var-201409-1154
Vulnerability from variot
GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary commands via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271, CVE-2014-7169, and CVE-2014-6277. This vulnerability CVE-2014-6271 , CVE-2014-7169 ,and CVE-2014-6277 Vulnerability due to insufficient fix for.A third party may be able to execute arbitrary commands through a crafted environment. QNAP QTS is an operating system for Turbo NAS. QNAP QTS contains a flaw in the GNU Bash shell, which may result in an OS command injection vulnerability (CWE-78). Yuuki Wakisaka of University of Electro-Communications reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.A malicious attacker may be able to execute arbitrary command at the privilege level of the calling application. GNU Bash is prone to remote code execution vulnerability. An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. Customers who need to upgrade the firmware of their Superdome X or HP Converged System 900 for SAP HANA should contact HP Technical Support to obtain the firmware or plan to schedule an onsite visit with an HP Services field service professional.
NOTE: HP strongly recommends implementing the following security best practices to help reduce both known and future security vulnerability risks:
Isolate the HP Superdome X or HP Converged System 900 for SAP HANA's management network by keeping it separate from the data or production network, and not connecting it directly to the Internet without additional access authentication. Patch and maintain Lightweight Directory Access Protocol (LDAP) and web servers. Use virus scanners, intrusion detection/prevention systems (IDS/IPS), and vulnerability scanners regularly. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04558068
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c04558068 Version: 1
HPSBMU03246 rev.1 - HP Insight Control for Linux Central Management Server Pre-boot Execution Environment running Bash Shell, Multiple Vulnerabilities
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2015-02-02 Last Updated: 2015-02-02
Potential Security Impact: Multiple vulnerabilities
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP Insight Control for Linux Central Management Server Pre-boot Execution Environment that could be exploited remotely resulting in Denial of Service (DoS), disclosure of information, and other vulnerabilities.
References:
CVE-2014-6271 CVE-2014-6277 CVE-2014-6278 CVE-2014-7169 CVE-2014-7186 CVE-2014-7187 CVE-2014-7196 SSRT101742
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP Insight Control for Linux Central Management Server Pre-boot Execution Environment running Bash Shell
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2014-6271 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2014-6277 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2014-6278 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2014-7169 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2014-7186 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2014-7187 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2014-7196 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided the following instructions to resolve these vulnerabilities.
Follow these steps to update the HP Insight Control for Linux Central Management Server Pre-boot Execution Environment:
NOTE: The following procedure updates the bash shell on the Linux Pre-boot Execution Environment. On the Production RHEL 6.2 OS:
a. Prepare temporary directory for Bash update software:
mkdir -p $HOME/tmp/bash
cd $HOME/tmp/bash
pwd
b. Download the file 'bash-4.1.2-15.el6_4.2.i686.rpm' for Insight Control for Linux Red Hat 6.2 i386 from https://rhn.redhat.com/errata/RHSA-2014-1311.html to the temporary directory '$HOME/tmp/bash'.
c. Extract the Bash update software package.
rpm2cpio bash-4.1.2-15.el6_4.2.i686.rpm| cpio -idmv
d. Verify the version of the Bash update software:
./bin/bash --version
GNU bash, version 4.1.2(1)-release (i686-redhat-linux-gnu)
e. Verify version dependencies:
ldd ./bin/bash
linux-gate.so.1 => (0x008a7000) libtinfo.so.5 => /lib/libtinfo.so.5 (0x00459000) libdl.so.2 => /lib/libdl.so.2 (0x002c0000) libc.so.6 => /lib/libc.so.6 (0x0012e000) /lib/ld-linux.so.2 (0x00108000)
f. Create archive file from '/lib' to copy and install on the Insight Control for Linux Central Management Server Pre-boot Execution Environment system:
mkdir $HOME/tmp/lib
cd /lib
cp * $HOME/tmp/lib
cd $HOME/tmp
pwd
tar cvf bash_lib.tar *
- Download the new archive file '$HOME/tmp/bash_lib.tar' from the Production RHEL 6.2 OS system to the Insight Control for Linux Central Management Server Pre-boot Execution Environment system. On the HP Insight Control for Linux Central Managment Server Pre-boot Execution Environment system:
a. Create a temporary folder for the toolkit and copy the toolkit there :
mkdir -p $HOME/tmp/temp-toolkit
cp /usr/share/systemimager/boot/i386/standard/toolkit.tar.gz
$HOME/tmp/temp-toolkit
b. Extract the file 'toolkit.tar.gz' into the temporary folder:
cd $HOME/tmp/temp-toolkit
tar zxvf toolkit.tar.gz
mv $HOME/tmp/temp-toolkit/toolkit.tar.gz /tmp
c. Verify the version of the toolkit Bash:
$HOME/tmp/temp-toolkit/bin/bash --version
GNU bash, version 3.2.0(1)-release (i386-pc-linux-gnu) Copyright (C) 2005 Free Software Foundation, Inc.
d. Verify dependencies versions:
ldd $HOME/tmp/temp-toolkit/bin/bash
linux-gate.so.1 => (0xffffe000) libtermcap.so.2 => /lib/libtermcap.so.2 (0xf7f8c000) libdl.so.2 => /lib/libdl.so.2 (0x008bf000) libc.so.6 => /lib/libc.so.6 (0x00777000) /lib/ld-linux.so.2 (0x00755000)
e. Extract the archive 'bash_lib.tar' to directory '$HOME/tmp/bash_lib' . Then copy the bash binary and the library files to their respective locations:
tar xvf $HOME/tmp/bash_lib
cp $HOME/tmp/bash_lib/bash/bash $HOME/tmp/temp-toolkit/bin
cp $HOME/tmp/bash_lib/lib/* $HOME/tmp/temp-toolkit/lib
f. Create the updated toolkit gzipped archive file and place in /usr/share/systemimager/boot/i386/standard
tar czvf toolkit.tar.gz *
cp toolkit.tar.gz /usr/share/systemimager/boot/i386/standard
HISTORY Version:1 (rev.1) - 2 February 2015 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX
Copyright 2015 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. -----BEGIN PGP SIGNED MESSAGE-----
CA20141001-01: Security Notice for Bash Shellshock Vulnerability
Issued: October 01, 2014 Updated: October 03, 2014
CA Technologies is investigating multiple GNU Bash vulnerabilities, referred to as the "Shellshock" vulnerabilities, which were publicly disclosed on September 24-27, 2014. CVE identifiers CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, and CVE-2014-6278 have been assigned to these vulnerabilities.
The CA Technologies Enterprise Information Security team has led a global effort to identify and remediate systems and products discovered with these vulnerabilities. We continue to patch our systems as fixes become available, and we are providing fixes for affected CA Technologies products.
CA Technologies continues to aggressively scan our environments (including servers, networks, external facing applications, and SaaS environments) to proactively monitor, identify, and remediate any vulnerability when necessary.
Risk Rating
High
Platform
AIX Android (not vulnerable, unless rooted) Apple iOS (not vulnerable unless jailbroken) Linux Mac OS X Solaris Windows (not vulnerable unless Cygwin or similar ported Linux tools with Bash shell are installed) Other UNIX/BSD based systems if Bash is installed Any other OS or JeOS that utilizes Bash
Affected Products
The following products have been identified as potentially vulnerable, and we have made fixes available for all of these products.
CA API Management (Linux appliance only)
CA Application Performance Management (TIM is the only affected APM component)
CA Application Performance Management Cloud Monitor
CA Customer Experience Manager (CEM) Transaction Impact Monitor (TIM)
CA Layer 7 products (API Gateway, Mobile Access Gateway, API Management Portal)
CA User Activity Reporting Module (Enterprise Log Manager)
Note: This security notice will be updated if other CA Technologies products are determined to be vulnerable.
In most cases, the Bash vulnerabilities will need to be patched by OS vendors. Exceptions may include CA Technologies appliances, and software products that include Linux, UNIX or Mac OS X based operating systems (that include Bash).
Affected Components
CentOS Cygwin GNU Bash Red Hat Enterprise Linux SUSE Linux
Non-Affected Products
IMPORTANT NOTE: This listing includes only a small subset of the unaffected CA Technologies products. We're including unaffected products that customers have already inquired about. While the following CA Technologies products are not directly affected by the Bash vulnerabilities, the underlying operating systems that CA Technologies software is installed on may be vulnerable. We strongly encourage our customers to follow the recommendations provided by their vendors for all operating systems they utilize.
All CA SaaS / On Demand products were either not vulnerable or have already been patched.
CA AHS / PaymentMinder - AHS App is not vulnerable. The AHS app does not execute CGI scripts, or spawn or execute shell commands from within the app. AHS infrastructure already patched.
CA Asset Portfolio Management
CA AuthMinder (Arcot WebFort)
CA AuthMinder for Business Users
CA AuthMinder for Consumers
CA AutoSys products - We use the bash shell that comes with the operating system and the customer is responsible for patching their OS. Additionally, the agents themselves do not distribute any scripts that use bash.
CA Clarity On Demand
CA CloudMinder - CloudMinder does not include the Bash Shell in BoM, or use it, but because we are deployed on RHEL, customers may be indirectly affected. Customers using RHEL should apply patches provided by Red Hat.
CA Console Management for OpenVMS - Our OpenVMS products do not bundle bash, and they do not supply bash scripts; we use nothing but the native DCL CLI.
CA ControlMinder
CA DataMinder (formerly DLP) products – Software and appliance confirmed not vulnerable. Note: Linux Agents shipped, but no public SSH or Web apps are used in these agents. Customers should patch bash shell on any Linux server with DataMinder agents. DataMinder agents should continue to function normally.
CA Digital Payments SaaS (previously patched)
CA Directory
CA eCommerce SaaS / On Demand (previously patched)
CA Endevor Software Change Manager
CA Federation (formerly SiteMinder Federation)
CA GovernanceMinder
CA IdentityMinder
CA Infrastructure Management
CA JCLCheck
CA Job Management for OpenVMS - Our OpenVMS products do not bundle bash, and they do not supply bash scripts; we use nothing but the native DCL CLI.
CA NetQoS GigaStor Observer Expert
CA Network Flow Analysis
CA Performance Management for OpenVMS - Our OpenVMS products do not bundle bash, and they do not supply bash scripts; we use nothing but the native DCL CLI.
CA RiskMinder
CA Service Desk Manager
CA Service Operations Insight (SOI)
CA SiteMinder
CA SOLVE:Access
CA Spectrum for Linux - Not vulnerable. Be sure to apply bash fixes from your underlying operating system vendor.
CA Strong Authentication
CA System Watchdog for OpenVMS - Our OpenVMS products do not bundle bash, and they do not supply bash scripts; we use nothing but the native DCL CLI.
CA Top Secret
CA Universal Job Management Agent for OpenVMS - Our OpenVMS products do not bundle bash, and they do not supply bash scripts; we use nothing but the native DCL CLI.
CA Virtual Assurance for Infrastructure Managers (VAIM)
Solution
CA Technologies has issued the following fixes to address the vulnerabilities.
CA API Management: Patches for Linux appliance are available through CA Support to customers of Gateway (applicable for all versions – 6.1.5, 6.2, 7.0, 7.1, 8.0, 8.1, 8.1.1, 8.1.02).
CA Application Performance Management: KB article for APM TIM has been published. APM TIM is the only part of APM that was affected. Refer to TEC618037.
CA Application Performance Management Cloud Monitor: New images are available for subscribers. Download the latest OPMS version 8.2.1.5. For assistance, contact CA Support.
CA Customer Experience Manager (CEM) Transaction Impact Monitor (TIM): Very low risk. 9.6 is not affected. 9.5 Installation uses Bash. We do not use Bash at all for the CEM operating system that we have shipped in the past. This means that customers who patch the OS will not impact the ability of the CEM TIMsoft from operating. However prior to version 9.6, the TIM installation script does use the bash shell. See new KB article TEC618037 for additional information.
CA Layer 7 (API Gateway, Mobile Access Gateway, API Management Portal): Fixes for all Bash vulnerabilities and a security bulletin are available on the Layer 7 Support website.
CA User Activity Reporting Module (Enterprise Log Manager): All 12.5 and 12.6 GA versions are potentially affected. Patches provided on 2014-09-30. To get the patch, use the OS update functionality to get the latest R12.6 SP1 subscription update. Note that you can update R12.5 SPx with the R12.6 SP1 OS update. For assistance, contact CA Support.
Workaround
None
To help mitigate the risk, we do strongly encourage all customers to follow patch management best practices, and in particular for operating systems affected by the Bash Shellshock vulnerabilities.
