what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 26 - 31 of 31 RSS Feed

CVE-2014-6278

Status Candidate

Overview

GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary commands via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271, CVE-2014-7169, and CVE-2014-6277.

Related Files

HP Security Bulletin HPSBGN03138
Posted Oct 14, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03138 - A potential security vulnerability has been identified with HP Operations Analytics. This is the Bash Shell vulnerability known as "Shellshock" which could be exploited remotely to allow execution of code. This vulnerability allows users that have been granted access to a shell script to escalate privilege and execute unrestricted commands at the same security level as the Bash script. Revision 1 of this advisory.

tags | advisory, shell, bash
advisories | CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187
SHA-256 | d2c8a68273b5d908b747dd246281eeb694499ac265b53b3dfe1649f854e5e958
DNS Reverse Lookup Shellshock
Posted Oct 13, 2014
Authored by Dirk-Willem van Gulik, Stephane Chazelas

DNS reverse lookups can be used as a vector of attack for the bash shellshock vulnerability.

tags | exploit, bash
advisories | CVE-2014-3671, CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187
SHA-256 | f270585f9a138adfc590970e5d69e843b483a83fdff3980b13aa5bef341cd964
Ubuntu Security Notice USN-2380-1
Posted Oct 9, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2380-1 - Michal Zalewski discovered that Bash incorrectly handled parsing certain function definitions. If an attacker were able to create an environment variable containing a function definition with a very specific name, these issues could possibly be used to bypass certain environment restrictions and execute arbitrary code. Please note that the previous Bash security update, USN-2364-1, includes a hardening measure that prevents these issues from being used in a Shellshock attack. Various other issues were also addressed.

tags | advisory, arbitrary, bash
systems | linux, ubuntu
advisories | CVE-2014-6277, CVE-2014-6278
SHA-256 | 8791425c635359bb13b6a4a403dd5e2900aebb6afed4869bed14e47f74436117
CA Technologies GNU Bash Shellshock
Posted Oct 6, 2014
Authored by Ken Williams | Site www3.ca.com

CA Technologies is investigating multiple GNU Bash vulnerabilities, referred to as the "Shellshock" vulnerabilities, which were publicly disclosed on September 24-27, 2014. CVE identifiers CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, and CVE-2014-6278 have been assigned to these vulnerabilities. These vulnerabilities could allow a local or remote attacker to utilize specially crafted input to execute arbitrary commands or code.

tags | advisory, remote, arbitrary, local, vulnerability, bash
advisories | CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187
SHA-256 | 3db7713d504c91a2a12a2610e9cd8a98e74b36f790d1df3c77d0e4b33c6098c5
Gentoo Linux Security Advisory 201410-01
Posted Oct 6, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201410-1 - Multiple parsing flaws in Bash could allow remote attackers to inject code or cause a Denial of Service condition. Versions less than 4.2_p52 are affected.

tags | advisory, remote, denial of service, bash
systems | linux, gentoo
advisories | CVE-2014-6277, CVE-2014-6278, CVE-2014-7186, CVE-2014-7187
SHA-256 | 97311eeb89e6cca85680a723ad6c691b7e5512cffffb554a2af1e30435ca6ef6
Bash Me Some More
Posted Oct 1, 2014
Authored by Michal Zalewski, Paul Vixie

This is information regarding more bash vulnerabilities and how the original bash patches are ineffective.

tags | exploit, vulnerability, bash
advisories | CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-6279
SHA-256 | 9bef4f643cbc941c231d0995aa7df24f7322c03118f4cd7d60f56a5e05ccb428
Page 2 of 2
Back12Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close