VMware Workspace Portal Multiple Bash Shell Vulnerabilities (VMSA-2014-0010) (Shellshock)

The version of VMware Workspace Portal formerly known as VMware Horizon Workspace installed on the remote host is missing package updates. It is, therefore, affected by the following vulnerabilities in the Bash shell : - A command injection vulnerability exists in GNU Bash known as Shellshock,...

Cisco ASA Next-Generation Firewall GNU Bash Environment Variable Handling Command Injection (cisco-sa-20140926-bash) (Shellshock)

The remote ASA Next-Generation Firewall NGFW host is missing a security patch. It is, therefore, affected by a command injection vulnerability in GNU Bash known as Shellshock. The vulnerability is due to the processing of trailing strings after function definitions in the values of environment...

VMware NSX Bash Environment Variable Command Injection (VMSA-2014-0010) (Shellshock)

The version of VMware NSX installed on the remote host is 4.x prior to 4.0.5 / 4.1.4 / 4.2.1 or 6.x prior to 6.0.7 / 6.1.1. It is, therefore, affected by a command injection vulnerability in GNU Bash known as Shellshock, which is due to the processing of trailing strings after function definition...

SIP Script Remote Command Execution via Shellshock

The remote host appears to be running SIP. SIP itself is not vulnerable to Shellshock; however, any Bash script that SIP runs for filtering or other routing tasks could potentially be affected if the script exports an environmental variable from the content or headers of a SIP message. A negative...

PHP < 5.6.2 - 'Shellshock' Safe Mode / disable_functions Bypass / Command Injection

Exploit Title: PHP 5.x Shellshock Exploit bypass disablefunctions Google Dork: none Date: 10/31/2014 Exploit Author: Ryan King Starfall Vendor Homepage: http://php.net Software Link: http://php.net/get/php-5.6.2.tar.bz2/from/a/mirror Version: 5. tested on 5.6.2 Tested on: Debian 7 and CentOS 5 an...

Cisco Prime Security Manager GNU Bash Environment Variable Handling Command Injection (cisco-sa-20140926-bash) (Shellshock)

According to its self-reported version number, the version of Cisco Prime Security Manager installed on the remote host is affected by a command injection vulnerability in GNU Bash known as Shellshock. The vulnerability is due to the processing of trailing strings after function definitions in th...

VMware vSphere Replication Bash Environment Variable Command Injection Vulnerability (VMSA-2014-0010) (Shellshock)

The VMware vSphere Replication installed on the remote host is version 5.1.x prior to 5.1.2.2, 5.5.x prior to 5.5.1.3, 5.6.x prior to 5.6.0.2, or 5.8.x prior to 5.8.0.1. It is, therefore, affected by a command injection vulnerability in GNU Bash known as Shellshock, which is due to the processing...

Cisco UCS Director Code Injection (CSCur02877) (Shellshock)

According to its self-reported version, the remote host is running a version of Cisco UCS Director that could be affected by a command injection vulnerability in GNU Bash known as Shellshock, which is due to the processing of trailing strings after function definitions in the values of environmen...

CUPS Filter Bash Environment Variable Code Injection Exploit

This Metasploit module exploits a post-auth code injection in specially crafted environment variables in Bash, specifically targeting CUPS filters through the PRINTERINFO and PRINTERLOCATION variables by default. This module requires Metasploit: http://metasploit.com/download Current source:...

CUPS Filter - Bash Environment Variable Code Injection (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit4 'CUPS Filter Bash Environment Variable Code Injection', 'Description' = %q This module exploits a post-auth code injection in special...

QNAP QTS vulnerable to OS command injection

Overview QNAP QTS is an operating system for Turbo NAS. QNAP QTS contains a flaw in the GNU Bash shell, which may result in an OS command injection vulnerability CWE-78. Yuuki Wakisaka of University of Electro-Communications reported this vulnerability to IPA. JPCERT/CC coordinated with the...

JVN#55667175: QNAP QTS vulnerable to OS command injection

QNAP QTS is an operating system for Turbo NAS. QNAP QTS contains a flaw in the GNU Bash shell, which may result in an OS command injection vulnerability CWE-78. Impact A malicious attacker may be able to execute arbitrary command at the privilege level of the calling application. Solution Update...

Shellshock Exploits Used Against SMTP Servers at Webhosts

The persistence of the Shellshock vulnerability remains high more than a month after it first surfaced. The latest attacks involved SMTP servers belonging to web hosts, said a report published by the SANS Internet Storm Center. Attackers are using Shellshock exploits targeting the now infamous...

Cisco NX-OS GNU Bash Environment Variable Command Injection Vulnerability (cisco-sa-20140926-bash) (Shellshock)

According to its self-reported version, the remote NX-OS device is affected by a command injection vulnerability in GNU Bash known as Shellshock, which is due to the processing of trailing strings after function definitions in the values of environment variables. This allows a remote attacker to...

Binary File Descriptor Library (libbfd) - Out-of-Bounds Crash

Many shell users, and certainly a lot of the people working in computer forensics or other fields of information security, have a habit of running /usr/bin/strings on binary files originating from the Internet. Their understanding is that the tool simply scans the file for runs of printable...

Security Advisory-Bash Code Injection Vulnerability

This security advisory SA describes the impact of 6 Bash vulnerabilities discovered in third-party software Vulnerability ID: HWPSIRT-2014-0951. 1.OS Command Injections vulnerability CVE-2014-6271. GNU Bash through 4.3 processes trailing strings after function definitions in the values of...

The Bash Vulnerability: How to Protect your Environment

A recently discovered hole in the security of the Bourne-Again Shell bash has the majority of Unix/Linux including OS X admins sweating bullets. You should be, too--attackers have already developed exploits to unleash on unpatched web servers, network services and daemons that use shell scripts...

openSUSE Security Update : bash (openSUSE-SU-2014:1310-1) (Shellshock)

Replace patches bash-4.2-heredoc-eof-delim.patch and bash-4.2-parse-exportfunc.patch with the official upstream patch levels bash42-052 and bash42-053 - Replace patch bash-4.2-CVE-2014-7187.patch with upstream patch level bash42-051 - Add patches bash-4.2-heredoc-eof-delim.patch for bsc898812,...

Cisco TelePresence Video Communication Server Bash Remote Code Execution (Shellshock)

According to its self-reported version number, the version of Cisco TelePresence Video Communication Server is affected by a command injection vulnerability known as Shellshock in its included GNU Bash shell. The vulnerability is due to the processing of trailing strings after function definition...

openSUSE Security Update : bash (openSUSE-SU-2014:1308-1) (Shellshock)

Replace patches bash-4.2-heredoc-eof-delim.patch and bash-4.2-parse-exportfunc.patch with the official upstream patch levels bash42-052 and bash42-053 - Replace patch bash-4.2-CVE-2014-7187.patch with upstream patch level bash42-051 - Make bash-4.2-extra-import-func.patch an optional patch due...