References
CVE-2014-6271 - Bash environment variable command injection CVE-2014-7169 - Bash environment variable incomplete fix for CVE-2014-6271 CVE-2014-7186 - Bash parser redir_stack memory corruption CVE-2014-7187 - Bash nested flow control constructs off-by-one CVE-2014-6277 - Bash untrusted pointer use uninitialized memory CVE-2014-6278 - Bash environment variable command injection
CA20141001-01: Security Notice for Bash Shellshock Vulnerability https://support.ca.com/irj/portal/anonymous/phpsbpldgpg
Change History
v1.0: 2014-10-01, Initial Release v1.1: 2014-10-02, Added AuthMinder, Strong Authentication, VAIM, Clarity OD, All SaaS/OD products to list of Non-Affected Products. v1.2: 2014-10-03, Added RiskMinder to Non-Affected Products. Updated UARM solution info.
If additional information is required, please contact CA Technologies Support at https://support.ca.com.
If you discover a vulnerability in CA Technologies products, please report your findings to the CA Technologies Product Vulnerability Response Team at vuln@ca.com. PGP key: support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=177782
Security Notices https://support.ca.com/irj/portal/anonymous/phpsbpldgpg
Regards, Ken Williams Director, Product Vulnerability Response Team CA Technologies | One CA Plaza | Islandia, NY 11749 | www.ca.com Ken.Williams@ca.com | vuln@ca.com
Copyright © 2014 CA. All Rights Reserved. One CA Plaza, Islandia, N.Y. 11749. All other trademarks, trade names, service marks, and logos referenced herein belong to their respective companies.
-----BEGIN PGP SIGNATURE----- Version: Encryption Desktop 10.3.2 (Build 15238) Charset: utf-8
wsBVAwUBVDK+PZI1FvIeMomJAQFl/Af/TqrSE/h4r3gs9PwrWKdt21PCRI3za9Lx M5ZyTdVDIQ9ybgPkLqsovNRPgVqd7zwDHsx0rzvF5Y82uO+vQ63BuEV2GnczAax/ EiAW4WVxUgWG+lAowGV55Of8ruv/gOiAWTjFhkqpsyVg96ZMw2HLG62IwZL1j0qa oLCu0y3VrGvqH0g2hi75QwHAjNCdlEsD4onUqTCc9cRTdLwFCZrUQ8KTrqIL7LK5 Uo5T9C1UeAyNTo3KiJ/zw3BCOTkpl99dmg3NW0onU/1r1CXdlyS7opLB+GJ+xGwP xRQdUsOIhzfRzx7bsao2D43IhDnzJBBFJHdeMPo18WBTfJ7aUgBwGQ== =B62b -----END PGP SIGNATURE----- . Note: All versions of HP Thin Pro and HP Smart Zero Core operating systems prior to version 5.1.0 are affected by these vulnerabilities. Following is a complete list of affected operating systems and Hardware Platforms Affected.
Product Affected Product Versions Patch Status
HP ThinPro and HP Smart Zero Core (X86) v5.1.0 and above No update required; the Bash shell patch is incorporated into the base image.
Note: If you participated in the ThinPro 5.1.0 beta program then upgrade to the release version as soon as it becomes available.
HP ThinPro and HP Smart Zero Core (x86) v5.0.x A component update is currently available through Easy Update as: SecurityUpdate-Shellshock-2.0-all-5.0-x86.xar .
The update can be also downloaded directly from HP as part of softpaq sp69382 at the following address: ftp://ftp.hp.com/pub/softpaq/sp69001-69500/sp69382.exe
HP ThinPro and HP Smart Zero Core (x86) v4.4.x A component update is currently available through Easy Update as: SecurityUpdate-Shellshock-2.0-all-4.4-x86.xar .
The update can be also downloaded directly from HP as part of softpaq sp69382 at the following address: ftp://ftp.hp.com/pub/softpaq/sp69001-69500/sp69382.exe
HP ThinPro and HP Smart Zero Core (ARM) v4.4.x A component update is currently available through Easy Update as: SecurityUpdate-Shellshock-2.0-all-4.4-arm.xar .
The update can be also downloaded directly from HP as part of softpaq sp69382 at the following address: ftp://ftp.hp.com/pub/softpaq/sp69001-69500/sp69382.exe
HP ThinPro and HP Smart Zero Core (X86) v4.1, v4.2, and v4.3 A component update is currently available through Easy Update as: SecurityUpdate-Shellshock-2.0-all-4.1-4.2-4.3-x86.xar .
The update can be also downloaded directly from HP as part of softpaq sp69382 at the following address: ftp://ftp.hp.com/pub/softpaq/sp69001-69500/sp69382.exe
HP ThinPro and HP Smart Zero Core (ARM) v4.1, v4.2, and v4.3 A component update is currently available through Easy Update as: SecurityUpdate-Shellshock-2.0-all-4.1-4.2-4.3-arm.xar .
The update can be also downloaded directly from HP as part of softpaq sp69382 at the following address: ftp://ftp.hp.com/pub/softpaq/sp69001-69500/sp69382.exe
HP ThinPro and HP Smart Zero Core (X86) v3.1, v3.2, and v3.3 Download softpaq sp69382 from: ftp://ftp.hp.com/pub/softpaq/sp69001-69500/sp69382.exe which contains an update package as: bash_4.1-3+deb6u2_i386.deb .
HP ThinPro and HP Smart Zero Core (ARM) v3.1, v3.2, and v3.3 Download softpaq sp69382 from: ftp://ftp.hp.com/pub/softpaq/sp69001-69500/sp69382.exe which contains an update package as: bash_4.1-3+deb6u2_armel.deb . Good morning! This is kinda long.
== Background ==
If you are not familiar with the original bash function export vulnerability (CVE-2014-6271), you may want to have a look at this article:
http://lcamtuf.blogspot.com/2014/09/quick-notes-about-bash-bug-its-impact.html
Well, long story short: the initial maintainer-provided patch for this issue [1] (released on September 24) is conclusively broken.
After nagging people to update for a while [5] [7], I wanted to share the technical details of two previously non-public issues which may be used to circumvent the original patch: CVE-2014-6277 and CVE-2014-6278.
Note that the issues discussed here are separate from the three probably less severe problems publicly disclosed earlier on: Tavis' limited-exploitability EOL bug (CVE-2014-7169) and two likely non-exploitable one-off issues found by Florian Weimer and Todd Sabin (CVE-2014-7186 and CVE-2014-7187).
== Required actions ==
If you have installed just the September 24 patch [1], or that and the follow-up September 26 patch for CVE-2014-7169 [2], you are likely still vulnerable to RCE and need to update ASAP, as discussed in [5].
You are safe if you have installed the unofficial function prefix patch from Florian Weimer [3], or its upstream variant released on September 28 [4]. The patch does not eliminate the problems, but shields the underlying parser from untrusted inputs under normal circumstances.
Note: over the past few days, Florian's patch has been picked up by major Linux distros (Red Hat, Debian, SUSE, etc), so there is a reasonable probability that you are in good shape. To test, execute this command from within a bash shell:
foo='() { echo not patched; }' bash -c foo
If you see "not patched", you probably want upgrade immediately. If you see "bash: foo: command not found", you're OK.
== Vulnerability details: CVE-2014-6277 (the more involved one) ==
The following function definition appearing in the value of any environmental variable passed to bash will lead to an attempt to dereference attacker-controlled pointers (provided that the targeted instance of bash is protected only with the original patches [1][2] and does not include Florian's fix):
() { x() { ; }; x() { ; } <<a; }
A more complete example leading to a deref of 0x41414141 would be:
HTTP_COOKIE="() { x() { ; }; x() { ; } <<perl -e '{print
"A"x1000}'; }" bash -c :
bash[25662]: segfault at 41414141 ip 00190d96 sp bfbe6354 error 4 in libc-2.12.so[110000+191000]
(If you are seeing 0xdfdfdfdf, see note later on).
The issue is caused by an uninitialized here_doc_eof field in a REDIR struct originally created in make_redirection(). The initial segv will happen due to an attempt to read and then copy a string to a new buffer through a macro that expands to:
strcpy (xmalloc (1 + strlen (redirect->here_doc_eof)), (redirect->here_doc_eof))
This appears to be exploitable in at least one way: if here_doc_eof is chosen by the attacker to point in the vicinity of the current stack pointer, the apparent contents of the string - and therefore its length - may change between stack-based calls to xmalloc() and strcpy() as a natural consequence of an attempt to pass parameters and create local variables. Such a mid-macro switch will result in an out-of-bounds write to the newly-allocated memory.
A simple conceptual illustration of this attack vector would be:
-- snip! -- char* result; int len_alloced;
main(int argc, char** argv) {
/ The offset will be system- and compiler-specific /; char* ptr = &ptr - 9;
result = strcpy (malloc(100 + (len_alloced = strlen(ptr))), ptr);
printf("requested memory = %d\n" "copied text = %d\n", len_alloced + 1, strlen(result) + 1);
} -- snip! --
When compiled with the -O2 flag used for bash, on one test system, this produces:
requested memory = 2 copied text = 28
This can lead to heap corruption, with multiple writes possible per payload by simply increasing the number of malformed here-docs. The consequences should be fairly clear.
[ There is also a latter call to free() on here_doc_eof in dispose_cmd.c, but because of the simultaneous discovery of the much simpler bug '78 discussed in the next section, I have not spent a whole lot of time trying to figure out how to get to that path. ]
Perhaps notably, the ability to specify attacker-controlled addresses hinges on the state of --enable-bash-malloc and --enable-mem-scramble compile-time flags; if both are enabled, the memory returned by xmalloc() will be initialized to 0xdf, making the prospect of exploitation more speculative (essentially depending on whether the stack or any other memory region can be grown to overlap with 0xdfdfdfdf). That said, many Linux distributions disable one or both flags and are vulnerable out-of-the-box. It is also of note that relatively few distributions compile bash as PIE, so there is little consolation to be found in ASLR.
Similarly to the original vulnerability, this issue can be usually triggered remotely through web servers such as Apache (provided that they invoke CGI scripts or PHP / Python / Perl / C / Java servlets that rely on system() or popen()-type libcalls); through DHCP clients; and through some MUAs and MTAs. For a more detailed discussion of the exposed attack surface, refer to [6].
== Vulnerability details: CVE-2014-6278 (the "back to the '90s" one) ==
The following function definition appearing in the value of any environmental variable passed to bash 4.2 or 4.3 will lead to straightforward put-your-command-here RCE (again, provided that the targeted instance is not protected with Florian's patch):
() { ; } >[$($())] { echo hi mom; id; }
A complete example looks like this:
HTTP_COOKIE='() { ; } >[$($())] { echo hi mom; id; }' bash -c :
...or:
GET /some/script.cgi HTTP/1.0 User-Agent: () { ; } >[$($())] { id >/tmp/hi_mom; }
Note that the PoC does not work as-is in more ancient versions of bash, such as 2.x or 3.x; it might have been introduced with xparse_dolparen() starting with bash 4.2 patch level 12 few years back, but I have not investigated this in a lot of detail. Florian's patch is strongly recommended either way.
The attack surface through which this flaw may be triggered is roughly similar to that for CVE-2014-6277 and the original bash bug [6].
== Additional info ==
Both of these issues were identified in an automated fashion with american fuzzy lop:
https://code.google.com/p/american-fuzzy-lop
The out-of-the-box fuzzer was seeded with a minimal valid function definition ("() { foo() { foo; }; >bar; }") and allowed to run for a couple of hours on a single core.
In addition to the issues discussed above, the fuzzer also hit three of the four previously-reported CVEs.
I initially shared the findings privately with vendors, but because of the intense scrutiny that this codebase is under, the ease of reproducing these results with an open-source fuzzer, and the now-broad availability of upstream mitigations, there seems to be relatively little value in continued secrecy.
== References ==
[1] http://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-025 [2] http://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-026 [3] http://www.openwall.com/lists/oss-security/2014/09/25/13 [4] http://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-027 [5] http://lcamtuf.blogspot.com/2014/09/bash-bug-apply-unofficial-patch-now.html [6] http://lcamtuf.blogspot.com/2014/09/quick-notes-about-bash-bug-its-impact.html [7] http://www.pcworld.com/article/2688932/improved-patch-tackles-new-shellshock-attack-vectors.html
PS. There are no other bugs in bash.
--------- FOLLOW UP -----------
Date: Wed, 01 Oct 2014 07:32:57 -0700 From fulldisclosure-bounces@seclists.org Wed Oct 1 14:37:33 2014 From: Paul Vixie paul@redbarn.org To: Michal Zalewski lcamtuf@coredump.cx Cc: "fulldisclosure@seclists.org" fulldisclosure@seclists.org Subject: Re: [FD] the other bash RCEs (CVE-2014-6277 and CVE-2014-6278)
michal, thank you for your incredibly informative report here. i have a minor correction.
Michal Zalewski lcamtuf@coredump.cx Wednesday, October 01, 2014 7:21 AM ...
