bash -- remote code execution

Note that this is different than the public "Shellshock" issue. Specially crafted environment variables could lead to remote arbitrary code execution. This was fixed in bash 4.3.27, however the port was patched with a mitigation in 4.3.252...

Apple — Most Mac OS X Users Not Vulnerable to 'Shellshock' Bash Bug

On one hand where more than half of the Internet is considering the Bash vulnerability to be severe, Apple says the vast majority of Mac computer users are not at risk from the recently discovered vulnerability in the Bash command-line interpreter – aka the "Shellshock" bug that could allow hacke...

Hackers Using 'Shellshock' Bash Vulnerability to Launch Botnet Attacks

Researchers on Thursday discovered a critical remotely exploitable vulnerability in the widely used command-line shell GNU Bourne Again Shell Bash, dubbed "Shellshock" which affects most of the Linux distributions and servers worldwide, and may already have been exploited in the wild to take over...

Dhclient Bash Environment Variable Injection (Shellshock)

This module exploits the Shellshock vulnerability, a flaw in how the Bash shell handles external environment variables. This module targets dhclient by responding to DHCP requests with a malicious hostname, domainname, and URL which are then passed to the configuration scripts as environment...

DHCP Client Bash Environment Variable Code Injection (Shellshock)

This module exploits the Shellshock vulnerability, a flaw in how the Bash shell handles external environment variables. This module targets dhclient by responding to DHCP requests with a malicious hostname, domainname, and URL which are then passed to the configuration scripts as environment...

Scientific Linux Security Update : bash on SL5.x, SL6.x i386/x86_64 (20140924) (Shellshock)

A flaw was found in the way Bash evaluated certain specially crafted environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Certain services and applications allow remote unauthenticated attackers to provide environment...

Google Amazon rush to fix Shellshock security vulnerability-vulnerability warning-the black bar safety net

! 1 Google Amazon rush to fix Shellshocksecurityvulnerability Sina technology hearing Beijing Time 9 on 2 6 on the morning news, the researchers found that the latest Shellshock vulnerability could affect about 5 0% of network server, as well as many Apple devices, Google and Amazon on Thursday...

GNU Bash Environment Variable Handling RCE Vulnerability (Shellshock, Linux/Unix SSH Login, CVE-2014-6271) - Active Check

GNU Bash is prone to a remote command execution RCE vulnerability dubbed Copyright C 2014 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is fre...

Apache mod_cgi Bash Environment Variable Code Injection (Shellshock)

This module exploits the Shellshock vulnerability, a flaw in how the Bash shell handles external environment variables. This module targets CGI scripts in the Apache web server by setting the HTTPUSERAGENT environment variable to a malicious function definition. This module requires Metasploit:...

Apache mod_cgi Bash Environment Variable Injection (Shellshock) Scanner

This module scans for the Shellshock vulnerability, a flaw in how the Bash shell handles external environment variables. This module targets CGI scripts in the Apache web server by setting the HTTPUSERAGENT environment variable to a malicious function definition. PROTIP: Use exploit/multi/handler...

Exploit for OS Command Injection in Gnu Bash

shellshockscanne...

GNU Bash Remote Code Execution (CVE-2014-6271; CVE-2014-6277; CVE-2014-6278; CVE-2014-7169; CVE-2014-7186; CVE-2014-7187)

A remote code execution vulnerability has been reported in several versions of GNU Bash. The vulnerability, aka ShellShock, is due to an error in the way GNU Bash processes trailing strings after function definitions in the values of environment variables...

Oracle Linux 5 / 6 / 7 : bash (ELSA-2014-1293)

The remote Oracle Linux 5 / 6 / 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2014-1293 advisory. 4.1.2-15.1 - Check for fishy environment Resolves: 1141645 Tenable has extracted the preceding description block directly from the Oracle Linux security...

Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : bash (SSA:2014-267-01) (Shellshock)

New bash packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2014-267-01. The text itse...

GNU Bash Environment Variable Handling RCE Vulnerability (Shellshock, HTTP, CVE-2014-6271/CVE-2014-6278) - Active Check

GNU Bash is prone to a remote command execution RCE vulnerability dubbed SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CentOS 5 / 6 / 7 : bash (CESA-2014:1293) (Shellshock)

Updated bash packages that fix one security issue are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

GNU Bash - Shellshock Environment Variable Command Injection

GNU Bash - Shellshock Environment Variable Command Injection Exploit Database Note: The following is an excerpt from: https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/ Like “real” programming languages, Bash has functions, though in a...

openSUSE Security Update : bash (openSUSE-SU-2014:1226-1) (Shellshock)

bash was updated to fix a critical security issue, a minor security issue and bugs : In some circumstances, the shell would evaluate shellcode in environment variables passed at startup time. This allowed code execution by local or remote attackers who could pass environment variables to bash...

GNU Bash Local Environment Variable Handling Command Injection via Telnet (CVE-2014-7169) (Shellshock)

The remote host is running a version of Bash that is vulnerable to command injection via environment variable manipulation. Depending on the configuration of the system, an attacker could remotely execute arbitrary code. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

RHEL 6 / 7 : bash (RHSA-2014:1293)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2014:1293 advisory. The GNU Bourne Again shell Bash is a shell and command language interpreter compatible with the Bourne shell sh. Bash is the default shell for Re...