CVE-2014-6277

EXPLOITED

GNU Bash <4.3 - RCE

Title source: llm

Description

GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access, and untrusted-pointer read and write operations) via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271 and CVE-2014-7169.

Exploits (3)

exploitdb WRITEUP VERIFIED

by Michal Zalewski · textdoslinux

https://www.exploit-db.com/exploits/35081

View Code ZIP pw:eip

exploitdb WORKING POC

pythonremotelinux

https://www.exploit-db.com/exploits/36933

View on exploitdb

exploitdb WORKING POC

pythonremotelinux

https://www.exploit-db.com/exploits/34860

View on exploitdb

References (109)

[Mailing List] http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html

[Mailing List] http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html

[Various Sources] http://www-01.ibm.com/support/docview.wss?uid=swg21686445

[Various Sources] http://www-01.ibm.com/support/docview.wss?uid=swg21686479

[Various Sources] http://www-01.ibm.com/support/docview.wss?uid=swg21686494

[Various Sources] http://www-01.ibm.com/support/docview.wss?uid=swg21687079

[Various Sources] http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096315

[Various Sources] http://www.qnap.com/i/en/support/con_show.php?cid=61

[Various Sources] https://kb.bluecoat.com/index?page=content&id=SA82

[Various Sources] https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk102673&src=securityAlerts

[Various Sources] https://www.suse.com/support/shellshock/

[Third Party Advisory] http://jvn.jp/en/jp/JVN55667175/index.html

[Third Party Advisory] http://jvndb.jvn.jp/jvndb/JVNDB-2014-000126

[Exploit, Patch] http://lcamtuf.blogspot.com/2014/09/bash-bug-apply-unofficial-patch-now.html

[Various Sources] http://lcamtuf.blogspot.com/2014/10/bash-bug-how-we-finally-cracked.html

[Various Sources] http://linux.oracle.com/errata/ELSA-2014-3093

[Various Sources] http://linux.oracle.com/errata/ELSA-2014-3094

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00004.html

[Mailing List] http://lists.opensuse.org/opensuse-updates/2014-10/msg00025.html

[Mailing List] http://marc.info/?l=bugtraq&m=141330468527613&w=2

... and 89 more

Scores

EPSS 0.8782

EPSS Percentile 99.5%

Exploitation Intel

VulnCheck KEV 2018-03-01

Classification

CWE

CWE-78

Status draft

Affected Products (28)

gnu/bash

gnu/bash

gnu/bash

gnu/bash

gnu/bash

gnu/bash

gnu/bash

gnu/bash

gnu/bash

gnu/bash

gnu/bash

gnu/bash

gnu/bash

gnu/bash

gnu/bash

... and 13 more

Timeline

Published Sep 27, 2014

Tracked Since Feb 18, 2026