Note: over the past few days, Florian's patch has been picked up by major Linux distros (Red Hat, Debian, SUSE, etc), so there is a reasonable probability that you are in good shape. To test, execute this command from within a bash shell:
foo='() { echo not patched; }' bash -c foo
this command need not be executed from within bash. the problem occurs when bash is run by the command, and the shell that runs the command can be anything. for example, on a system where i have deliberately not patched bash, where sh is "ash" (almquist shell):
$ foo='() { echo not patched; }' bash -c foo not patched
here's me testing it from within tcsh:
% env foo='() { echo not patched; }' bash -c foo not patched % (setenv foo '() { echo not patched; }'; bash -c foo) not patched
this is a minor issue, but i've found in matters of security bug reports, tests, and discussions, that any minor matter can lead to deep misunderstanding.
thanks again for your excellent report, and your continuing work on this issue.
vixie
.
HP Vertica AMI's and Virtual Machines prior to v7.1.1-0.
HP has released the following updates to resolve this vulnerability for HP Vertica products.
Update to the latest VM image available at: https://my.vertica.com
For customers using the AMI version HP Vertica Analytics platform, please install the latest image available at Amazon. Under Step2: your ITRC operating systems - verify your operating system selections are checked and save.
To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
Copyright 2014 Hewlett-Packard Development Company, L.P.
Note: HP and the switch vendor recommend running an active version of Fabric OS (FOS) listed on the HP Single Point of Connectivity Knowledge (SPOCK) website ( http://h20272.www2.hp.com/ ) and applying the work-around information provided in the MITIGATION INFORMATION section below to protect HP StoreFabric B-series switches from this vulnerability.
Fabric OS (FOS) v7.3.0b (This version will be available soon and this bulletin will revised at that time)
The following focused fix FOS versions are available for the previously released versions and have been renamed to include an additional hexadecimal character appended to the FOS version on which it is based:
FOS v7.2.1c1
FOS v7.2.0d6
FOS v7.1.2b1
FOS v7.1.1c1
FOS v7.1.0cb
FOS v7.0.2e1
FOS v7.0.0d1
FOS v6.4.3f3
FOS v6.4.2a3
FOS v6.2.2f9
MITIGATION INFORMATION
HP recommends the following steps to reduce the risk of this vulnerability:
- Place the HP StoreFabric SAN switch and other data center critical
infrastructure behind a firewall to disallow access from the Internet. - Change all HP StoreFabric switch default account passwords, including the root passwords, from the default factory passwords. - Examine the list of accounts, including ones on the switch and those existing on remote authentication servers such as RADIUS, LDAP, and TACAS+, to ensure only necessary personnel can gain access to HP StoreFabric FOS switches. Delete guest accounts and temporary accounts created for one-time usage needs. - Utilize FOS password policy management to strengthen the complexity, age, and history requirements of switch account passwords
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201409-1154",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "bash",
"scope": "eq",
"trust": 1.3,
"vendor": "gnu",
"version": "4.2"
},
{
"model": "bash",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "3.2.48"
},
{
"model": "bash",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "1.14.1"
},
{
"model": "bash",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "2.01.1"
},
{
"model": "bash",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "1.14.2"
},
{
"model": "bash",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "1.14.0"
},
{
"model": "bash",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "1.14.3"
},
{
"model": "bash",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "1.14.4"
},
{
"model": "bash",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "2.02"
},
{
"model": "bash",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "3.0.16"
},
{
"model": "bash",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "1.14.5"
},
{
"model": "bash",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "2.02.1"
},
{
"model": "bash",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "3.0"
},
{
"model": "bash",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "1.14.7"
},
{
"model": "bash",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "2.01"
},
{
"model": "bash",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "3.1"
},
{
"model": "bash",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "2.05"
},
{
"model": "bash",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "4.1"
},
{
"model": "bash",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "2.03"
},
{
"model": "bash",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "3.2"
},
{
"model": "bash",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "2.04"
},
{
"model": "bash",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "4.0"
},
{
"model": "bash",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "1.14.6"
},
{
"model": "bash",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "4.3"
},
{
"model": "bash",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "2.0"
},
{
"model": "bash",
"scope": "lte",
"trust": 0.8,
"vendor": "gnu",
"version": "4.3 bash43-026"
},
{
"model": "qts",
"scope": "lte",
"trust": 0.8,
"vendor": "qnap",
"version": "4.1.1 build 0927"
},
{
"model": "workcentre",
"scope": "eq",
"trust": 0.3,
"vendor": "xerox",
"version": "7245"
},
{
"model": "workcentre",
"scope": "eq",
"trust": 0.3,
"vendor": "xerox",
"version": "7242"
},
{
"model": "workcentre",
"scope": "eq",
"trust": 0.3,
"vendor": "xerox",
"version": "7238"
},
{
"model": "workcentre",
"scope": "eq",
"trust": 0.3,
"vendor": "xerox",
"version": "7235"
},
{
"model": "workcentre",
"scope": "eq",
"trust": 0.3,
"vendor": "xerox",
"version": "7232"
},
{
"model": "workcentre",
"scope": "eq",
"trust": 0.3,
"vendor": "xerox",
"version": "7228"
},
{
"model": "phaser",
"scope": "eq",
"trust": 0.3,
"vendor": "xerox",
"version": "78000"
},
{
"model": "phaser",
"scope": "eq",
"trust": 0.3,
"vendor": "xerox",
"version": "67000"
},
{
"model": "colorqube",
"scope": "eq",
"trust": 0.3,
"vendor": "xerox",
"version": "9393"
},
{
"model": "colorqube",
"scope": "eq",
"trust": 0.3,
"vendor": "xerox",
"version": "9303"
},
{
"model": "colorqube",
"scope": "eq",
"trust": 0.3,
"vendor": "xerox",
"version": "9302"
},
{
"model": "colorqube",
"scope": "eq",
"trust": 0.3,
"vendor": "xerox",
"version": "9301"
},
{
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "11"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.2"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5"
},
{
"model": "email gateway patch",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "7.01"
},
{
"model": "email gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "7.0"
},
{
"model": "email gateway hotfix",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "6.7.22"
},
{
"model": "email gateway hotfix",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "6.7.21"
},
{
"model": "ds8000",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1"
},
{
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1"
},
{
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.3"
},
{
"model": "insight control",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"model": "wide area application services",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "unified ip phone",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "unified contact center express",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "network analysis module",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "mds",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "gss 4492r global site selector",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "emergency responder",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1.1"
},
{
"model": "digital media manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.0"
},
{
"model": "digital media manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "show and share",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5(2)"
},
{
"model": "ip deskphone",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "96x16.2"
},
{
"model": "ip deskphone",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "96x16"
}
],
"sources": [
{
"db": "BID",
"id": "70166"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004476"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-000126"
},
{
"db": "NVD",
"id": "CVE-2014-6278"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:gnu:bash:1.14.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:bash:1.14.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:bash:2.03:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:bash:2.04:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:bash:3.2.48:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:bash:4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:bash:1.14.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:bash:1.14.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:bash:2.01:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:bash:2.01.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:bash:3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:bash:3.0.16:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:bash:4.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:bash:4.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:bash:1.14.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:bash:1.14.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:bash:2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:bash:2.05:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:bash:2.05:a:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:bash:2.05:b:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:bash:4.0:rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:bash:4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:bash:1.14.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:bash:1.14.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:bash:2.02:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:bash:2.02.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:bash:3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:bash:3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-6278"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "HP",
"sources": [
{
"db": "PACKETSTORM",
"id": "128764"
},
{
"db": "PACKETSTORM",
"id": "130336"
},
{
"db": "PACKETSTORM",
"id": "130988"
},
{
"db": "PACKETSTORM",
"id": "129068"
},
{
"db": "PACKETSTORM",
"id": "128752"
},
{
"db": "PACKETSTORM",
"id": "128666"
},
{
"db": "PACKETSTORM",
"id": "128763"
},
{
"db": "PACKETSTORM",
"id": "129617"
},
{
"db": "PACKETSTORM",
"id": "128760"
}
],
"trust": 0.9
},
"cve": "CVE-2014-6278",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2014-6278",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2014-000126",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-6278",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2014-000126",
"trust": 0.8,
"value": "High"
},
{
"author": "VULMON",
"id": "CVE-2014-6278",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2014-6278"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004476"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-000126"
},
{
"db": "NVD",
"id": "CVE-2014-6278"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary commands via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271, CVE-2014-7169, and CVE-2014-6277. This vulnerability CVE-2014-6271 , CVE-2014-7169 ,and CVE-2014-6277 Vulnerability due to insufficient fix for.A third party may be able to execute arbitrary commands through a crafted environment. QNAP QTS is an operating system for Turbo NAS. QNAP QTS contains a flaw in the GNU Bash shell, which may result in an OS command injection vulnerability (CWE-78). Yuuki Wakisaka of University of Electro-Communications reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.A malicious attacker may be able to execute arbitrary command at the privilege level of the calling application. GNU Bash is prone to remote code execution vulnerability. \nAn attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. Customers who\nneed to upgrade the firmware of their Superdome X or HP Converged System 900\nfor SAP HANA should contact HP Technical Support to obtain the firmware or\nplan to schedule an onsite visit with an HP Services field service\nprofessional. \n\nNOTE: HP strongly recommends implementing the following security best\npractices to help reduce both known and future security vulnerability risks:\n\nIsolate the HP Superdome X or HP Converged System 900 for SAP HANA\u0027s\nmanagement network by keeping it separate from the data or production\nnetwork, and not connecting it directly to the Internet without additional\naccess authentication. \nPatch and maintain Lightweight Directory Access Protocol (LDAP) and web\nservers. \nUse virus scanners, intrusion detection/prevention systems (IDS/IPS), and\nvulnerability scanners regularly. