UBUNTU-CVE-2014-7186

The redirection implementation in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service out-of-bounds array access and application crash or possibly have unspecified other impact via crafted use of here documents, aka the "redirstack" issue...

GNU Bash Environment Variable Handling RCE Vulnerability (Shellshock, Linux/Unix SSH Login, CVE-2014-6271) - Active Check

GNU Bash is prone to a remote command execution RCE vulnerability dubbed Copyright C 2014 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is fre...

Gnu Bash 4.3 CGI REFERER Command Injection

!/usr/bin/perl Title: Bash/cgi command execution exploit CVE: CVE-2014-6271 Author: Simo Ben youssef Contact: SimoatMorxploitcom Coded: 25 September 2014 Published: 26 September 2014 MorXploit Research http://www.MorXploit.com Description: Perl code to exploit CVE-2014-6271. Injects a Perl connec...

Solaris 9 (x86) : 149080-01

SunOS 5.9x86: bash patch. Date this patch was last updated by Oracle : Sep/26/14 %NASLMINLEVEL 70300 @DEPRECATED@ This script has been deprecated by solaris9x86149080.nasl. Disabled on 2014/10/13. C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle...

Slackware 13.0 : bash (rebuild for Slackware 13.0 only) (SSA:2014-268-02)

New bash packages are available for Slackware 13.0 to fix a security issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2014-268-02. The text itself is copyright C Slackware Linux, Inc...

Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : bash (SSA:2014-268-01)

New bash packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2014-268-01. The text itse...

RHEL 5 / 6 / 7 : bash (RHSA-2014:1306)

The remote Redhat Enterprise Linux 5 / 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2014:1306 advisory. The GNU Bourne Again shell Bash is a shell and command language interpreter compatible with the Bourne shell sh. Bash is the default...

Bash environment variable code injection over HTTP

Added: 09/26/2014 CVE: CVE-2014-6271 BID: 70103 OSVDB: 112004 Background GNU Bash Bourne Again SHell is a command shell commonly used on Linux and Unix systems. Problem The Bash shell executes commands injected after function definitions contained in environment variables. This could be used by a...

DHCP Client Bash Environment Variable Code Injection Exploit

This Metasploit module exploits a code injection in specially crafted environment variables in Bash, specifically targeting dhclient network configuration scripts through the HOSTNAME, DOMAINNAME, and URL DHCP options. This module requires Metasploit: http//metasploit.com/download Current source:...

Solaris 9 (sparc) : 149079-01

SunOS 5.9: bash patch. Date this patch was last updated by Oracle : Sep/26/14 %NASLMINLEVEL 70300 @DEPRECATED@ This script has been deprecated by solaris9149079.nasl. Disabled on 2014/10/13. C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS...

Debian DSA-3035-1 : bash - security update

Tavis Ormandy discovered that the patch applied to fix CVE-2014-6271 released in DSA-3032-1 for bash, the GNU Bourne-Again Shell, was incomplete and could still allow some characters to be injected into another environment CVE-2014-7169 . With this update prefix and suffix for environment variabl...

Oracle Linux 5 : bash (ELSA-2014-3077)

The remote Oracle Linux 5 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2014-3077 advisory. 3.2-33.1.0.1 - Preliminary fix for CVE-2014-7169 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note th...

[SECURITY] [DLA 63-1] bash security update

Package : bash Version : 4.1-3+deb6u2 CVE ID : CVE-2014-7169 Debian Bug : 762760 762761 Tavis Ormandy discovered that the patch applied to fix CVE-2014-6271 released in DSA-3032-1 for bash, the GNU Bourne-Again Shell, was incomplete and could still allow some characters to be injected into anothe...

USN-2363-1 bash vulnerability

Tavis Ormandy discovered that the security fix for Bash included in USN-2362-1 was incomplete. An attacker could use this issue to bypass certain environment restrictions. CVE-2014-7169...

USN-2363-1: Bash vulnerability

Tavis Ormandy discovered that the security fix for Bash included in USN-2362-1 was incomplete. An attacker could use this issue to bypass certain environment restrictions. CVE-2014-7169...

[SECURITY] [DSA 3035-1] bash security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3035-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso September 25, 2014 http://www.debian.org/security/faq -...

[SECURITY] [DSA 3035-1] bash security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3035-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso September 25, 2014 http://www.debian.org/security/faq -...

Apache mod_cgi Bash Environment Variable Code Injection (Shellshock)

This module exploits the Shellshock vulnerability, a flaw in how the Bash shell handles external environment variables. This module targets CGI scripts in the Apache web server by setting the HTTPUSERAGENT environment variable to a malicious function definition. This module requires Metasploit:...

Bash Vulnerability Exploits Dropping DDoS Bots

A honeypot run by researchers at AlienVault Labs has snared two separate pieces of malware attempting to exploit the Bash vulnerability. One sample is a repurposed IRC bot written in Perl that is trying to build a botnet to be used in distributed denial of service attacks DDoS, said Jaime Blasco,...

bash (rebuild for Slackware 13.0 only)

New bash packages are available for Slackware 13.0 to fix a security issue. Here are the details from the Slackware 13.0 ChangeLog: patches/packages/bash-3.1.018-i486-3slack13.0.txz: Rebuilt. The patch for CVE-2014-7169 needed to be rebased against bash-3.1 in order to apply correctly. Thanks to ...