Launchpad.net

CVE 2014-6271

GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.

Related bugs and status

CVE-2014-6271 (Candidate) is related to these bugs:

Bug #1373781: bash incomplete fix for CVE-2014-6271

		In	Importance	Status
1373781	bash incomplete fix for CVE-2014-6271	bash (Ubuntu)	Undecided	Fix Released
1373781	bash incomplete fix for CVE-2014-6271	bash (Ubuntu Lucid)	Undecided	Fix Released
1373781	bash incomplete fix for CVE-2014-6271	bash (Ubuntu Utopic)	Undecided	Fix Released
1373781	bash incomplete fix for CVE-2014-6271	bash (Ubuntu Precise)	Undecided	Fix Released
1373781	bash incomplete fix for CVE-2014-6271	bash (Ubuntu Trusty)	Undecided	Fix Released

Bug #1373965: bash: specially-crafted environment variables can be used to inject shell commands

		In	Importance	Status
1373965	bash: specially-crafted environment variables can be used to inject shell commands	Mirantis OpenStack	Critical	Fix Committed
1373965	bash: specially-crafted environment variables can be used to inject shell commands	Mirantis OpenStack 5.1.x	Critical	Fix Released
1373965	bash: specially-crafted environment variables can be used to inject shell commands	Mirantis OpenStack 6.0.x	Critical	Fix Committed
1373965	bash: specially-crafted environment variables can be used to inject shell commands	Mirantis OpenStack 5.0.x	Critical	In Progress

See the

CVE page on Mitre.org for more details.

