HP Security Bulletin HPSBST03181 1 - A potential security vulnerability has been identified with HP StoreEver ESL G3 Tape Library. This is the Bash Shell vulnerability known as "ShellShock" which could be exploited remotely to allow execution of code. Revision 1 of this advisory.
cbb07b428d53f1c1557655cd70c5d064f9bc9d949a6557331a6e0111d76d716b
HP Security Bulletin HPSBHF03124 2 - Potential security vulnerabilities have been identified with certain HP Thin Clients running Bash Shell. The vulnerabilities, known as "Shellshock", could be exploited remotely to allow execution of code. Revision 2 of this advisory.
c8f6d879ddf7cc323158feb1bb78035393d71910932a07f1d6aa7f0deabbcef6
HP Security Bulletin HPSBMU03165 1 - A potential security vulnerability has been identified with HP Propel. This is the Bash Shell vulnerability known as "ShellShock" which could be exploited remotely to allow execution of code. Revision 1 of this advisory.
993d69d889cb57ea4e97b5967566ea9fa56baaa30d0ca057ac83149e29c4add3
This Metasploit module exploits a post-auth code injection in specially crafted environment variables in Bash, specifically targeting CUPS filters through the PRINTER_INFO and PRINTER_LOCATION variables by default.
5a376a0f4e8be0b42906123abc72f100a271655c6310963fc913fc7504861155
HP Security Bulletin HPSBST03157 - A potential security vulnerability has been identified with HP StoreEver ESL E-series Tape Library and HP Virtual Library System (VLS) running Bash Shell. This is the Bash Shell vulnerability known as "ShellShock" which could be exploited remotely to allow execution of code. Revision 1 of this advisory.
e9d6c975aaed8023b6f21f043ef708d1380c041f1f05607e46608de48932d0f7
HP Security Bulletin HPSBHF03146 - A potential security vulnerability has been identified with HP Integrity SD2 CB900s i4 & i2. This is the Bash Shell vulnerability known as "Shellshock" which could be exploited remotely to allow execution of code. This vulnerability allows users that have been granted access to a shell script to escalate privilege and execute unrestricted commands at the same security level as the Bash script. Revision 1 of this advisory.
71138975f2ecb9835216b1124791afaa131e7f859aaecdae0c613c524094559d
HP Security Bulletin HPSBHF03145 - A potential security vulnerability has been identified with HP Integrity Superdome X and HP ConvergedSystem 900 for SAP HANA. This is the Bash Shell vulnerability known as "Shellshock" which could be exploited remotely to allow execution of code. This vulnerability allows users that have been granted access to a shell script to escalate privilege and execute unrestricted commands at the same security level as the Bash script. Revision 1 of this advisory.
2fd50d7e08d80f7519616b15757f4e909dcbfe0263378c1519b97902f322248d
HP Security Bulletin HPSBGN03141 - A potential security vulnerability has been identified with HP Automation Insight. This is the Bash Shell vulnerability known as "Shellshock" which could be exploited remotely to allow execution of code. This vulnerability allows users that have been granted access to a shell script to escalate privilege and execute unrestricted commands at the same security level as the Bash script. Revision 1 of this advisory.
24dee4b8f6b5ddb5d65f8c4322c72420242ee64a9c4bb8a0cb9e1a6cbc7f3d0a
HP Security Bulletin HPSBGN03142 - A potential security vulnerability has been identified with HP Business Service Automation Essentials. This is the Bash Shell vulnerability known as "Shellshock" which could be exploited remotely to allow execution of code. This vulnerability allows users that have been granted access to a shell script to escalate privilege and execute unrestricted commands at the same security level as the Bash script. Revision 1 of this advisory.
d574847ce7c8fec49d12de9d8ba41f61736d3916c841666ecefa508ce7691a21
HP Security Bulletin HPSBST03129 - A potential security vulnerability has been identified with HP StoreFabric B-series switches running Bash Shell. This is the Bash Shell vulnerability known as "ShellShock" which could be exploited remotely to allow execution of code. Revision 1 of this advisory.
29cdba50ad78b04a98c9fe494d60a6e306a9c9eeb0944502a88270c9bc2b3672
HP Security Bulletin HPSBST03131 - A potential security vulnerability has been identified with certain HP StoreOnce Backup systems running Bash Shell. This is the Bash Shell vulnerability known as "Shellshock" which could be exploited remotely to allow execution of code. NOTE: Versions of HP StoreOnce Backup software prior to 3.11.4 contain the vulnerable version of Bash. However, HP is unaware of any method that would allow this vulnerability to be exploited on HP StoreOnce Backup systems but is providing an updated version of Bash Shell as a precaution. Revision 1 of this advisory.
4178dafe8e381b36135d2cb121e555aafaf758c401d7f76e00ce10bbf4f709e2
HP Security Bulletin HPSBMU03144 - A potential security vulnerability has been identified with HP Operation Agent Virtual Appliance. This is the Bash Shell vulnerability known as "Shellshock" which could be exploited remotely to allow execution of code. This vulnerability allows users that have been granted access to a shell script to escalate privilege and execute unrestricted commands at the same security level as the Bash script. Revision 1 of this advisory.
