CVE Reference: CVE-2014-6278

NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE:
CVE-2014-6278

Description:
GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary commands via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271, CVE-2014-7169, and CVE-2014-6277.

CVE Status:
Candidate

References:

UBUNTU
  http://www.ubuntu.com/usn/USN-2380-1

SUSE
  http://lists.opensuse.org/opensuse-updates/2014-10/msg00025.html
  http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00004.html

SAID
  Secunia Advisory: SA61471
  Secunia Advisory: SA61442
  Secunia Advisory: SA61328
  Secunia Advisory: SA61313
  Secunia Advisory: SA61312
  Secunia Advisory: SA61287
  Secunia Advisory: SA61129
  Secunia Advisory: SA61128
  Secunia Advisory: SA60325
  Secunia Advisory: SA61065
  Secunia Advisory: SA60055
  Secunia Advisory: SA60193
  Secunia Advisory: SA60034
  Secunia Advisory: SA61703
  Secunia Advisory: SA58200
  Secunia Advisory: SA61603
  Secunia Advisory: SA61633
  Secunia Advisory: SA61643
  Secunia Advisory: SA61654
  Secunia Advisory: SA61552
  Secunia Advisory: SA61565
  Secunia Advisory: SA61485
  Secunia Advisory: SA61503
  Secunia Advisory: SA59907
  Secunia Advisory: SA61283
  Secunia Advisory: SA61641
  Secunia Advisory: SA61550
  Secunia Advisory: SA61780
  Secunia Advisory: SA61816
  Secunia Advisory: SA61857
  Secunia Advisory: SA60024
  Secunia Advisory: SA60063
  Secunia Advisory: SA60044
  Secunia Advisory: SA60433
  Secunia Advisory: SA61291
  Secunia Advisory: SA59961
  Secunia Advisory: SA62312
  Secunia Advisory: SA62343

MISC
  http://packetstormsecurity.com/files/128567/CA-Technologies-GNU-Bash-Shellshock.html
  http://lcamtuf.blogspot.com/2014/10/bash-bug-how-we-finally-cracked.html
  http://lcamtuf.blogspot.com/2014/09/bash-bug-apply-unofficial-patch-now.html

MANDRIVA
  http://www.mandriva.com/security/advisories?name=MDVSA-2015:164

JVNDB
  http://jvndb.jvn.jp/jvndb/JVNDB-2014-000126

JVN
  http://jvn.jp/en/jp/JVN55667175/index.html

HP
  http://marc.info/?l=bugtraq&m=142721162228379&w=2
  http://marc.info/?l=bugtraq&m=142118135300698&w=2
  http://marc.info/?l=bugtraq&m=142358078406056&w=2
  http://marc.info/?l=bugtraq&m=142358026505815&w=2
  http://marc.info/?l=bugtraq&m=141879528318582&w=2
  http://marc.info/?l=bugtraq&m=141577241923505&w=2
  http://marc.info/?l=bugtraq&m=141576728022234&w=2
  http://marc.info/?l=bugtraq&m=141577297623641&w=2
  http://marc.info/?l=bugtraq&m=141585637922673&w=2
  http://marc.info/?l=bugtraq&m=141383465822787&w=2
  http://marc.info/?l=bugtraq&m=141577137423233&w=2
  http://marc.info/?l=bugtraq&m=141450491804793&w=2
  http://marc.info/?l=bugtraq&m=141383196021590&w=2
  http://marc.info/?l=bugtraq&m=141383026420882&w=2
  http://marc.info/?l=bugtraq&m=141383081521087&w=2
  http://marc.info/?l=bugtraq&m=141383353622268&w=2
  http://marc.info/?l=bugtraq&m=141330468527613&w=2
  http://marc.info/?l=bugtraq&m=141345648114150&w=2
  http://marc.info/?l=bugtraq&m=141383304022067&w=2
  http://marc.info/?l=bugtraq&m=141383244821813&w=2

CONFIRM
  http://linux.oracle.com/errata/ELSA-2014-3094
  http://linux.oracle.com/errata/ELSA-2014-3093
  http://www.qnap.com/i/en/support/con_show.php?cid=61
  http://www-01.ibm.com/support/docview.wss?uid=swg21686494
  http://www-01.ibm.com/support/docview.wss?uid=swg21687079
  http://www-01.ibm.com/support/docview.wss?uid=swg21686445
  http://www-01.ibm.com/support/docview.wss?uid=swg21686246
  http://www-01.ibm.com/support/docview.wss?uid=isg3T1021361
  http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096315
  http://www-01.ibm.com/support/docview.wss?uid=swg21686479
  http://www-01.ibm.com/support/docview.wss?uid=swg21685733
  http://www-01.ibm.com/support/docview.wss?uid=swg21686131
  http://www-01.ibm.com/support/docview.wss?uid=swg21685541
  http://www-01.ibm.com/support/docview.wss?uid=swg21685604
  http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004915
  http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004897
  http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004898
  http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004879
  http://www-01.ibm.com/support/docview.wss?uid=isg3T1021279
  http://www.vmware.com/security/advisories/VMSA-2014-0010.html
  http://www.novell.com/support/kb/doc.php?id=7015721
  http://www.oracle.com/technetwork/topics/security/bashcve-2014-7169-2317675.html
  http://www-01.ibm.com/support/docview.wss?uid=swg21685914
  http://www-01.ibm.com/support/docview.wss?uid=isg3T1021272
  http://www-01.ibm.com/support/docview.wss?uid=swg21685749
  http://support.novell.com/security/cve/CVE-2014-6278.html

CISCO
  http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash


Return to the previous page.