References

CONFIRM: https://bugzilla.redha...
CONFIRM: https://securityblog.r...
MISC: http://lcamtuf.blogspo...
CISCO: 20140926 GNU Bash Envi...
DEBIAN: DSA-3032
REDHAT: RHSA-2014:1293
REDHAT: RHSA-2014:1294
REDHAT: RHSA-2014:1295
UBUNTU: USN-2362-1
CERT: TA14-268A
CERT-VN: VU#252743
CONFIRM: http://support.novell....
CONFIRM: https://www.suse.com/s...
CONFIRM: http://support.apple.c...
CONFIRM: http://www.novell.com/...
SECUNIA: 59737
SECUNIA: 61641
SECUNIA: 61676
SECUNIA: 61700
SUSE: SUSE-SU-2014:1223
SUSE: SUSE-SU-2014:1260
SUSE: openSUSE-SU-2014:1238
SUSE: openSUSE-SU-2014:1254
FULLDISC: 20141001 FW: NEW VMSA-...
MISC: http://packetstormsecu...
MISC: http://packetstormsecu...
CONFIRM: http://www-01.ibm.com/...
CONFIRM: http://www-01.ibm.com/...
CONFIRM: http://www-01.ibm.com/...
CONFIRM: http://www.novell.com/...
CONFIRM: http://www.oracle.com/...
CONFIRM: http://www.vmware.com/...
SECUNIA: 59907
SECUNIA: 61283
SECUNIA: 61485
SECUNIA: 61503
SECUNIA: 61552
SECUNIA: 61565
SECUNIA: 61603
SECUNIA: 61633
SECUNIA: 61643
SECUNIA: 61654
SECUNIA: 61703
SECUNIA: 61711
SECUNIA: 61715
SUSE: SUSE-SU-2014:1287
CONFIRM: https://support.apple....
CONFIRM: http://www-01.ibm.com/...
APPLE: APPLE-SA-2014-10-16-1
SECUNIA: 60947
SECUNIA: 61188
MISC: http://packetstormsecu...
CONFIRM: http://www-01.ibm.com/...
CONFIRM: http://www-01.ibm.com/...
CONFIRM: http://www-01.ibm.com/...
CONFIRM: http://www-01.ibm.com/...
CONFIRM: http://www-01.ibm.com/...
CONFIRM: http://www-01.ibm.com/...
CONFIRM: http://www-01.ibm.com/...
CONFIRM: http://www-01.ibm.com/...
CONFIRM: http://www-01.ibm.com/...
CONFIRM: http://www-01.ibm.com/...
CONFIRM: http://www-947.ibm.com...
CONFIRM: https://support.citrix...
CONFIRM: https://support.citrix...
CONFIRM: https://support.f5.com...
SECUNIA: 58200
SECUNIA: 60034
SECUNIA: 60055
SECUNIA: 60193
SECUNIA: 60325
SECUNIA: 61065
SECUNIA: 61128
SECUNIA: 61129
SECUNIA: 61287
SECUNIA: 61312
SECUNIA: 61313
SECUNIA: 61328
SECUNIA: 61442
SECUNIA: 61471
SECUNIA: 61550
SECUNIA: 61780
SECUNIA: 61816
SECUNIA: 61855
SECUNIA: 61857
CONFIRM: http://www-01.ibm.com/...
CONFIRM: http://www-01.ibm.com/...
CONFIRM: http://www-01.ibm.com/...
CONFIRM: http://www-01.ibm.com/...
CONFIRM: http://www-01.ibm.com/...
SECUNIA: 60024
SECUNIA: 60063
SECUNIA: 60044
SECUNIA: 60433
SECUNIA: 61291
CONFIRM: http://www.qnap.com/i/...
SUSE: openSUSE-SU-2014:1308
SUSE: openSUSE-SU-2014:1310
JVN: JVN#55667175
JVNDB: JVNDB-2014-000126
CONFIRM: http://www-01.ibm.com/...
REDHAT: RHSA-2014:1354
SUSE: openSUSE-SU-2014:1226
SUSE: SUSE-SU-2014:1212
SUSE: SUSE-SU-2014:1213
SECUNIA: 61873
SECUNIA: 62312
SECUNIA: 62343
CONFIRM: http://www.websense.co...
CONFIRM: http://advisories.mage...
CONFIRM: https://access.redhat....
MANDRIVA: MDVSA-2015:164
EXPLOIT-DB: 39918
MISC: http://packetstormsecu...
BID: 70103
SECUNIA: 62228
CONFIRM: http://linux.oracle.co...
CONFIRM: http://linux.oracle.co...
CONFIRM: https://access.redhat....
SECUNIA: 61542
SECUNIA: 61547
SECUNIA: 59272
CONFIRM: https://kb.bluecoat.co...
CONFIRM: https://kb.juniper.net...
CONFIRM: https://supportcenter....
CONFIRM: http://kb.juniper.net/...
CONFIRM: https://kc.mcafee.com/...
HP: HPSBGN03117
HP: HPSBHF03119
HP: HPSBHF03124
HP: HPSBST03122
HP: HPSBGN03138
HP: HPSBHF03125
HP: HPSBMU03133
HP: HPSBGN03141
HP: HPSBGN03142
HP: HPSBHF03146
HP: HPSBMU03143
HP: HPSBMU03144
HP: HPSBST03129
HP: HPSBST03131
HP: HPSBST03157
HP: HPSBHF03145
HP: HPSBMU03165
HP: HPSBMU03182
HP: HPSBST03154
HP: HPSBST03155
HP: HPSBST03181
HP: HPSBST03148
HP: HPSBST03265
HP: HPSBMU03217
HP: HPSBMU03245
HP: HPSBMU03246
HP: HPSBOV03228
HP: SSRT101711
HP: SSRT101742
HP: SSRT101827
HP: HPSBGN03233
HP: SSRT101739
HP: SSRT101868
HP: HPSBMU03220
HP: HPSBST03196
HP: SSRT101816
HP: SSRT101819
HP: HPSBST03195
EXPLOIT-DB: 40619
EXPLOIT-DB: 40938
EXPLOIT-DB: 38849
EXPLOIT-DB: 37816
EXPLOIT-DB: 34879
EXPLOIT-DB: 42938
CONFIRM: https://support.hpe.co...
CONFIRM: https://support.hpe.co...
BUGTRAQ: 20141001 NEW VMSA-2014...
CONFIRM: https://help.ecostruxu...
MISC: http://packetstormsecu...
MISC: https://www.arista.com...