Details of VAR-E-201409-0547

ID

VAR-E-201409-0547

CVE

cve_id:	CVE-2014-7910	Trust: 1.0
cve_id:	CVE-2014-7227	Trust: 1.0
cve_id:	CVE-2014-7196	Trust: 1.0
cve_id:	CVE-2014-7169	Trust: 1.0
cve_id:	CVE-2014-62771	Trust: 1.0
cve_id:	CVE-2014-6271	Trust: 1.0
cve_id:	CVE-2014-3671	Trust: 1.0
cve_id:	CVE-2014-3659	Trust: 1.0
cve_id:	CVE-2014-6277	Trust: 0.3

sources: BID: 70165 // EXPLOIT-DB: 34765

EDB ID

34765

TITLE

GNU Bash - 'Shellshock' Environment Variable Command Injection - Linux remote Exploit

Trust: 1.0

sources: EXPLOIT-DB: 34765

DESCRIPTION

GNU Bash - 'Shellshock' Environment Variable Command Injection. CVE-2014-7910CVE-112004CVE-2014-7227CVE-2014-7196CVE-2014-7169CVE-2014-62771CVE-2014-6271CVE-2014-3671CVE-2014-3659 . remote exploit for Linux platform

Trust: 1.0

sources: EXPLOIT-DB: 34765

AFFECTED PRODUCTS

vendor:	gnu	model:	bash	scope:	-	version:	-	Trust: 1.0
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5	Trust: 0.6
vendor:	xerox	model:	workcentre	scope:	eq	version:	7245	Trust: 0.3
vendor:	xerox	model:	workcentre	scope:	eq	version:	7242	Trust: 0.3
vendor:	xerox	model:	workcentre	scope:	eq	version:	7238	Trust: 0.3
vendor:	xerox	model:	workcentre	scope:	eq	version:	7235	Trust: 0.3
vendor:	xerox	model:	workcentre	scope:	eq	version:	7232	Trust: 0.3
vendor:	xerox	model:	workcentre	scope:	eq	version:	7228	Trust: 0.3
vendor:	xerox	model:	phaser	scope:	eq	version:	78000	Trust: 0.3
vendor:	xerox	model:	phaser	scope:	eq	version:	67000	Trust: 0.3
vendor:	xerox	model:	colorqube	scope:	eq	version:	9393	Trust: 0.3
vendor:	xerox	model:	colorqube	scope:	eq	version:	9303	Trust: 0.3
vendor:	xerox	model:	colorqube	scope:	eq	version:	9302	Trust: 0.3
vendor:	xerox	model:	colorqube	scope:	eq	version:	9301	Trust: 0.3
vendor:	ubuntu	model:	linux lts i386	scope:	eq	version:	12.04	Trust: 0.3
vendor:	ubuntu	model:	linux lts amd64	scope:	eq	version:	12.04	Trust: 0.3
vendor:	ubuntu	model:	linux sparc	scope:	eq	version:	10.04	Trust: 0.3
vendor:	ubuntu	model:	linux powerpc	scope:	eq	version:	10.04	Trust: 0.3
vendor:	ubuntu	model:	linux i386	scope:	eq	version:	10.04	Trust: 0.3
vendor:	ubuntu	model:	linux arm	scope:	eq	version:	10.04	Trust: 0.3
vendor:	ubuntu	model:	linux amd64	scope:	eq	version:	10.04	Trust: 0.3
vendor:	sun	model:	solaris	scope:	eq	version:	11	Trust: 0.3
vendor:	redhat	model:	enterprise linux	scope:	eq	version:	5.0	Trust: 0.3
vendor:	redhat	model:	enterprise linux client	scope:	eq	version:	5	Trust: 0.3
vendor:	red	model:	hat enterprise linux workstation	scope:	eq	version:	6	Trust: 0.3
vendor:	red	model:	hat enterprise linux server	scope:	eq	version:	6	Trust: 0.3
vendor:	red	model:	hat enterprise linux long life server	scope:	eq	version:	5.6	Trust: 0.3
vendor:	red	model:	hat enterprise linux hpc node	scope:	eq	version:	6	Trust: 0.3
vendor:	red	model:	hat enterprise linux server	scope:	eq	version:	5	Trust: 0.3
vendor:	oracle	model:	vm virtualbox	scope:	eq	version:	3.2	Trust: 0.3
vendor:	oracle	model:	vm virtualbox	scope:	eq	version:	3.1	Trust: 0.3
vendor:	oracle	model:	linux	scope:	eq	version:	5	Trust: 0.3
vendor:	oracle	model:	enterprise linux	scope:	eq	version:	6.2	Trust: 0.3
vendor:	oracle	model:	enterprise linux	scope:	eq	version:	6	Trust: 0.3
vendor:	oracle	model:	enterprise linux	scope:	eq	version:	5	Trust: 0.3
vendor:	mcafee	model:	email gateway patch	scope:	eq	version:	7.01	Trust: 0.3
vendor:	mcafee	model:	email gateway	scope:	eq	version:	7.0	Trust: 0.3
vendor:	mcafee	model:	email gateway hotfix	scope:	eq	version:	6.7.22	Trust: 0.3
vendor:	mcafee	model:	email gateway hotfix	scope:	eq	version:	6.7.21	Trust: 0.3
vendor:	ibm	model:	ds8000	scope:	eq	version:	0	Trust: 0.3
vendor:	ibm	model:	aix	scope:	eq	version:	7.1	Trust: 0.3
vendor:	ibm	model:	aix	scope:	eq	version:	6.1	Trust: 0.3
vendor:	ibm	model:	aix	scope:	eq	version:	5.3	Trust: 0.3
vendor:	hp	model:	insight control	scope:	eq	version:	0	Trust: 0.3
vendor:	gnu	model:	bash	scope:	eq	version:	3.1.4	Trust: 0.3
vendor:	gnu	model:	bash	scope:	eq	version:	3.0.16	Trust: 0.3
vendor:	gnu	model:	bash	scope:	eq	version:	4.2	Trust: 0.3
vendor:	gnu	model:	bash	scope:	eq	version:	4.1	Trust: 0.3
vendor:	gnu	model:	bash rc1	scope:	eq	version:	4.0	Trust: 0.3
vendor:	gnu	model:	bash	scope:	eq	version:	4.0	Trust: 0.3
vendor:	gnu	model:	bash	scope:	eq	version:	3.2.48	Trust: 0.3
vendor:	gnu	model:	bash	scope:	eq	version:	3.2	Trust: 0.3
vendor:	gnu	model:	bash	scope:	eq	version:	3.00.0(2)	Trust: 0.3
vendor:	gnu	model:	bash	scope:	eq	version:	3.0	Trust: 0.3
vendor:	gentoo	model:	linux	scope:	-	version:	-	Trust: 0.3
vendor:	cosmicperl	model:	directory pro	scope:	eq	version:	10.0.3	Trust: 0.3
vendor:	cisco	model:	wide area application services	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	unified ip phone	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	unified contact center express	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	network analysis module	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	mds	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	gss 4492r global site selector	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	emergency responder	scope:	eq	version:	1.1	Trust: 0.3
vendor:	cisco	model:	digital media manager	scope:	eq	version:	5.0	Trust: 0.3
vendor:	cisco	model:	digital media manager	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	show and share	scope:	eq	version:	5(2)	Trust: 0.3
vendor:	avaya	model:	ip deskphone	scope:	eq	version:	96x16.2	Trust: 0.3
vendor:	avaya	model:	ip deskphone	scope:	eq	version:	96x16	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.6.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.6.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.6.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.6.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.8	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.7	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.6	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.5	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.11	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.10	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.9	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.8	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.7	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.6	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.5	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.9	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.8	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.7	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.6	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.5	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.8	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.7	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.6	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.5	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.1.5	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.1.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.1.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.1.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.1.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.0.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.0.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.0.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.03	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.0	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.7.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.7.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.7.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.7.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.6	Trust: 0.3

