Lucene search
K

167 matches found

The Hacker News
The Hacker News
added 2014/10/23 3:33 a.m.44 views

The Bash Vulnerability: How to Protect your Environment

A recently discovered hole in the security of the Bourne-Again Shell bash has the majority of Unix/Linux including OS X admins sweating bullets. You should be, too--attackers have already developed exploits to unleash on unpatched web servers, network services and daemons that use shell scripts...

5.4CVSS7.8AI score0.00658EPSS
Exploits0
0day.today
0day.today
added 2014/10/14 12:0 a.m.235 views

DNS Reverse Lookup Shellshock Exploit

DNS reverse lookups can be used as a vector of attack for the bash shellshock vulnerability. DNS Reverse Lookup as a vector for the Bash vulnerability CVE-2014-6271 et.al. CVE-2014-3671 references: CVE-2014-6271, CVE-2014-7169, CVE-2014-6277, CVE-2014-6278 CVE-2014-7186 and, CVE-2014-7187 Summary...

10CVSS0.1AI score0.99999EPSS
Exploits158
Packet Storm
Packet Storm
added 2014/10/13 12:0 a.m.70 views

DNS Reverse Lookup Shellshock

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Security Advisory DNS Reverse Lookup as a vector for the Bash vulnerability CVE-2014-6271 et.al. CVE-2014-3671 references: CVE-2014-6271, CVE-2014-7169, CVE-2014-6277, CVE-2014-6278 CVE-2014-7186 and, CVE-2014-7187 Summary: Above CVEs detail a number ...

10CVSS0.99999EPSS
Exploits158
myhack58
myhack58
added 2014/10/09 12:0 a.m.19 views

The fastest fix bash vulnerabilities-vulnerability warning-the black bar safety net

If you run the following command env x=' :;; echo vulnerable' bash-c 'echo hello' The output result is: vulnerable hello Then there is the vulnerability, the need to quickly repair Run the command: curl https://raw. githubusercontent.com/luofei614/bashfix/master/bashfix/bash And then automaticall...

0.3AI score
Exploits0
ThreatPost
ThreatPost
added 2014/10/03 5:0 a.m.57 views

Researcher Takes Wraps off Undisclosed Bash Vulnerabilities

The Bash bug has kept Linux and UNIX administrators busy deploying a half-dozen patches, worrying about numerous Shellshock exploits in the wild, and a laboring over a general uncertainty that the next supposed fix will break even more stuff. Researcher Michal Zalewski, a longtime bug-hunter, has...

10CVSS0.1AI score0.99999EPSS
Exploits158References6
myhack58
myhack58
added 2014/10/03 12:0 a.m.19 views

The latest Bash vulnerability patch Junior programme-vulnerability warning-the black bar safety net

Bash broke the remote parsing command execution vulnerability, CVE-2 0 1 4-6 2 7 1, the spread of major Linux distributions and MacOSX systems. Vulnerability can be directly in the Bash support the Web CGI environment remote execution of arbitrary commands. bash is injected after the public...

1.2AI score
Exploits0
RedHat Linux
RedHat Linux
added 2014/10/02 6:40 p.m.7 views

bash: code execution via specially-crafted environment (Incomplete fix for CVE-2014-6271)

It was found that the fix for CVE-2014-6271 was incomplete, and Bash still allowed certain characters to be injected into other environments via specially crafted environment variables. An attacker could potentially use this flaw to override or bypass environment restrictions to execute shell...

10CVSS7.4AI score0.99999EPSS
Exploits140References6
RedHat Linux
RedHat Linux
added 2014/10/02 6:40 p.m.9 views

bash: off-by-one error in deeply nested flow control constructs

An off-by-one error was discovered in the way Bash was handling deeply nested flow control constructs. Depending on the layout of the .bss segment, this could allow arbitrary execution of code that would not otherwise be executed by Bash...