64edb263b2832abacd7836db8a8ef12dccda691a3aef95347dfd9324eed8d66f
HP Security Bulletin HPSBMU03143 - A potential security vulnerability has been identified with HP Virtualization Performance Viewer. This is the Bash Shell vulnerability known as "Shellshock" which could be exploited remotely to allow execution of code. This vulnerability allows users that have been granted access to a shell script to escalate privilege and execute unrestricted commands at the same security level as the Bash script. Revision 1 of this advisory.
794de02c30241366d47f3cc27adf32db27562f26c7bf7597b2338a634f30289e
HP Security Bulletin HPSBHF03125 - A potential security vulnerability has been identified with HP Next Generation Firewall (NGFW) running Bash Shell. This is the Bash Shell vulnerability known as "ShellShock" which could be exploited remotely to allow execution of code. NOTE: This vulnerability can only be exploited if the attacker already has valid administrative login credentials. Revision 1 of this advisory.
17f8eddb7283be7cb8ad30c6586d35e371e0c3c28a85f0aa23c2b591cbc0f229
HP Security Bulletin HPSBGN03138 - A potential security vulnerability has been identified with HP Operations Analytics. This is the Bash Shell vulnerability known as "Shellshock" which could be exploited remotely to allow execution of code. This vulnerability allows users that have been granted access to a shell script to escalate privilege and execute unrestricted commands at the same security level as the Bash script. Revision 1 of this advisory.
d2c8a68273b5d908b747dd246281eeb694499ac265b53b3dfe1649f854e5e958
HP Security Bulletin HPSBMU03133 - A potential security vulnerability has been identified with HP Enterprise Maps Virtual Appliance running the Bash Shell. This is the Bash Shell vulnerability known as "Shellshock" which could be exploited remotely to allow execution of code. Revision 1 of this advisory.
f3d7edeb1d02e9729328450dcfc5c31cb9e6fb021df15dcefe1d8aa97c13b935
DNS reverse lookups can be used as a vector of attack for the bash shellshock vulnerability.
f270585f9a138adfc590970e5d69e843b483a83fdff3980b13aa5bef341cd964
Ubuntu Security Notice 2380-1 - Michal Zalewski discovered that Bash incorrectly handled parsing certain function definitions. If an attacker were able to create an environment variable containing a function definition with a very specific name, these issues could possibly be used to bypass certain environment restrictions and execute arbitrary code. Please note that the previous Bash security update, USN-2364-1, includes a hardening measure that prevents these issues from being used in a Shellshock attack. Various other issues were also addressed.
8791425c635359bb13b6a4a403dd5e2900aebb6afed4869bed14e47f74436117
CA Technologies is investigating multiple GNU Bash vulnerabilities, referred to as the "Shellshock" vulnerabilities, which were publicly disclosed on September 24-27, 2014. CVE identifiers CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, and CVE-2014-6278 have been assigned to these vulnerabilities. These vulnerabilities could allow a local or remote attacker to utilize specially crafted input to execute arbitrary commands or code.
3db7713d504c91a2a12a2610e9cd8a98e74b36f790d1df3c77d0e4b33c6098c5
Gentoo Linux Security Advisory 201410-1 - Multiple parsing flaws in Bash could allow remote attackers to inject code or cause a Denial of Service condition. Versions less than 4.2_p52 are affected.
97311eeb89e6cca85680a723ad6c691b7e5512cffffb554a2af1e30435ca6ef6
HP Security Bulletin HPSBHF03124 - Potential security vulnerabilities have been identified with certain HP Thin Clients running bash. The vulnerabilities, known as shellshock could be exploited remotely to allow execution of code. Revision 1 of this advisory.
7bec20c1e05d7486cb10a36c31e3d2123d1225efbea951e4b4137db0c1155842
HP Security Bulletin HPSBHF03119 2 - A potential security vulnerability has been identified with HP DreamColor Z27x Professional Display running Bash Shell. This is the Bash Shell vulnerability known as "ShellShock" which could be exploited remotely to allow execution of code. NOTE: Only the HP DreamColor Z27x model is vulnerable. Revision 2 of this advisory.
2a168e564f4b89a286c458982b1a9135992f03cf7a44f3613b8e5d0316184c32
Red Hat Security Advisory 2014-1354-01 - The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine hypervisor. It includes everything necessary to run and manage virtual machines: a subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. A flaw was found in the way Bash evaluated certain specially crafted environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Certain services and applications allow remote unauthenticated attackers to provide environment variables, allowing them to exploit this issue.
b32eb23a922aaad612775171117381de11c2f5eb28b398659a771dccc74d4d25
GNU Bash version 4.3.11 environment variable dhclient shellshocker exploit.
0a0a25be13735fb37391eb0c2dcea9b3ca159ae100cf4ca70c8f452cd9a34b16
This Metasploit module exploits the code injection flaw known as shellshock which leverages specially crafted environment variables in Bash. This exploit specifically targets Pure-FTPd when configured to use an external program for authentication.
d1353f15ae7ed9aea8cd6b1644f5fbeada6291338684996bc3b3a388a0f3b2ec