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c04558068\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c04558068\nVersion: 1\n\nHPSBMU03246 rev.1 - HP Insight Control for Linux Central Management Server\nPre-boot Execution Environment running Bash Shell, Multiple Vulnerabilities\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2015-02-02\nLast Updated: 2015-02-02\n\nPotential Security Impact: Multiple vulnerabilities\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP Insight\nControl for Linux Central Management Server Pre-boot Execution Environment\nthat could be exploited remotely resulting in Denial of Service (DoS),\ndisclosure of information, and other vulnerabilities. \n\nReferences:\n\nCVE-2014-6271\nCVE-2014-6277\nCVE-2014-6278\nCVE-2014-7169\nCVE-2014-7186\nCVE-2014-7187\nCVE-2014-7196\nSSRT101742\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP Insight Control for Linux Central Management Server Pre-boot Execution\nEnvironment running Bash Shell\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2014-6271 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2014-6277 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2014-6278 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2014-7169 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2014-7186 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2014-7187 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2014-7196 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has provided the following instructions to resolve these vulnerabilities. \n\nFollow these steps to update the HP Insight Control for Linux Central\nManagement Server Pre-boot Execution Environment:\n\nNOTE: The following procedure updates the bash shell on the Linux Pre-boot\nExecution Environment. On the Production RHEL 6.2 OS:\n\na. Prepare temporary directory for Bash update software:\n\n# mkdir -p $HOME/tmp/bash\n# cd $HOME/tmp/bash\n# pwd\n\u003chome directory\u003e/tmp/bash\n\nb. Download the file \u0027bash-4.1.2-15.el6_4.2.i686.rpm\u0027 for Insight Control for\nLinux Red Hat 6.2 i386 from https://rhn.redhat.com/errata/RHSA-2014-1311.html\nto the temporary directory \u0027$HOME/tmp/bash\u0027. \n\nc. Extract the Bash update software package. \n\n# rpm2cpio bash-4.1.2-15.el6_4.2.i686.rpm| cpio -idmv\n\nd. Verify the version of the Bash update software:\n\n# ./bin/bash --version\nGNU bash, version 4.1.2(1)-release (i686-redhat-linux-gnu)\n\ne. Verify version dependencies:\n\n# ldd ./bin/bash\n\nlinux-gate.so.1 =\u003e (0x008a7000)\nlibtinfo.so.5 =\u003e /lib/libtinfo.so.5 (0x00459000)\nlibdl.so.2 =\u003e /lib/libdl.so.2 (0x002c0000)\nlibc.so.6 =\u003e /lib/libc.so.6 (0x0012e000)\n/lib/ld-linux.so.2 (0x00108000)\n\nf. Create archive file from \u0027/lib\u0027 to copy and install on the Insight Control\nfor Linux Central Management Server Pre-boot Execution Environment system:\n\n# mkdir $HOME/tmp/lib\n# cd /lib\n# cp * $HOME/tmp/lib\n# cd $HOME/tmp\n# pwd\n\u003chome directory\u003e/tmp\n# tar cvf bash_lib.tar *\n\n2. Download the new archive file \u0027$HOME/tmp/bash_lib.tar\u0027 from the Production\nRHEL 6.2 OS system to the Insight Control for Linux Central Management Server\nPre-boot Execution Environment system. On the HP Insight Control for Linux Central Managment Server Pre-boot\nExecution Environment system:\n\na. Create a temporary folder for the toolkit and copy the toolkit there :\n\n# mkdir -p $HOME/tmp/temp-toolkit\n# cp /usr/share/systemimager/boot/i386/standard/toolkit.tar.gz\n$HOME/tmp/temp-toolkit\n\nb. Extract the file \u0027toolkit.tar.gz\u0027 into the temporary folder:\n\n# cd $HOME/tmp/temp-toolkit\n# tar zxvf toolkit.tar.gz\n# mv $HOME/tmp/temp-toolkit/toolkit.tar.gz /tmp\n\nc. Verify the version of the toolkit Bash:\n\n# $HOME/tmp/temp-toolkit/bin/bash --version\nGNU bash, version 3.2.0(1)-release (i386-pc-linux-gnu) Copyright (C) 2005\nFree Software Foundation, Inc. \n\nd. Verify dependencies versions:\n\n# ldd $HOME/tmp/temp-toolkit/bin/bash\n\nlinux-gate.so.1 =\u003e (0xffffe000)\nlibtermcap.so.2 =\u003e /lib/libtermcap.so.2 (0xf7f8c000)\nlibdl.so.2 =\u003e /lib/libdl.so.2 (0x008bf000)\nlibc.so.6 =\u003e /lib/libc.so.6 (0x00777000)\n/lib/ld-linux.so.2 (0x00755000)\n\ne. Extract the archive \u0027bash_lib.tar\u0027 to directory \u0027$HOME/tmp/bash_lib\u0027 . \nThen copy the bash binary and the library files to their respective\nlocations:\n\n# tar xvf $HOME/tmp/bash_lib\n# cp $HOME/tmp/bash_lib/bash/bash $HOME/tmp/temp-toolkit/bin\n# cp $HOME/tmp/bash_lib/lib/* $HOME/tmp/temp-toolkit/lib\n\nf. Create the updated toolkit gzipped archive file and place in\n/usr/share/systemimager/boot/i386/standard\n\n# tar czvf toolkit.tar.gz *\n# cp toolkit.tar.gz /usr/share/systemimager/boot/i386/standard\n\nHISTORY\nVersion:1 (rev.1) - 2 February 2015 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2015 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \n-----BEGIN PGP SIGNED MESSAGE-----\n\nCA20141001-01: Security Notice for Bash Shellshock Vulnerability\n\n\nIssued: October 01, 2014\nUpdated: October 03, 2014\n\n\nCA Technologies is investigating multiple GNU Bash vulnerabilities, \nreferred to as the \"Shellshock\" vulnerabilities, which were publicly \ndisclosed on September 24-27, 2014. CVE identifiers CVE-2014-6271, \nCVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, and \nCVE-2014-6278 have been assigned to these vulnerabilities. \n\nThe CA Technologies Enterprise Information Security team has led a \nglobal effort to identify and remediate systems and products discovered \nwith these vulnerabilities. We continue to patch our systems as fixes \nbecome available, and we are providing fixes for affected CA \nTechnologies products. \n\nCA Technologies continues to aggressively scan our environments \n(including servers, networks, external facing applications, and SaaS \nenvironments) to proactively monitor, identify, and remediate any \nvulnerability when necessary. \n\n\nRisk Rating\n\nHigh\n\n\nPlatform\n\nAIX\nAndroid (not vulnerable, unless rooted)\nApple iOS (not vulnerable unless jailbroken)\nLinux\nMac OS X\nSolaris\nWindows (not vulnerable unless Cygwin or similar ported Linux tools \n with Bash shell are installed)\nOther UNIX/BSD based systems if Bash is installed\nAny other OS or JeOS that utilizes Bash\n\n\nAffected Products\n\nThe following products have been identified as potentially vulnerable, \nand we have made fixes available for all of these products. \n\nCA API Management (Linux appliance only)\n\nCA Application Performance Management (TIM is the only affected APM \n component)\n\nCA Application Performance Management Cloud Monitor\n\nCA Customer Experience Manager (CEM) Transaction Impact Monitor (TIM)\n\nCA Layer 7 products (API Gateway, Mobile Access Gateway, API Management \n Portal)\n\nCA User Activity Reporting Module (Enterprise Log Manager)\n\nNote: This security notice will be updated if other CA Technologies \nproducts are determined to be vulnerable. \n\nIn most cases, the Bash vulnerabilities will need to be patched by OS \nvendors. Exceptions may include CA Technologies appliances, and \nsoftware products that include Linux, UNIX or Mac OS X based operating \nsystems (that include Bash). \n\n\nAffected Components\n\nCentOS\nCygwin\nGNU Bash\nRed Hat Enterprise Linux\nSUSE Linux\n\n\nNon-Affected Products\n\nIMPORTANT NOTE: This listing includes only a small subset of the \nunaffected CA Technologies products. We\u0027re including unaffected \nproducts that customers have already inquired about. While the \nfollowing CA Technologies products are not directly affected by the \nBash vulnerabilities, the underlying operating systems that CA \nTechnologies software is installed on may be vulnerable. We strongly \nencourage our customers to follow the recommendations provided by their \nvendors for all operating systems they utilize. \n\nAll CA SaaS / On Demand products were either not vulnerable or have \nalready been patched. \n\nCA AHS / PaymentMinder - AHS App is not vulnerable. The AHS app does \nnot execute CGI scripts, or spawn or execute shell commands from within \nthe app. AHS infrastructure already patched. \n\nCA Asset Portfolio Management\n\nCA AuthMinder (Arcot WebFort)\n\nCA AuthMinder for Business Users\n\nCA AuthMinder for Consumers\n\nCA AutoSys products - We use the bash shell that comes with the \noperating system and the customer is responsible for patching their OS. \nAdditionally, the agents themselves do not distribute any scripts that \nuse bash. \n\nCA Clarity On Demand\n\nCA CloudMinder - CloudMinder does not include the Bash Shell in BoM, or \nuse it, but because we are deployed on RHEL, customers may be \nindirectly affected. Customers using RHEL should apply patches provided \nby Red Hat. \n\nCA Console Management for OpenVMS - Our OpenVMS products do not bundle \nbash, and they do not supply bash scripts; we use nothing but the \nnative DCL CLI. \n\nCA ControlMinder\n\nCA DataMinder (formerly DLP) products \u2013 Software and appliance \nconfirmed not vulnerable. Note: Linux Agents shipped, but no public SSH \nor Web apps are used in these agents. Customers should patch bash shell \non any Linux server with DataMinder agents. DataMinder agents should \ncontinue to function normally. \n\nCA Digital Payments SaaS (previously patched)\n\nCA Directory\n\nCA eCommerce SaaS / On Demand (previously patched)\n\nCA Endevor Software Change Manager\n\nCA Federation (formerly SiteMinder Federation)\n\nCA GovernanceMinder\n\nCA IdentityMinder\n\nCA Infrastructure Management\n\nCA JCLCheck\n\nCA Job Management for OpenVMS - Our OpenVMS products do not bundle \nbash, and they do not supply bash scripts; we use nothing but the \nnative DCL CLI. \n\nCA NetQoS GigaStor Observer Expert\n\nCA Network Flow Analysis\n\nCA Performance Management for OpenVMS - Our OpenVMS products do not \nbundle bash, and they do not supply bash scripts; we use nothing but \nthe native DCL CLI. \n\nCA RiskMinder\n\nCA Service Desk Manager\n\nCA Service Operations Insight (SOI)\n\nCA SiteMinder\n\nCA SOLVE:Access\n\nCA Spectrum for Linux - Not vulnerable. Be sure to apply bash fixes \nfrom your underlying operating system vendor. \n\nCA Strong Authentication\n\nCA System Watchdog for OpenVMS - Our OpenVMS products do not bundle \nbash, and they do not supply bash scripts; we use nothing but the \nnative DCL CLI. \n\nCA Top Secret\n\nCA Universal Job Management Agent for OpenVMS - Our OpenVMS products do \nnot bundle bash, and they do not supply bash scripts; we use nothing \nbut the native DCL CLI. \n\nCA Virtual Assurance for Infrastructure Managers (VAIM)\n\n\nSolution\n\nCA Technologies has issued the following fixes to address the \nvulnerabilities. \n\nCA API Management:\nPatches for Linux appliance are available through CA Support to \ncustomers of Gateway (applicable for all versions \u2013 6.1.5, 6.2, 7.0, \n7.1, 8.0, 8.1, 8.1.1, 8.1.02). \n\nCA Application Performance Management:\nKB article for APM TIM has been published. APM TIM is the only part of \nAPM that was affected. Refer to TEC618037. \n\nCA Application Performance Management Cloud Monitor:\nNew images are available for subscribers. Download the latest OPMS \nversion 8.2.1.5. For assistance, contact CA Support. \n\nCA Customer Experience Manager (CEM) Transaction Impact Monitor (TIM):\nVery low risk. 9.6 is not affected. 9.5 Installation uses Bash. We do \nnot use Bash at all for the CEM operating system that we have shipped \nin the past. This means that customers who patch the OS will not impact \nthe ability of the CEM TIMsoft from operating. However prior to version \n9.6, the TIM installation script does use the bash shell. See new KB \narticle TEC618037 for additional information. \n\nCA Layer 7 (API Gateway, Mobile Access Gateway, API Management Portal):\nFixes for all Bash vulnerabilities and a security bulletin are available \non the Layer 7 Support website. \n\nCA User Activity Reporting Module (Enterprise Log Manager):\nAll 12.5 and 12.6 GA versions are potentially affected. Patches \nprovided on 2014-09-30. To get the patch, use the OS update \nfunctionality to get the latest R12.6 SP1 subscription update. Note \nthat you can update R12.5 SPx with the R12.6 SP1 OS update. For \nassistance, contact CA Support. \n\n\nWorkaround\n\nNone\n\nTo help mitigate the risk, we do strongly encourage all customers to \nfollow patch management best practices, and in particular for operating \nsystems affected by the Bash Shellshock vulnerabilities. \n\n\nReferences\n\nCVE-2014-6271 - Bash environment variable command injection\nCVE-2014-7169 - Bash environment variable incomplete fix for CVE-2014-6271\nCVE-2014-7186 - Bash parser redir_stack memory corruption\nCVE-2014-7187 - Bash nested flow control constructs off-by-one\nCVE-2014-6277 - Bash untrusted pointer use uninitialized memory\nCVE-2014-6278 - Bash environment variable command injection\n\nCA20141001-01: Security Notice for Bash Shellshock Vulnerability\nhttps://support.ca.com/irj/portal/anonymous/phpsbpldgpg\n\n\nChange History\n\nv1.0: 2014-10-01, Initial Release\nv1.1: 2014-10-02, Added AuthMinder, Strong Authentication, VAIM, \n Clarity OD, All SaaS/OD products to list of Non-Affected Products. \nv1.2: 2014-10-03, Added RiskMinder to Non-Affected Products. Updated \n UARM solution info. \n\n\nIf additional information is required, please contact CA Technologies \nSupport at https://support.ca.com. \n\nIf you discover a vulnerability in CA Technologies products, please \nreport your findings to the CA Technologies Product Vulnerability \nResponse Team at vuln@ca.com. \nPGP key:\nsupport.ca.com/irj/portal/anonymous/phpsupcontent?contentID=177782\n\nSecurity Notices\nhttps://support.ca.com/irj/portal/anonymous/phpsbpldgpg\n\n\nRegards,\nKen Williams\nDirector, Product Vulnerability Response Team\nCA Technologies | One CA Plaza | Islandia, NY 11749 | www.ca.com\nKen.Williams@ca.com | vuln@ca.com\n\n\nCopyright \u00a9 2014 CA. All Rights Reserved. One CA Plaza, Islandia, N.Y. \n11749. All other trademarks, trade names, service marks, and logos \nreferenced herein belong to their respective companies. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: Encryption Desktop 10.3.2 (Build 15238)\nCharset: utf-8\n\nwsBVAwUBVDK+PZI1FvIeMomJAQFl/Af/TqrSE/h4r3gs9PwrWKdt21PCRI3za9Lx\nM5ZyTdVDIQ9ybgPkLqsovNRPgVqd7zwDHsx0rzvF5Y82uO+vQ63BuEV2GnczAax/\nEiAW4WVxUgWG+lAowGV55Of8ruv/gOiAWTjFhkqpsyVg96ZMw2HLG62IwZL1j0qa\noLCu0y3VrGvqH0g2hi75QwHAjNCdlEsD4onUqTCc9cRTdLwFCZrUQ8KTrqIL7LK5\nUo5T9C1UeAyNTo3KiJ/zw3BCOTkpl99dmg3NW0onU/1r1CXdlyS7opLB+GJ+xGwP\nxRQdUsOIhzfRzx7bsao2D43IhDnzJBBFJHdeMPo18WBTfJ7aUgBwGQ==\n=B62b\n-----END PGP SIGNATURE-----\n. \nNote: All versions of HP Thin Pro and HP Smart Zero Core operating systems\nprior to version 5.1.0 are affected by these vulnerabilities. Following is a\ncomplete list of affected operating systems and Hardware Platforms Affected. \n\nProduct Affected\n Product Versions\n Patch Status\n\nHP ThinPro and HP Smart Zero Core (X86)\n v5.1.0 and above\n No update required; the Bash shell patch is incorporated into the base\nimage. \n\nNote: If you participated in the ThinPro 5.1.0 beta program then upgrade to\nthe release version as soon as it becomes available. \n\nHP ThinPro and HP Smart Zero Core (x86)\n v5.0.x\n A component update is currently available through Easy Update as:\nSecurityUpdate-Shellshock-2.0-all-5.0-x86.xar . \n\nThe update can be also downloaded directly from HP as part of softpaq sp69382\nat the following address:\nftp://ftp.hp.com/pub/softpaq/sp69001-69500/sp69382.exe\n\nHP ThinPro and HP Smart Zero Core (x86)\n v4.4.x\n A component update is currently available through Easy Update as:\nSecurityUpdate-Shellshock-2.0-all-4.4-x86.xar . \n\nThe update can be also downloaded directly from HP as part of softpaq sp69382\nat the following address:\nftp://ftp.hp.com/pub/softpaq/sp69001-69500/sp69382.exe\n\nHP ThinPro and HP Smart Zero Core (ARM)\n v4.4.x\n A component update is currently available through Easy Update as:\nSecurityUpdate-Shellshock-2.0-all-4.4-arm.xar . \n\nThe update can be also downloaded directly from HP as part of softpaq sp69382\nat the following address:\nftp://ftp.hp.com/pub/softpaq/sp69001-69500/sp69382.exe\n\nHP ThinPro and HP Smart Zero Core (X86)\n v4.1, v4.2, and v4.3\n A component update is currently available through Easy Update as:\nSecurityUpdate-Shellshock-2.0-all-4.1-4.2-4.3-x86.xar . \n\nThe update can be also downloaded directly from HP as part of softpaq sp69382\nat the following address:\nftp://ftp.hp.com/pub/softpaq/sp69001-69500/sp69382.exe\n\nHP ThinPro and HP Smart Zero Core (ARM)\n v4.1, v4.2, and v4.3\n A component update is currently available through Easy Update as:\nSecurityUpdate-Shellshock-2.0-all-4.1-4.2-4.3-arm.xar . \n\nThe update can be also downloaded directly from HP as part of softpaq sp69382\nat the following address:\nftp://ftp.hp.com/pub/softpaq/sp69001-69500/sp69382.exe\n\nHP ThinPro and HP Smart Zero Core (X86)\n v3.1, v3.2, and v3.3\n Download softpaq sp69382 from:\nftp://ftp.hp.com/pub/softpaq/sp69001-69500/sp69382.exe which contains an\nupdate package as: bash_4.1-3+deb6u2_i386.deb . \n\nHP ThinPro and HP Smart Zero Core (ARM)\n v3.1, v3.2, and v3.3\n Download softpaq sp69382 from:\nftp://ftp.hp.com/pub/softpaq/sp69001-69500/sp69382.exe which contains an\nupdate package as: bash_4.1-3+deb6u2_armel.deb . Good morning! This is kinda long. \n\n== Background ==\n\nIf you are not familiar with the original bash function export\nvulnerability (CVE-2014-6271), you may want to have a look at this\narticle:\n\nhttp://lcamtuf.blogspot.com/2014/09/quick-notes-about-bash-bug-its-impact.html\n\nWell, long story short: the initial maintainer-provided patch for this\nissue [1] (released on September 24) is *conclusively* broken. \n\nAfter nagging people to update for a while [5] [7], I wanted to share\nthe technical details of two previously non-public issues which may be\nused to circumvent the original patch: CVE-2014-6277 and\nCVE-2014-6278. \n\nNote that the issues discussed here are separate from the three\nprobably less severe problems publicly disclosed earlier on: Tavis\u0027\nlimited-exploitability EOL bug (CVE-2014-7169) and two likely\nnon-exploitable one-off issues found by Florian Weimer and Todd Sabin\n(CVE-2014-7186 and CVE-2014-7187). \n\n== Required actions ==\n\nIf you have installed just the September 24 patch [1], or that and the\nfollow-up September 26 patch for CVE-2014-7169 [2], you are likely\nstill vulnerable to RCE and need to update ASAP, as discussed in [5]. \n\nYou are safe if you have installed the unofficial function prefix\npatch from Florian Weimer [3], or its upstream variant released on\nSeptember 28 [4]. The patch does not eliminate the problems, but\nshields the underlying parser from untrusted inputs under normal\ncircumstances. \n\nNote: over the past few days, Florian\u0027s patch has been picked up by\nmajor Linux distros (Red Hat, Debian, SUSE, etc), so there is a\nreasonable probability that you are in good shape. To test, execute\nthis command from within a bash shell:\n\nfoo=\u0027() { echo not patched; }\u0027 bash -c foo\n\nIf you see \"not patched\", you probably want upgrade immediately. If\nyou see \"bash: foo: command not found\", you\u0027re OK. \n\n== Vulnerability details: CVE-2014-6277 (the more involved one) ==\n\nThe following function definition appearing in the value of any\nenvironmental variable passed to bash will lead to an attempt to\ndereference attacker-controlled pointers (provided that the targeted\ninstance of bash is protected only with the original patches [1][2]\nand does not include Florian\u0027s fix):\n\n() { x() { _; }; x() { _; } \u003c\u003ca; }\n\nA more complete example leading to a deref of 0x41414141 would be:\n\nHTTP_COOKIE=\"() { x() { _; }; x() { _; } \u003c\u003c`perl -e \u0027{print\n\"A\"x1000}\u0027`; }\" bash -c :\n\nbash[25662]: segfault at 41414141 ip 00190d96 sp bfbe6354 error 4 in\nlibc-2.12.so[110000+191000]\n\n(If you are seeing 0xdfdfdfdf, see note later on). \n\nThe issue is caused by an uninitialized here_doc_eof field in a REDIR\nstruct originally created in make_redirection(). The initial segv will\nhappen due to an attempt to read and then copy a string to a new\nbuffer through a macro that expands to:\n\nstrcpy (xmalloc (1 + strlen (redirect-\u003ehere_doc_eof)), (redirect-\u003ehere_doc_eof))\n\nThis appears to be exploitable in at least one way: if here_doc_eof is\nchosen by the attacker to point in the vicinity of the current stack\npointer, the apparent contents of the string - and therefore its\nlength - may change between stack-based calls to xmalloc() and\nstrcpy() as a natural consequence of an attempt to pass parameters and\ncreate local variables. Such a mid-macro switch will result in an\nout-of-bounds write to the newly-allocated memory. \n\nA simple conceptual illustration of this attack vector would be:\n\n-- snip! --\nchar* result;\nint len_alloced;\n\nmain(int argc, char** argv) {\n\n /* The offset will be system- and compiler-specific */;\n char* ptr = \u0026ptr - 9;\n\n result = strcpy (malloc(100 + (len_alloced = strlen(ptr))), ptr);\n\n printf(\"requested memory = %d\\n\"\n \"copied text = %d\\n\", len_alloced + 1, strlen(result) + 1);\n\n}\n-- snip! --\n\nWhen compiled with the -O2 flag used for bash, on one test system,\nthis produces:\n\nrequested memory = 2\ncopied text = 28\n\nThis can lead to heap corruption, with multiple writes possible per\npayload by simply increasing the number of malformed here-docs. The\nconsequences should be fairly clear. \n\n[ There is also a latter call to free() on here_doc_eof in\ndispose_cmd.c, but because of the simultaneous discovery of the much\nsimpler bug \u002778 discussed in the next section, I have not spent a\nwhole lot of time trying to figure out how to get to that path. ]\n\nPerhaps notably, the ability to specify attacker-controlled addresses\nhinges on the state of --enable-bash-malloc and --enable-mem-scramble\ncompile-time flags; if both are enabled, the memory returned by\nxmalloc() will be initialized to 0xdf, making the prospect of\nexploitation more speculative (essentially depending on whether the\nstack or any other memory region can be grown to overlap with\n0xdfdfdfdf). That said, many Linux distributions disable one or both\nflags and are vulnerable out-of-the-box. It is also of note that\nrelatively few distributions compile bash as PIE, so there is little\nconsolation to be found in ASLR. \n\nSimilarly to the original vulnerability, this issue can be usually\ntriggered remotely through web servers such as Apache (provided that\nthey invoke CGI scripts or PHP / Python / Perl / C / Java servlets\nthat rely on system() or popen()-type libcalls); through DHCP clients;\nand through some MUAs and MTAs. For a more detailed discussion of the\nexposed attack surface, refer to [6]. \n\n== Vulnerability details: CVE-2014-6278 (the \"back to the \u002790s\" one) ==\n\nThe following function definition appearing in the value of any\nenvironmental variable passed to bash 4.2 or 4.3 will lead to\nstraightforward put-your-command-here RCE (again, provided that the\ntargeted instance is not protected with Florian\u0027s patch):\n\n() { _; } \u003e_[$($())] { echo hi mom; id; }\n\nA complete example looks like this:\n\nHTTP_COOKIE=\u0027() { _; } \u003e_[$($())] { echo hi mom; id; }\u0027 bash -c :\n\n...or:\n\nGET /some/script.cgi HTTP/1.0\nUser-Agent: () { _; } \u003e_[$($())] { id \u003e/tmp/hi_mom; }\n\nNote that the PoC does not work as-is in more ancient versions of\nbash, such as 2.x or 3.x; it might have been introduced with\nxparse_dolparen() starting with bash 4.2 patch level 12 few years\nback, but I have not investigated this in a lot of detail. Florian\u0027s\npatch is strongly recommended either way. \n\nThe attack surface through which this flaw may be triggered is roughly\nsimilar to that for CVE-2014-6277 and the original bash bug [6]. \n\n== Additional info ==\n\nBoth of these issues were identified in an automated fashion with\namerican fuzzy lop:\n\nhttps://code.google.com/p/american-fuzzy-lop\n\nThe out-of-the-box fuzzer was seeded with a minimal valid function\ndefinition (\"() { foo() { foo; }; \u003ebar; }\") and allowed to run for a\ncouple of hours on a single core. \n\nIn addition to the issues discussed above, the fuzzer also hit three\nof the four previously-reported CVEs. \n\nI initially shared the findings privately with vendors, but because of\nthe intense scrutiny that this codebase is under, the ease of\nreproducing these results with an open-source fuzzer, and the\nnow-broad availability of upstream mitigations, there seems to be\nrelatively little value in continued secrecy. \n\n== References ==\n\n[1] http://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-025\n[2] http://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-026\n[3] http://www.openwall.com/lists/oss-security/2014/09/25/13\n[4] http://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-027\n[5] http://lcamtuf.blogspot.com/2014/09/bash-bug-apply-unofficial-patch-now.html\n[6] http://lcamtuf.blogspot.com/2014/09/quick-notes-about-bash-bug-its-impact.html\n[7] http://www.pcworld.com/article/2688932/improved-patch-tackles-new-shellshock-attack-vectors.html\n\nPS. There are no other bugs in bash. \n\n--------- FOLLOW UP -----------\n\nDate: Wed, 01 Oct 2014 07:32:57 -0700\nFrom fulldisclosure-bounces@seclists.org Wed Oct 1 14:37:33 2014\nFrom: Paul Vixie \u003cpaul@redbarn.org\u003e\nTo: Michal Zalewski \u003clcamtuf@coredump.cx\u003e\nCc: \"fulldisclosure@seclists.org\" \u003cfulldisclosure@seclists.org\u003e\nSubject: Re: [FD] the other bash RCEs (CVE-2014-6277 and CVE-2014-6278)\n\nmichal, thank you for your incredibly informative report here. i have a\nminor correction. \n\n\u003e Michal Zalewski \u003cmailto:lcamtuf@coredump.cx\u003e\n\u003e Wednesday, October 01, 2014 7:21 AM\n\u003e ... \n\u003e\n\u003e Note: over the past few days, Florian\u0027s patch has been picked up by\n\u003e major Linux distros (Red Hat, Debian, SUSE, etc), so there is a\n\u003e reasonable probability that you are in good shape. To test, execute\n\u003e this command from within a bash shell:\n\u003e\n\u003e foo=\u0027() { echo not patched; }\u0027 bash -c foo\n\nthis command need not be executed from within bash. the problem occurs\nwhen bash is run by the command, and the shell that runs the command can\nbe anything. for example, on a system where i have deliberately not\npatched bash, where sh is \"ash\" (almquist shell):\n\n\u003e $ foo=\u0027() { echo not patched; }\u0027 bash -c foo\n\u003e not patched \n\nhere\u0027s me testing it from within tcsh:\n\n\u003e % env foo=\u0027() { echo not patched; }\u0027 bash -c foo\n\u003e not patched\n\u003e % (setenv foo \u0027() { echo not patched; }\u0027; bash -c foo)\n\u003e not patched\n\nthis is a minor issue, but i\u0027ve found in matters of security bug\nreports, tests, and discussions, that any minor matter can lead to deep\nmisunderstanding. \n\nthanks again for your excellent report, and your continuing work on this\nissue. \n\nvixie\n\n. \n\nHP Vertica AMI\u0027s and Virtual Machines prior to v7.1.1-0. \n\nHP has released the following updates to resolve this vulnerability for HP\nVertica products. \n\nUpdate to the latest VM image available at: https://my.vertica.com\n\nFor customers using the AMI version HP Vertica Analytics platform, please\ninstall the latest image available at Amazon. \nUnder Step2: your ITRC operating systems\n - verify your operating system selections are checked and save. \n\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php\nLog in on the web page: Subscriber\u0027s choice for Business: sign-in. \nOn the web page: Subscriber\u0027s Choice: your profile summary - use Edit Profile\nto update appropriate sections. HP is continually reviewing and enhancing the\nsecurity features of software products to provide customers with current\nsecure solutions. \n\n\"HP is broadly distributing this Security Bulletin in order to bring to the\nattention of users of the affected HP products the important security\ninformation contained in this Bulletin. HP recommends that all users\ndetermine the applicability of this information to their individual\nsituations and take appropriate action. HP does not warrant that this\ninformation is necessarily accurate or complete for all user situations and,\nconsequently, HP will not be responsible for any damages resulting from\nuser\u0027s use or disregard of the information provided in this Bulletin. To the\nextent permitted by law, HP disclaims all warranties, either express or\nimplied, including the warranties of merchantability and fitness for a\nparticular purpose, title and non-infringement.\"\n\nCopyright 2014 Hewlett-Packard Development Company, L.P. \n\n Note: HP and the switch vendor recommend running an active version of\nFabric OS (FOS) listed on the HP Single Point of Connectivity Knowledge\n(SPOCK) website ( http://h20272.www2.hp.com/ ) and applying the work-around\ninformation provided in the MITIGATION INFORMATION section below to protect\nHP StoreFabric B-series switches from this vulnerability. \n\n Fabric OS (FOS) v7.3.0b (This version will be available soon and this\nbulletin will revised at that time)\n\n The following focused fix FOS versions are available for the previously\nreleased versions and have been renamed to include an additional hexadecimal\ncharacter appended to the FOS version on which it is based:\n\n FOS v7.2.1c1\n FOS v7.2.0d6\n FOS v7.1.2b1\n FOS v7.1.1c1\n FOS v7.1.0cb\n FOS v7.0.2e1\n FOS v7.0.0d1\n FOS v6.4.3f3\n FOS v6.4.2a3\n FOS v6.2.2f9\n\nMITIGATION INFORMATION\n\n HP recommends the following steps to reduce the risk of this vulnerability:\n\n - Place the HP StoreFabric SAN switch and other data center critical\ninfrastructure behind a firewall to disallow access from the Internet. \n - Change all HP StoreFabric switch default account passwords, including\nthe root passwords, from the default factory passwords. \n - Examine the list of accounts, including ones on the switch and those\nexisting on remote authentication servers such as RADIUS, LDAP, and TACAS+,\nto ensure only necessary personnel can gain access to HP StoreFabric FOS\nswitches. Delete guest accounts and temporary accounts created for one-time\nusage needs. \n - Utilize FOS password policy management to strengthen the complexity,\nage, and history requirements of switch account passwords",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-6278"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004476"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-000126"