10CVSS6.9AI score0.58462EPSS
Exploits12References4
ThreatPost
ThreatPost
added 2014/10/01 2:43 p.m.56 views

VMware Begins to Patch Bash Issues Across Product Line

Much like Heartbleed triggered vendors to issue out of band patches to remedy vulnerabilities that popped up earlier this year, Shellshock, the Bash vulnerability, has forced vendors’ hands in a similar fashion. Virtualization firm VMware issued a progress report on fixes for four different types...

10CVSS0.99999EPSS
Exploits142References5
OSV
OSV
added 2014/09/30 10:55 a.m.12 views

CVE-2014-6278

GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary commands via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the modcgi and...

10CVSS9.7AI score0.99621EPSS
Exploits31References110
ATTACKERKB
ATTACKERKB
added 2014/09/30 10:55 a.m.14 views

CVE-2014-6278

GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary commands via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the modcgi and...

10CVSS7.3AI score0.99621EPSS
In wildExploits31References137
VulnCheck KEV
VulnCheck KEV
added 2014/09/30 12:0 a.m.7 views

VulnCheck KEV: CVE-2014-7169

GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute code. This CVE correctly remediates the vulnerability in CVE-2014-6271...

10CVSS7.4AI score0.99999EPSS
Exploits140References1
GithubExploit
GithubExploit
added 2014/09/29 10:6 a.m.5 views

Exploit for OS Command Injection in Gnu Bash

This is a PoC exploit for CVE-2014-6271, a remote interactive sh...

10CVSS9.9AI score0.99999EPSS
Exploits131
OSV
OSV
added 2014/09/28 7:55 p.m.12 views

CVE-2014-7186

The redirection implementation in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service out-of-bounds array access and application crash or possibly have unspecified other impact via crafted use of here documents, aka the "redirstack" issue...

10CVSS9.7AI score0.64336EPSS
Exploits13References125
Cvelist
Cvelist
added 2014/09/28 7:0 p.m.22 views

CVE-2014-7186

The redirection implementation in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service out-of-bounds array access and application crash or possibly have unspecified other impact via crafted use of here documents, aka the "redirstack" issue...

7.3AI score0.64336EPSS
Exploits13References125
Mageia
Mageia
added 2014/09/28 12:17 p.m.73 views

Updated bash packages fix CVE-2014-7169

Updated bash packages fix security vulnerability: It was found that the fix for CVE-2014-6271 was incomplete, and Bash still allowed certain characters to be injected into other environments via specially crafted environment variables. An attacker could potentially use this flaw to override or...

10CVSS9.9AI score0.9994EPSS
Exploits17References2
NVD
NVD
added 2014/09/27 10:55 p.m.50 views

CVE-2014-6277

GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code or cause a denial of service uninitialized memory access, and untrusted-pointer read and write operations via a crafted...

10CVSS8.7AI score0.64326EPSS
Exploits16References109
Prion
Prion
added 2014/09/27 10:55 p.m.59 views

Design/Logic Flaw

GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code or cause a denial of service uninitialized memory access, and untrusted-pointer read and write operations via a crafted...

10CVSS9.7AI score0.99999EPSS
Exploits145References109Affected Software1
FreeBSD
FreeBSD
added 2014/09/27 12:0 a.m.56 views

bash -- remote code execution

Note that this is different than the public "Shellshock" issue. Specially crafted environment variables could lead to remote arbitrary code execution. This was fixed in bash 4.3.27, however the port was patched with a mitigation in 4.3.252...

8.2AI score
Exploits0References1
myhack58
myhack58
added 2014/09/27 12:0 a.m.30 views

“Broken shell vulnerability”of self-diagnosis and repair-vulnerability warning-the black bar safety net

”The broken shell vulnerability”of self-diagnosis and repair now is hot of the Bash vulnerability, also known as the”broken shell vulnerability”that can lead to a remote attacker on the affected system to execute arbitrary code, it can affect multiple System Services: Web, ssh, gitlab, DHCP, and ...

1.6AI score
Exploits0
Rows per page
Query Builder