub.com/somhm-solutions/Shell-Shock1githubgithub.com/APSL/salt-shellshock1githubgithub.com/ryeyao/CVE-2014-6271_Test1githubgithub.com/Any3ite/CVE-2014-62711githubgithub.com/proclnas/ShellShock-CGI-Scan1githubgithub.com/teedeedubya/bash-fix-exploit0githubgithub.com/dlitz/bash-cve-2014-6271-fixes0githubgithub.com/ryancnelson/patched-bash-4.30githubgithub.com/jblaine/cookbook-bash-CVE-2014-62710githubgithub.com/rrreeeyyy/cve-2014-6271-spec0githubgithub.com/justzx2011/bash-up0githubgithub.com/mattclegg/CVE-2014-62710githubgithub.com/ilismal/Nessus_CVE-2014-6271_check0githubgithub.com/woltage/CVE-2014-62710githubgithub.com/ariarijp/vagrant-shellshock0githubgithub.com/villadora/CVE-2014-62710githubgithub.com/internero/debian-lenny-bash_3.2.52-cve-2014-62710githubgithub.com/u20024804/bash-3.2-fixed-CVE-2014-62710githubgithub.com/u20024804/bash-4.2-fixed-CVE-2014-62710githubgithub.com/u20024804/bash-4.3-fixed-CVE-2014-62710githubgithub.com/renanvicente/puppet-shellshock0githubgithub.com/352926/shellshock_crawler0githubgithub.com/kelleykong/cve-2014-6271-mengjia-kong0githubgithub.com/huanlu/cve-2014-6271-huan-lu0githubgithub.com/Pilou-Pilou/docker_CVE-2014-6271.0githubgithub.com/heikipikker/shellshock-shell0githubgithub.com/cved-sources/cve-2014-62710githubgithub.com/shawntns/exploit-CVE-2014-62710githubgithub.com/Sindadziy/cve-2014-62710githubgithub.com/wenyu1999/bash-shellshock0githubgithub.com/Sindayifu/CVE-2019-14287-CVE-2014-62710githubgithub.com/rashmikadileeshara/CVE-2014-6271-Shellshock-0githubgithub.com/Dilith006/CVE-2014-62710githubgithub.com/cyberharsh/Shellbash-CVE-2014-62710githubgithub.com/MuirlandOracle/CVE-2014-6271-IPFire0githubgithub.com/anujbhan/shellshock-victim-host0githubgithub.com/FilipStudeny/-CVE-2014-6271-Shellshock-Remote-Command-Injection-0githubgithub.com/mritunjay-k/CVE-2014-62710githubgithub.com/Brandaoo/CVE-2014-62710githubgithub.com/hanmin0512/CVE-2014-6271_pwnable0githubgithub.com/AlissonFaoli/Shellshock0githubgithub.com/ajansha/shellshock0githubgithub.com/YunchoHang/CVE-2014-6271-SHELLSHOCK0githubgithub.com/moften/CVE-2014-62710githubgithub.com/knightc0de/Shellshock_vuln_Exploit0githubgithub.com/rsherstnev/CVE-2014-62710githubgithub.com/RAJMadhusankha/Shellshock-CVE-2014-6271-Exploitation-and-Analysis0githubgithub.com/DrHaitham/CVE-2014-6271-Shellshock-0githubgithub.com/mtaha-sec/bash-apocalypse0githubgithub.com/andres101c/Shellshock-CVE-2014-62710githubgithub.com/Industri4l-H3ll-Xpl0it3rs/CVE-2014-6271-Shellshock0githubgithub.com/0xBlackash/CVE-2014-62710githubgithub.com/ambjlou/it355-lab4-enterprise-lan-security0githubgithub.com/kaleth4/-CVE-2014-62710githubgithub.com/kaleth4/CVE-2014-62710githubgithub.com/V3nG4mxV1p3r/Mobile-Drop-Device-SOC-Detection0githubgithub.com/HevenTafese/Penetration-Testing-Walkthrough-Hacksudo-Thor0githubgithub.com/FacundoMfernandez/pentesting-obioba0githubgithub.com/R3fr4kt/Shocker-TJNULL-OSCP-0githubgithub.com/kowshik-sundararajan/CVE-2014-62710githubgithub.com/w4fz5uck5/ShockZaum-CVE-2014-62710githubgithub.com/Aruthw/CVE-2014-62710cve_referencepacketstormsecurity.com/files/128517/VMware-Security-Advisory-2014-0010.htmlnão