},
{
"db": "BID",
"id": "70166"
},
{
"db": "VULMON",
"id": "CVE-2014-6278"
},
{
"db": "PACKETSTORM",
"id": "128764"
},
{
"db": "PACKETSTORM",
"id": "130336"
},
{
"db": "PACKETSTORM",
"id": "130988"
},
{
"db": "PACKETSTORM",
"id": "128567"
},
{
"db": "PACKETSTORM",
"id": "129068"
},
{
"db": "PACKETSTORM",
"id": "128752"
},
{
"db": "PACKETSTORM",
"id": "128520"
},
{
"db": "PACKETSTORM",
"id": "128666"
},
{
"db": "PACKETSTORM",
"id": "128763"
},
{
"db": "PACKETSTORM",
"id": "129617"
},
{
"db": "PACKETSTORM",
"id": "128760"
}
],
"trust": 3.69
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=39568",
"trust": 0.5,
"type": "exploit"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2014-6278"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-6278",
"trust": 4.1
},
{
"db": "JVN",
"id": "JVN55667175",
"trust": 2.7
},
{
"db": "JVNDB",
"id": "JVNDB-2014-000126",
"trust": 2.7
},
{
"db": "CERT/CC",
"id": "VU#252743",
"trust": 1.9
},
{
"db": "JVN",
"id": "JVNVU97219505",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004476",
"trust": 1.6
},
{
"db": "MCAFEE",
"id": "SB10085",
"trust": 1.4
},
{
"db": "JUNIPER",
"id": "JSA10648",
"trust": 1.4
},
{
"db": "PACKETSTORM",
"id": "128567",
"trust": 1.2
},
{
"db": "SECUNIA",
"id": "61641",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "61603",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "61287",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "60055",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "61654",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "61313",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "60044",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "58200",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "61550",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "61780",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "61552",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "61565",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "61312",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "60193",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "61129",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "61703",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "60433",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "61128",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "60063",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "61816",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "61633",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "60034",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "61643",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "61485",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "61503",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "62343",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "60325",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "61291",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "61328",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "61283",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "60024",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "61442",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "59961",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "61471",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "61857",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "61065",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "59907",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "62312",
"trust": 1.1
},
{
"db": "PACKETSTORM",
"id": "137344",
"trust": 1.1
},
{
"db": "EXPLOIT-DB",
"id": "39568",
"trust": 1.0
},
{
"db": "EXPLOIT-DB",
"id": "39887",
"trust": 1.0
},
{
"db": "USCERT",
"id": "TA14-268A",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU97220341",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004433",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004410",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004432",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004431",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004399",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-15-344-01",
"trust": 0.8
},
{
"db": "BID",
"id": "70166",
"trust": 0.4
},
{
"db": "JUNIPER",
"id": "JSA10661",
"trust": 0.3
},
{
"db": "ICS CERT",
"id": "ICSA-14-269-01",
"trust": 0.3
},
{
"db": "EXPLOITDB",
"id": "39568",
"trust": 0.1
},
{
"db": "EXPLOITDB",
"id": "39887",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2014-6278",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "128764",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "130336",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "130988",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "129068",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "128752",
"trust": 0.1
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2014/09/25/13",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "128520",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "128666",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "128763",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "129617",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "128760",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2014-6278"
},
{
"db": "BID",
"id": "70166"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004476"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-000126"
},
{
"db": "PACKETSTORM",
"id": "128764"
},
{
"db": "PACKETSTORM",
"id": "130336"
},
{
"db": "PACKETSTORM",
"id": "130988"
},
{
"db": "PACKETSTORM",
"id": "128567"
},
{
"db": "PACKETSTORM",
"id": "129068"
},
{
"db": "PACKETSTORM",
"id": "128752"
},
{
"db": "PACKETSTORM",
"id": "128520"
},
{
"db": "PACKETSTORM",
"id": "128666"
},
{
"db": "PACKETSTORM",
"id": "128763"
},
{
"db": "PACKETSTORM",
"id": "129617"
},
{
"db": "PACKETSTORM",
"id": "128760"
},
{
"db": "NVD",
"id": "CVE-2014-6278"
}
]
},
"id": "VAR-201409-1154",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.3212341
},
"last_update_date": "2024-06-12T21:39:25.573000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "NAS-201410-05",
"trust": 1.6,
"url": "http://www.qnap.com/i/en/support/con_show.php?cid=61"
},
{
"title": "bash\u306e\u8106\u5f31\u6027(CVE-2014-6271,CVE-2014-7169 \u4ed6)\u306b\u3088\u308bHA8500\u3078\u306e\u5f71\u97ff\u306b\u3064\u3044\u3066",
"trust": 1.6,
"url": "http://www.hitachi.co.jp/products/it/server/security/info/vulnerable/bash_ha8500.html"
},
{
"title": "\u30b5\u30fc\u30d0\u30fb\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u88fd\u54c1 bash\u306e\u8106\u5f31\u6027(CVE-2014-6271,CVE-2014-7169\u4ed6)\u306b\u3088\u308b\u5f71\u97ff\u306b\u3064\u3044\u3066",
"trust": 1.6,
"url": "http://www.hitachi.co.jp/products/it/server/security/info/vulnerable/bash_cve20146271.html"
},
{
"title": "bash-3.2-33.AXS3.4",
"trust": 0.8,
"url": "https://tsn.miraclelinux.com/tsn_local/index.php?m=errata\u0026a=detail\u0026eid=3918"
},
{
"title": "bash-4.1.2-15.AXS4.2",
"trust": 0.8,
"url": "https://tsn.miraclelinux.com/tsn_local/index.php?m=errata\u0026a=detail\u0026eid=3919"
},
{
"title": "cisco-sa-20140926-bash",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20140926-bash"
},
{
"title": "CTX200223",
"trust": 0.8,
"url": "https://support.citrix.com/article/ctx200223"
},
{
"title": "CTX200217",
"trust": 0.8,
"url": "https://support.citrix.com/article/ctx200217"
},
{
"title": "GNU Bash",
"trust": 0.8,
"url": "http://www.gnu.org/software/bash/"
},
{
"title": "HPSBST03157 SSRT101718",
"trust": 0.8,
"url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c04488200"
},
{
"title": "HPSBST03122 SSRT101717",
"trust": 0.8,
"url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c04471532"
},
{
"title": "HPSBMU03217 SSRT101827",
"trust": 0.8,
"url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c04512907"
},
{
"title": "HPSBST03129 SSRT101760",
"trust": 0.8,
"url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c04478866"
},
{
"title": "HPSBMU03182 SSRT101787",
"trust": 0.8,
"url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c04497042"
},
{
"title": "HPSBHF03125 SSRT101724",
"trust": 0.8,
"url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c04471538"
},
{
"title": "HPSBGN03233",
"trust": 0.8,
"url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c04540692"
},
{
"title": "HPSBGN03141 SSRT101763",
"trust": 0.8,
"url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c04479398"
},
{
"title": "HPSBST03154 SSRT101747",
"trust": 0.8,
"url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c04487558"
},
{
"title": "HPSBGN03138 SSRT101755",
"trust": 0.8,
"url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c04475942"
},
{
"title": "HPSBMU03236 SSRT101830",
"trust": 0.8,
"url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c04552143"
},
{
"title": "HPSBGN03142 SSRT101764",
"trust": 0.8,
"url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c04479402"
},
{
"title": "HPSBST03181 SSRT101811",
"trust": 0.8,
"url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c04496383"
},
{
"title": "HPSBMU03245 SSRT101742",
"trust": 0.8,
"url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c04556845"
},
{
"title": "HPSBMU03144 SSRT101762",
"trust": 0.8,
"url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c04479492"
},
{
"title": "HPSBMU03165 SSRT101783",
"trust": 0.8,
"url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c04497075"
},
{
"title": "HPSBHF03145 SSRT101765",
"trust": 0.8,
"url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c04479505"
},
{
"title": "HPSBMU03143 SSRT101761",
"trust": 0.8,
"url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c04479536"
},
{
"title": "HPSBST03155 SSRT101747",
"trust": 0.8,
"url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c04487573"
},
{
"title": "HPSBHF03146 SSRT101765",
"trust": 0.8,
"url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c04479601"
},
{
"title": "MIGR-5096315",
"trust": 0.8,
"url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5096315"
},
{
"title": "T1021279",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1021279"
},
{
"title": "S1004897",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004897"
},
{
"title": "S1004898",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004898"
},
{
"title": "1686479",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686479"
},
{
"title": "1685433",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685433"
},
{
"title": "1685541",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685541"
},
{
"title": "1685604",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685604"
},
{
"title": "1685522",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685522"
},
{
"title": "S1004915",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004915"
},
{
"title": "1685914",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685914"
},
{
"title": "1686493",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686493"
},
{
"title": "T1021272",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1021272"
},
{
"title": "1685733",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685733"
},
{
"title": "S1004879",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004879"
},
{
"title": "1686131",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686131"
},
{
"title": "1685749",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685749"
},
{
"title": "1685798",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685798"
},
{
"title": "1686299",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686299"
},
{
"title": "1686635",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686635"
},
{
"title": "\u30a2\u30e9\u30a4\u30c9\u30c6\u30ec\u30b7\u30b9\u682a\u5f0f\u4f1a\u793e\u304b\u3089\u306e\u60c5\u5831",
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu97219505/522154/index.html"
},
{
"title": "OES11 SP2, OES11SP1, OES2 SP3 vulnerability with GNU Bash Remote Code Execution (aka ShellShock) and Mozilla NSS vulnerabilities",
"trust": 0.8,
"url": "https://www.novell.com/support/kb/doc.php?id=7015701"
},
{
"title": "ZENworks Configuration Management vulnerability with GNU Bash Remote Code Execution (aka ShellShock)",
"trust": 0.8,
"url": "https://www.novell.com/support/kb/doc.php?id=7015721"
},
{
"title": "AV14-003",
"trust": 0.8,
"url": "http://jpn.nec.com/security-info/av14-003.html"
},
{
"title": "ShellShock 101 - What you need to know and do, to ensure your systems are secure",
"trust": 0.8,
"url": "https://www.suse.com/support/shellshock/"
},
{
"title": "ELSA-2014-3094",
"trust": 0.8,
"url": "http://linux.oracle.com/errata/elsa-2014-3094"
},
{
"title": "ELSA-2014-3093",
"trust": 0.8,
"url": "http://linux.oracle.com/errata/elsa-2014-3093"
},
{
"title": "Bash \"Shellshock\" Vulnerabilities - CVE-2014-7169",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/bashcve-2014-7169-2317675.html"
},
{
"title": "Bug 1147414",
"trust": 0.8,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1147414"
