Exploit for OS Command Injection in Gnu Bash

ActiveScan++ ================== ActiveScan++ extends Burp Suite...

GNU Bash Security Bypass Vulnerability

GNU Bash is a shell command language interpreter written by American software developer Brian J. Fox for the GNU Project, which runs on Unix-like operating systems the default shell for Linux systems and is capable of reading from, and executing commands from, a standard input device or file, as...

GNU Bourne-Again Shell (Bash) 'Shellshock'

Lenovo Security Advisory: LEN-2014-003 Potential Impact: Execution of arbitrary code Severity: High Summary: GNU Bash is the common command-line shell used in many Linux/UNIX systems. The vulnerability is also referred to as “Shellshock. ” Exploitation of this vulnerability may allow a remote...

GNU Bash Local Command Execution Vulnerability

GNU Bash is a shell command language interpreter written by American software developer Brian J. Fox for the GNU Project, which runs on Unix-like operating systems the default shell for Linux systems and is capable of reading from, and executing commands from, a standard input device or file, as...

Cisco NX-OS: GNU Bash Environment Variable Command Injection Vulnerability

On September 24, 2014, a vulnerability in the Bash shell was publicly announced. The vulnerability is related to the way in which shell functions are passed though environment variables. The vulnerability may allow an attacker to inject commands into a Bash shell, depending on how the shell is...

Bash environment variable command injection in Cisco UCS Manager

Added: 03/24/2016 CVE: CVE-2014-6278 BID: 70166 Background GNU Bash Bourne Again SHell is a command shell commonly used on Linux and Unix systems. Cisco UCS Manager is a product for management of Cisco UCS and Cisco HyperFlex infrastructure. Problem The Bash shell executes commands injected after...

Advantech EKI Vulnerabilities (Update B)

OVERVIEW This updated advisory is a follow-up to the updated advisory titled ICSA-15-344-01A Advantech EKI Vulnerabilities that was published December 15, 2015, on the NCCIC/ICS-CERT web site. --------- Begin Update B Part 1 of 3 -------- HD Moore of Rapid7 identified several vulnerabilities in...

GNU Bash Incomplete Fix Remote Code Injection (Shellshock)

The remote web server is affected by a command injection vulnerability in GNU Bash known as Shellshock. The vulnerability is due to the processing of trailing strings after function definitions in the values of environment variables. This allows a remote attacker to execute arbitrary code via...

Oracle Solaris Third-Party Patch Update : bash (cve_2012_3410_stack_based)

The remote Solaris system is missing necessary patches to address security updates : - Stack-based buffer overflow in lib/sh/eaccess.c in GNU Bash before 4.2 patch 33 might allow local users to bypass intended restricted shell access via a long filename in /dev/fd, which is not properly handled...

Oracle Solaris Third-Party Patch Update : bash (multiple_vulnerabilities_in_bash) (Shellshock)

The remote Solaris system is missing necessary patches to address security updates : - GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as...

Juniper Junos Space GNU Bash Command Injection Vulnerability (JSA10648) (Shellshock)

According to its self-reported version number, the remote Junos Space version is prior to 14.1R2, and may be affected by a command injection vulnerability in GNU Bash known as Shellshock. The vulnerability is due to the processing of trailing strings after function definitions in the values of...

Malware Exploits SHELLSHOCK Vulnerability to Hack NAS Devices

The year is about to end, but serious threats like Shellshock is "far from over". Cyber criminals are actively exploiting this critical GNU Bash vulnerability to target those network attached storage devices that are still not patched and ready for exploitation. Security researchers have unearthe...

Cisco TelePresence Conductor Bash Remote Code Execution (Shellshock)

According to its self-reported version number, remote Cisco TelePresence Conductor device is affected by a command injection vulnerability in GNU Bash known as Shellshock. The vulnerability is due to the processing of trailing strings after function definitions in the values of environment...

BASHLITE Malware leverages ShellShock Bug to Hijack Devices Running BusyBox

Cyber criminals are using new malware variants by exploiting GNU Bash vulnerability referred to as ShellShock CVE-2014-6271 in order to infect embedded devices running BusyBox software, according to a researcher. A new variant of "Bashlite" malware targeting devices running BusyBox software was...

McAfee Next Generation Firewall GNU Bash Code Injection (SB10085) (Shellshock)

The remote host has a version of McAfee Next Generation Firewall NGFW installed that is affected by a command injection vulnerability in GNU Bash known as Shellshock. The vulnerability is due to the processing of trailing strings after function definitions in the values of environment variables...

VMware vCenter Converter 5.1.x < 5.1.2 / 5.5.x < 5.5.3 Multiple Vulnerabilities (VMSA-2014-0010) (Shellshock)

The version of VMware vCenter Converter installed on the remote Windows host is 5.1.x prior to 5.1.2 or 5.5.x prior to 5.5.3. It is, therefore, affected by the following vulnerabilities : - A command injection vulnerability exists in GNU Bash known as Shellshock, which is due to the processing of...

McAfee Web Gateway GNU Bash Code Injection (SB10085) (Shellshock)

The remote host has a version of McAfee Web Gateway MWG installed that is affected by a command injection vulnerability in GNU Bash known as Shellshock. The vulnerability is due to the processing of trailing strings after function definitions in the values of environment variables. This allows a...

McAfee Email Gateway GNU Bash Code Injection (SB10085) (Shellshock)

The remote host has a version of McAfee Email Gateway MEG installed that is affected by a command injection vulnerability in GNU Bash known as Shellshock. The vulnerability is due to the processing of trailing strings after function definitions in the values of environment variables. This allows ...

CUCM IM and Presence Service GNU Bash Environment Variable Handling Command Injection (CSCur05454) (Shellshock)

According to its self-reported version, the CUCM IM and Presence Service installed on the remote host contains a version of GNU Bash that is affected by a command injection vulnerability known as Shellshock, which is due to the processing of trailing strings after function definitions in the valu...

Bash Environment Variable Handling Shell Command Injection Via CUPS

Added: 11/05/2014 CVE: CVE-2014-6271 BID: 70103 OSVDB: 112004 Background GNU Bash Bourne Again SHell is a command shell commonly used on Linux and Unix systems. CUPS is printing software for UNIX-like systems that allows a computer to act as a print server. Problem The Bash shell executes command...