verificadoexploitdbwww.exploit-db.com/exploits/40619não verificadoexploitdbwww.exploit-db.com/exploits/40938não verificadoexploitdbwww.exploit-db.com/exploits/34900não verificadoexploitdbwww.exploit-db.com/exploits/34766não verificadoexploitdbwww.exploit-db.com/exploits/35115não verificadoexploitdbwww.exploit-db.com/exploits/34765não verificadoexploitdbwww.exploit-db.com/exploits/34860não verificadoexploitdbwww.exploit-db.com/exploits/34879não verificadocve_referencewww.exploit-db.com/exploits/42938/não verificadocve_referencewww.exploit-db.com/exploits/40938/não verificadoexploitdbwww.exploit-db.com/exploits/34896não verificadoexploitdbwww.exploit-db.com/exploits/34862não verificadoexploitdbwww.exploit-db.com/exploits/42938não verificadocve_referencepacketstormsecurity.com/files/128567/CA-Technologies-GNU-Bash-Shellshock.htmlnão verificadocve_referencewww.exploit-db.com/exploits/40619/não verificadocve_referencewww.exploit-db.com/exploits/39918/não verificadocve_referencewww.exploit-db.com/exploits/38849/não verificadocve_referencewww.exploit-db.com/exploits/37816/não verificadoexploitdbwww.exploit-db.com/exploits/37816não verificadoexploitdbwww.exploit-db.com/exploits/36609não verificadoexploitdbwww.exploit-db.com/exploits/35146não verificadoexploitdbwww.exploit-db.com/exploits/38849não verificadoexploitdbwww.exploit-db.com/exploits/34777não verificadocve_referencewww.exploit-db.com/exploits/34879/não verificadoexploitdbwww.exploit-db.com/exploits/39918não verificadoexploitdbwww.exploit-db.com/exploits/34895não verificadocve_referencepacketstormsecurity.com/files/161107/SonicWall-SSL-VPN-Shellshock-Remote-Code-Execution.htmlnão verificadocve_referencepacketstormsecurity.com/files/137376/IPFire-Bash-Environment-Variable-Injection-Shellshock.htmlnão verificadocve_referencepacketstormsecurity.com/files/128573/Apache-mod_cgi-Remote-Command-Execution.htmlnão verificadoexploitdbwww.exploit-db.com/exploits/34839não verificadoexploitdbwww.exploit-db.com/exploits/36503não verificadoexploitdbwww.exploit-db.com/exploits/36504não verificado
⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://www.exploit-db.com/exploits/37816/http://packetstormsecurity.com/files/128517/VMware-Security-Advisory-2014-0010.htmlhttp://lists.opensuse.org/opensuse-security-announce/2014-09/msg00034.htmlhttp://www-01.ibm.com/support/docview.wss?uid=ssg1S1004897http://www-01.ibm.com/support/docview.wss?uid=swg21685749http://marc.info/?l=bugtraq&m=141577137423233&w=2http://marc.info/?l=bugtraq&m=142719845423222&w=2https://www.exploit-db.com/exploits/39918/http://marc.info/?l=bugtraq&m=141216668515282&w=2http://rhn.redhat.com/errata/RHSA-2014-1295.htmlhttp://lists.opensuse.org/opensuse-security-announce/2014-09/msg00037.htmlhttps://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/