},
{
"title": "Resolution for Bash Code Injection Vulnerability via Specially Crafted Environment Variables (CVE-2014-6271, CVE-2014-7169) in Red Hat Enterprise Linux",
"trust": 0.8,
"url": "https://access.redhat.com/solutions/1207723"
},
{
"title": "Bash specially-crafted environment variables code injection attack",
"trust": 0.8,
"url": "https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/"
},
{
"title": "GNU Bash \u300cOS \u30b3\u30de\u30f3\u30c9\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u300d\u306e\u8106\u5f31\u6027\u306b\u3064\u3044\u3066",
"trust": 0.8,
"url": "http://www.rtpro.yamaha.co.jp/rt/faq/security/vu252743.html"
},
{
"title": "SA82",
"trust": 0.8,
"url": "https://bto.bluecoat.com/security-advisory/sa82"
},
{
"title": "SOL15629",
"trust": 0.8,
"url": "https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15629.html"
},
{
"title": "Multiple vulnerabilities in Bash",
"trust": 0.8,
"url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_bash"
},
{
"title": "CVE-2014-6278",
"trust": 0.8,
"url": "https://security-tracker.debian.org/tracker/cve-2014-6278"
},
{
"title": "JSA10648",
"trust": 0.8,
"url": "https://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10648"
},
{
"title": "VMSA-2014-0010",
"trust": 0.8,
"url": "http://www.vmware.com/security/advisories/vmsa-2014-0010.html"
},
{
"title": "GNU bash \u306e\u8106\u5f31\u6027\u306b\u95a2\u3059\u308b\u5f0a\u793e\u8abf\u67fb\u30fb\u5bfe\u5fdc\u72b6\u6cc1\u306b\u3064\u3044\u3066",
"trust": 0.8,
"url": "http://www.iodata.jp/support/information/2014/bash/"
},
{
"title": "cisco-sa-20140926-bash",
"trust": 0.8,
"url": "http://www.cisco.com/cisco/web/support/jp/112/1126/1126247_cisco-sa-20140926-bash-j.html"
},
{
"title": "TLSA-2014-10",
"trust": 0.8,
"url": "http://www.turbolinux.co.jp/security/2014/tlsa-2014-10j.html"
},
{
"title": "GNU Bash\u306b\u304a\u3051\u308bOS\u30b3\u30de\u30f3\u30c9\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u306e\u8106\u5f31\u6027",
"trust": 0.8,
"url": "http://buffalo.jp/support_s/s20141002.html"
},
{
"title": "GNU Bash \u306b OS \u30b3\u30de\u30f3\u30c9\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u306e\u8106\u5f31\u6027",
"trust": 0.8,
"url": "http://software.fujitsu.com/jp/security/vulnerabilities/jvn-97219505.html"
},
{
"title": "APPLE-SA-2015-09-30-3 OS X El Capitan 10.11",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2015/sep/msg00008.html"
},
{
"title": "HT205267",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht205267"
},
{
"title": "Ubuntu Security Notice: bash vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2380-1"
},
{
"title": "VMware Security Advisories: VMware product updates address critical Bash security vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=vmware_security_advisories\u0026qid=86cb6b3955e100fdc9667a7ca916c772"
},
{
"title": "Symantec Security Advisories: SA82 : GNU Bash Shellshock Command Injection Vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=2b57ceaadfde2a8b03482273e1fd21ea"
},
{
"title": "Citrix Security Bulletins: Citrix XenServer Shellshock Security Update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins\u0026qid=64ae0aae8269062686789e3a3fa1d2bf"
},
{
"title": "Tenable Security Advisories: [R7] Tenable Appliance Affected by GNU bash \u0027Shellshock\u0027 Vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2014-07"
},
{
"title": "Citrix Security Bulletins: Citrix Security Advisory for GNU Bash Shellshock Vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins\u0026qid=73443a6db89dc66fc6bcb49f85bfd1ab"
},
{
"title": "CiscoUCS-Shellshock",
"trust": 0.1,
"url": "https://github.com/thatchriseckert/ciscoucs-shellshock "
},
{
"title": "0day-WriteUp-TryHackme-CTF-Medium",
"trust": 0.1,
"url": "https://github.com/elc4br4/0day-writeup-tryhackme-ctf-medium "
},
{
"title": "ShellScan",
"trust": 0.1,
"url": "https://github.com/0xicf/shellscan "
},
{
"title": "cvesploit",
"trust": 0.1,
"url": "https://github.com/swapravo/cvesploit "
},
{
"title": "fabric-shellshock",
"trust": 0.1,
"url": "https://github.com/ericlake/fabric-shellshock "
},
{
"title": "w-test",
"trust": 0.1,
"url": "https://github.com/inspirion87/w-test "
},
{
"title": "Xpl-SHELLSHOCK-Ch3ck",
"trust": 0.1,
"url": "https://github.com/googleinurl/xpl-shellshock-ch3ck "
},
{
"title": "bashcheck",
"trust": 0.1,
"url": "https://github.com/hannob/bashcheck "
},
{
"title": "shellshockFixOSX",
"trust": 0.1,
"url": "https://github.com/opragel/shellshockfixosx "
},
{
"title": "shocktrooper",
"trust": 0.1,
"url": "https://github.com/evank/shocktrooper "
},
{
"title": "ShellShockHunter",
"trust": 0.1,
"url": "https://github.com/mrcl0wnlab/shellshockhunter "
},
{
"title": "shellshocker-pocs",
"trust": 0.1,
"url": "https://github.com/mubix/shellshocker-pocs "
},
{
"title": "ActiveScanPlusPlus",
"trust": 0.1,
"url": "https://github.com/albinowax/activescanplusplus "
},
{
"title": "afl-cve",
"trust": 0.1,
"url": "https://github.com/mrash/afl-cve "
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/researcher-takes-wraps-off-two-undisclosed-shellshock-vulnerabilities-in-bash/108674/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2014-6278"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004476"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-000126"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 2.6
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-004476"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-000126"
},
{
"db": "NVD",
"id": "CVE-2014-6278"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "http://jvn.jp/en/jp/jvn55667175/index.html"
},
{
"trust": 1.9,
"url": "http://jvndb.jvn.jp/jvndb/jvndb-2014-000126"
},
{
"trust": 1.6,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-6278"
},
{
"trust": 1.6,
"url": "http://jvn.jp/vu/jvnvu97219505/index.html"
},
{
"trust": 1.6,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-6278"
},
{
"trust": 1.6,
"url": "http://www.kb.cert.org/vuls/id/252743"
},
{
"trust": 1.4,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20140926-bash"
},
{
"trust": 1.4,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685749"
},
{
"trust": 1.4,
"url": "http://www.vmware.com/security/advisories/vmsa-2014-0010.html"
},
{
"trust": 1.4,
"url": "https://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10648"
},
{
"trust": 1.4,
"url": "http://www.oracle.com/technetwork/topics/security/bashcve-2014-7169-2317675.html"
},
{
"trust": 1.4,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685914"
},
{
"trust": 1.4,
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1021272"
},
{
"trust": 1.4,
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004898"
},
{
"trust": 1.4,
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1021279"
},
{
"trust": 1.4,
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004897"
},
{
"trust": 1.4,
"url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5096315"
},
{
"trust": 1.4,
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004915"
},
{
"trust": 1.4,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685604"
},
{
"trust": 1.4,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686131"
},
{
"trust": 1.4,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686246"
},
{
"trust": 1.4,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21687079"
},
{
"trust": 1.4,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10085"
},
{
"trust": 1.2,
"url": "http://lcamtuf.blogspot.com/2014/09/bash-bug-apply-unofficial-patch-now.html"
},
{
"trust": 1.2,
"url": "https://www.exploit-db.com/exploits/39568/"
},
{
"trust": 1.1,
"url": "https://security-tracker.debian.org/tracker/cve-2014-6278"
},
{
"trust": 1.1,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1147414"
},
{
"trust": 1.1,
"url": "https://www.suse.com/support/shellshock/"
},
{
"trust": 1.1,
"url": "http://support.novell.com/security/cve/cve-2014-6278.html"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/61641"
},
{
"trust": 1.1,
"url": "http://lcamtuf.blogspot.com/2014/10/bash-bug-how-we-finally-cracked.html"
},
{
"trust": 1.1,
"url": "https://kb.bluecoat.com/index?page=content\u0026id=sa82"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/61485"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/59907"
},
{
"trust": 1.1,
"url": "http://www.ubuntu.com/usn/usn-2380-1"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/61654"
},
{
"trust": 1.1,
"url": "http://packetstormsecurity.com/files/128567/ca-technologies-gnu-bash-shellshock.html"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/61565"
},
{
"trust": 1.1,
"url": "http://www.novell.com/support/kb/doc.php?id=7015721"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/61643"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/61503"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/61633"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/61552"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/61703"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/61283"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/61603"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00004.html"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=141330468527613\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=141345648114150\u0026w=2"
},
{
"trust": 1.1,
"url": "https://support.citrix.com/article/ctx200217"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004879"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/60034"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/61816"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/61128"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/61313"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685733"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/61442"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/61287"
},
{
"trust": 1.1,
"url": "https://support.citrix.com/article/ctx200223"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/60055"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/61129"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/61780"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686479"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685541"
},
{
"trust": 1.1,
"url": "https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15629.html"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/61471"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/58200"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/61328"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/61857"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/60193"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/61065"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/61550"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/60325"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/61312"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686494"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/60063"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/61291"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/60044"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686445"
},
{
"trust": 1.1,
"url": "https://supportcenter.checkpoint.com/supportcenter/portal?eventsubmit_dogoviewsolutiondetails=\u0026solutionid=sk102673\u0026src=securityalerts"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1021361"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/60433"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/60024"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=141383353622268\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=141383304022067\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=141383244821813\u0026w=2"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-updates/2014-10/msg00025.html"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=141450491804793\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=141383081521087\u0026w=2"
},
{
"trust": 1.1,
"url": "http://www.qnap.com/i/en/support/con_show.php?cid=61"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=141383026420882\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=141383196021590\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=141383465822787\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=141577137423233\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=141577241923505\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=141576728022234\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=141577297623641\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=141585637922673\u0026w=2"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/62312"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/59961"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/62343"
},
{
"trust": 1.1,
"url": "http://linux.oracle.com/errata/elsa-2014-3093"
},
{
"trust": 1.1,
"url": "http://linux.oracle.com/errata/elsa-2014-3094"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=142358026505815\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=142358078406056\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=141879528318582\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=142118135300698\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=142721162228379\u0026w=2"
},
{
"trust": 1.1,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:164"
},
{
"trust": 1.1,
"url": "http://packetstormsecurity.com/files/137344/sun-secure-global-desktop-oracle-global-desktop-shellshock.html"
},
{
"trust": 1.1,
"url": "https://www.exploit-db.com/exploits/39887/"
},
{
"trust": 1.1,
"url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-c04518183"
},
{
"trust": 1.1,
"url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-c04497075"
},
{
"trust": 1.1,
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1008-security-advisory-0006"
},
{
"trust": 1.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-6271"
},
{
"trust": 1.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-6277"
},
{
"trust": 1.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-6278"
},
{
"trust": 1.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-7169"
},
{
"trust": 0.9,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-7186"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-7187"