sources: BID: 70165 // EXPLOIT-DB: 34765

EXPLOIT

Exploit Database Note:
The following is an excerpt from: https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/

Like “real” programming languages, Bash has functions, though in a somewhat limited implementation, and it is possible to put these bash functions into environment variables. This flaw is triggered when extra code is added to the end of these function definitions (inside the enivronment variable). Something like:

$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
vulnerable
this is a test

The patch used to fix this flaw, ensures that no code is allowed after the end of a bash function. So if you run the above example with the patched version of bash, you should get an output similar to:

$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a test

Trust: 1.0

sources: EXPLOIT-DB: 34765

EXPLOIT LANGUAGE

txt

Trust: 1.0

sources: EXPLOIT-DB: 34765

PRICE

free

Trust: 1.0

sources: EXPLOIT-DB: 34765

TYPE

'Shellshock' Environment Variable Command Injection

Trust: 1.0

sources: EXPLOIT-DB: 34765

CREDITS

Stephane Chazelas

Trust: 1.0

sources: EXPLOIT-DB: 34765

EXTERNAL IDS

db:	NVD	id:	CVE-2014-3671	Trust: 1.0
db:	NVD	id:	CVE-2014-7196	Trust: 1.0
db:	NVD	id:	CVE-2014-7227	Trust: 1.0
db:	NVD	id:	CVE-2014-7910	Trust: 1.0
db:	NVD	id:	CVE-2014-7169	Trust: 1.0
db:	NVD	id:	CVE-2014-62771	Trust: 1.0
db:	NVD	id:	CVE-2014-6271	Trust: 1.0
db:	NVD	id:	CVE-2014-3659	Trust: 1.0
db:	EXPLOIT-DB	id:	34765	Trust: 1.0
db:	NVD	id:	CVE-2014-6277	Trust: 0.3
db:	BID	id:	70165	Trust: 0.3

sources: BID: 70165 // EXPLOIT-DB: 34765

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2014-7910	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2014-7169	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2014-6271	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2014-62771	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2014-7196	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2014-3659	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2014-7227	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2014-3671	Trust: 1.0
url:	http://www.gnu.org/software/bash/	Trust: 0.3

sources: BID: 70165 // EXPLOIT-DB: 34765

SOURCES

db:	BID	id:	70165
db:	EXPLOIT-DB	id:	34765

LAST UPDATE DATE

2023-05-30T11:41:26.836000+00:00

SOURCES UPDATE DATE

db:

BID

id:

70165

date:

2015-10-26T16:51:00

SOURCES RELEASE DATE

db:	BID	id:	70165	date:	2014-09-27T00:00:00
db:	EXPLOIT-DB	id:	34765	date:	2014-09-25T00:00:00