},
{
"trust": 0.8,
"url": "http://www.ipa.go.jp/security/ciadr/vul/20140926-bash.html"
},
{
"trust": 0.8,
"url": "https://www.jpcert.or.jp/at/2014/at140037.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/jp/jvn55667175/index.html"
},
{
"trust": 0.8,
"url": "https://www.us-cert.gov/ncas/alerts/ta14-268a"
},
{
"trust": 0.8,
"url": "http://lcamtuf.blogspot.jp/2014/09/bash-bug-apply-unofficial-patch-now.html"
},
{
"trust": 0.8,
"url": "http://www.aratana.jp/security/detail.php?id=10"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-6277"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-7187"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-7169"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-7186"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-6271"
},
{
"trust": 0.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-344-01"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu97220341/index.html"
},
{
"trust": 0.8,
"url": "http://jvndb.jvn.jp/ja/contents/2014/jvndb-2014-004433.html"
},
{
"trust": 0.8,
"url": "http://jvndb.jvn.jp/ja/contents/2014/jvndb-2014-004476.html"
},
{
"trust": 0.8,
"url": "http://jvndb.jvn.jp/ja/contents/2014/jvndb-2014-004399.html"
},
{
"trust": 0.8,
"url": "http://jvndb.jvn.jp/ja/contents/2014/jvndb-2014-004432.html"
},
{
"trust": 0.8,
"url": "http://jvndb.jvn.jp/ja/contents/2014/jvndb-2014-004410.html"
},
{
"trust": 0.8,
"url": "http://jvndb.jvn.jp/ja/contents/2014/jvndb-2014-004431.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-7169"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-6271"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-6277"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-7187"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-7186"
},
{
"trust": 0.8,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
},
{
"trust": 0.8,
"url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
},
{
"trust": 0.3,
"url": "http://lcamtuf.blogspot.de/2014/09/bash-bug-apply-unofficial-patch-now.html"
},
{
"trust": 0.3,
"url": "http://www.gnu.org/software/bash/"
},
{
"trust": 0.3,
"url": "https://lists.gnu.org/archive/html/bug-bash/2014-10/msg00040.html"
},
{
"trust": 0.3,
"url": "https://supportcenter.checkpoint.com/supportcenter/portal?eventsubmit_dogoviewsolutiondetails=\u0026solutionid=sk102673"
},
{
"trust": 0.3,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=kb83017"
},
{
"trust": 0.3,
"url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_bash"
},
{
"trust": 0.3,
"url": "http://lcamtuf.blogspot.in/2014/09/quick-notes-about-bash-bug-its-impact.html"
},
{
"trust": 0.3,
"url": "http://www.fortiguard.com/advisory/fg-ir-14-030/"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/connections/blogs/psirt/entry/security_bulletin_vulnerabilities_in_bash_affect_certain_qlogic_products_that_ibm_resells_for_bladecenter_and_flex_system_products_cve_2014_6271_c"
},
{
"trust": 0.3,
"url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-notices/archive/hw-372538.htm"
},
{
"trust": 0.3,
"url": "http://support.f5.com/kb/en-us/solutions/public/15000/600/sol15629.html?ref=rss"
},
{
"trust": 0.3,
"url": "http://www.ibm.com/support/docview.wss?uid=ssg1s1004932"
},
{
"trust": 0.3,
"url": "http://www.ibm.com/support/docview.wss?uid=swg21686433"
},
{
"trust": 0.3,
"url": "http://www.ibm.com/support/docview.wss?uid=isg3t1021361"
},
{
"trust": 0.3,
"url": "http://www.ibm.com/support/docview.wss?uid=swg21686494"
},
{
"trust": 0.3,
"url": "http://www.ibm.com/support/docview.wss?uid=swg21686445"
},
{
"trust": 0.3,
"url": "http://www.ibm.com/support/docview.wss?uid=ssg1s1004903"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004928"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004911"
},
{
"trust": 0.3,
"url": "http://www.ibm.com/support/docview.wss?uid=swg21686479"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04497075"
},
{
"trust": 0.3,
"url": "http://seclists.org/fulldisclosure/2014/oct/25"
},
{
"trust": 0.3,
"url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10661\u0026cat=sirt_1\u0026actp=list"
},
{
"trust": 0.3,
"url": "https://downloads.avaya.com/css/p8/documents/100183172"
},
{
"trust": 0.3,
"url": "https://ics-cert.us-cert.gov/advisories/supplement-icsa-14-269-01"
},
{
"trust": 0.3,
"url": "http://www.kb.cert.org/vuls/id/bluu-9paps5"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04479398"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04479402"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04479601"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04479505"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04479492"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04475942"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04471532"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04488200"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04478866"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04479536"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04540692"
},
{
"trust": 0.3,
"url": "http://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04561445"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04471546"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04471538"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04497042"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04512907 "
},
{
"trust": 0.3,
"url": "http://seclists.org/bugtraq/2015/feb/76"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04558068"
},
{
"trust": 0.3,
"url": "http://seclists.org/bugtraq/2015/feb/77"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04487558"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04487573"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04496383"
},
{
"trust": 0.3,
"url": "http://www.kb.cert.org/vuls/id/bluu-9paptm"
},
{
"trust": 0.3,
"url": "http://www.kb.cert.org/vuls/id/bluu-9paptz"
},
{
"trust": 0.3,
"url": "https://www.xerox.com/download/security/security-bulletin/1a2e5-5116a33c2fb27/cert_security_mini-_bulletin_xrx15k_for_77xx_r15-03_v1.0.pdf"
},
{
"trust": 0.3,
"url": "https://www.xerox.com/download/security/security-bulletin/2b8d8-513128526dd97/cert_security_mini-_bulletin_xrx15m_for_wc75xx_v1_1.pdf"
},
{
"trust": 0.3,
"url": "https://www.xerox.com/download/security/security-bulletin/2eeef-51056e459c6d8/cert_security_mini-_bulletin_xrx15h_for_p7800_v1_0.pdf"
},
{
"trust": 0.3,
"url": "https://www.xerox.com/download/security/security-bulletin/2a20e-5105457a515cc/cert_security_mini-_bulletin_xrx15e_for_wc57xx_v1_0.pdf"
},
{
"trust": 0.3,
"url": "https://www.xerox.com/download/security/security-bulletin/2a901-510567b876a35/cert_security_mini-_bulletin_xrx15g_for_p6700_v1_0.pdf"
},
{
"trust": 0.3,
"url": "https://www.xerox.com/download/security/security-bulletin/29a7e-50e49f9c009f9/cert_security_mini_bulletin_xrx14g_for_77xx_v1.1.pdf"
},
{
"trust": 0.3,
"url": "https://www.xerox.com/download/security/security-bulletin/1a7a1-50f12e334b734/cert_security_mini-_bulletin_xrx14h_for_wc59xx_v1.pdf"
},
{
"trust": 0.3,
"url": "https://www.xerox.com/download/security/security-bulletin/2df3c-51055b159fd50/cert_security_mini_bulletin_xrx15f_for_connectkey_1.5_v1-01.pdf"
},
{
"trust": 0.3,
"url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-377648.htm"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=ssg1s1004982"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=ssg1s1004879"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685873"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21686132"
},
{
"trust": 0.3,
"url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5096533"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21686024"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686037"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21685733"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686171"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21686098"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685875"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=nas8n1020272"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21685541"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=ssg1s1004905"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685673"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21685837"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21687971"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685691"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004933"
},
{
"trust": 0.3,
"url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5096503"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004945"
},
{
"trust": 0.3,
"url": "https://downloads.avaya.com/css/p8/documents/100183088"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2104-6277"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2104-6278"
},
{
"trust": 0.2,
"url": "https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetsea"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/78.html"
},
{
"trust": 0.1,
"url": "https://www.securityfocus.com/bid/70166"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=35880"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/2380-1/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0224"
},
{
"trust": 0.1,
"url": "https://rhn.redhat.com/errata/rhsa-2014-1311.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-7196"
},
{
"trust": 0.1,
"url": "https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse"
},
{
"trust": 0.1,
"url": "https://www.ca.com"
},
{
"trust": 0.1,
"url": "https://support.ca.com/irj/portal/anonymous/phpsbpldgpg"
},
{
"trust": 0.1,
"url": "https://support.ca.com."
},
{
"trust": 0.1,
"url": "http://lcamtuf.blogspot.com/2014/09/quick-notes-about-bash-bug-its-impact.html"
},
{
"trust": 0.1,
"url": "http://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-026"
},
{
"trust": 0.1,
"url": "http://www.pcworld.com/article/2688932/improved-patch-tackles-new-shellshock-attack-vectors.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-6279"
},
{
"trust": 0.1,
"url": "https://code.google.com/p/american-fuzzy-lop"
},
{
"trust": 0.1,
"url": "http://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-027"
},
{
"trust": 0.1,
"url": "http://www.openwall.com/lists/oss-security/2014/09/25/13"
},
{
"trust": 0.1,
"url": "http://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-025"
},
{
"trust": 0.1,
"url": "http://support.openview.hp.com/selfsolve/document/km01194258"
},
{
"trust": 0.1,
"url": "http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na\u0026langcode=useng"
},
{
"trust": 0.1,
"url": "http://www.itrc.hp.com/service/cki/secbullarchive.do"
},
{
"trust": 0.1,
"url": "https://my.vertica.com"
},
{
"trust": 0.1,
"url": "http://h30046.www3.hp.com/subsignin.php"
},
{
"trust": 0.1,
"url": "http://h20272.www2.hp.com/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2014-6278"
},
{
"db": "BID",
"id": "70166"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004476"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-000126"
},
{
"db": "PACKETSTORM",
"id": "128764"
},
{
"db": "PACKETSTORM",
"id": "130336"
},
{
"db": "PACKETSTORM",
"id": "130988"
},
{
"db": "PACKETSTORM",
"id": "128567"
},
{
"db": "PACKETSTORM",
"id": "129068"
},
{
"db": "PACKETSTORM",
"id": "128752"
},
{
"db": "PACKETSTORM",
"id": "128520"
},
{
"db": "PACKETSTORM",
"id": "128666"
},
{
"db": "PACKETSTORM",
"id": "128763"
},
{
"db": "PACKETSTORM",
"id": "129617"
},
{
"db": "PACKETSTORM",
"id": "128760"
},
{
"db": "NVD",
"id": "CVE-2014-6278"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2014-6278"
},
{
"db": "BID",
"id": "70166"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004476"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-000126"
},
{
"db": "PACKETSTORM",
"id": "128764"
},
{
"db": "PACKETSTORM",
"id": "130336"
},
{
"db": "PACKETSTORM",
"id": "130988"
},
{
"db": "PACKETSTORM",
"id": "128567"
},
{
"db": "PACKETSTORM",
"id": "129068"
},
{
"db": "PACKETSTORM",
"id": "128752"
},
{
"db": "PACKETSTORM",
"id": "128520"
},
{
"db": "PACKETSTORM",
"id": "128666"
},
{
"db": "PACKETSTORM",
"id": "128763"
},
{
"db": "PACKETSTORM",
"id": "129617"
},
{
"db": "PACKETSTORM",
"id": "128760"
},
{
"db": "NVD",
"id": "CVE-2014-6278"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-09-30T00:00:00",
"db": "VULMON",
"id": "CVE-2014-6278"
},
{
"date": "2014-09-27T00:00:00",
"db": "BID",
"id": "70166"
},
{
"date": "2014-10-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-004476"
},
{
"date": "2014-10-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-000126"
},
{
"date": "2014-10-20T17:57:00",
"db": "PACKETSTORM",
"id": "128764"
},
{
"date": "2015-02-10T17:43:27",
"db": "PACKETSTORM",
"id": "130336"
},
{
"date": "2015-03-24T17:07:02",
"db": "PACKETSTORM",
"id": "130988"
},
{
"date": "2014-10-06T16:47:01",
"db": "PACKETSTORM",
"id": "128567"
},
{
"date": "2014-11-12T18:13:39",
"db": "PACKETSTORM",
"id": "129068"
},
{
"date": "2014-10-20T13:14:00",
"db": "PACKETSTORM",
"id": "128752"
},
{
"date": "2014-10-01T23:55:55",
"db": "PACKETSTORM",
"id": "128520"
},
{
"date": "2014-10-14T23:07:16",
"db": "PACKETSTORM",
"id": "128666"
},
{
"date": "2014-10-20T17:55:00",
"db": "PACKETSTORM",
"id": "128763"
},
{
"date": "2014-12-17T18:27:35",
"db": "PACKETSTORM",
"id": "129617"
},
{
"date": "2014-10-20T17:03:00",
"db": "PACKETSTORM",
"id": "128760"
},
{
"date": "2014-09-30T10:55:04.723000",
"db": "NVD",
"id": "CVE-2014-6278"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-11-17T00:00:00",
"db": "VULMON",
"id": "CVE-2014-6278"
},
{
"date": "2016-07-05T21:53:00",
"db": "BID",
"id": "70166"
},
{
"date": "2015-12-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-004476"
},
{
"date": "2015-12-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-000126"
},
{
"date": "2021-11-17T22:15:36.700000",
"db": "NVD",
"id": "CVE-2014-6278"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "70166"
}
],
"trust": 0.3
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GNU bash Vulnerable to arbitrary command execution",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-004476"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "70166"
}
],
"trust": 0.3
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.