CVE-2014-7169 | AttackerKB

Description

GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

9.8 Critical

Impact Score:

5.9

Exploitability Score:

3.9

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector (AV):

Network

Attack Complexity (AC):

Low

Privileges Required (PR):

None

User Interaction (UI):

None

Scope (S):

Unchanged

Confidentiality (C):

High

Integrity (I):

High

Availability (A):

High

Vendors

apple,
arista,
canonical,
checkpoint,
citrix,
debian,
f5,
gnu,
ibm,
mageia,
novell,
opensuse,
oracle,
qnap,
redhat,
suse,
vmware

Products

arx firmware,
bash,
big-ip access policy manager,
big-ip access policy manager 11.6.0,
big-ip advanced firewall manager,
big-ip advanced firewall manager 11.6.0,
big-ip analytics,
big-ip analytics 11.6.0,
big-ip application acceleration manager,
big-ip application acceleration manager 11.6.0,
big-ip application security manager,
big-ip application security manager 11.6.0,
big-ip edge gateway,
big-ip global traffic manager,
big-ip global traffic manager 11.6.0,
big-ip link controller,
big-ip link controller 11.6.0,
big-ip local traffic manager,
big-ip local traffic manager 11.6.0,
big-ip policy enforcement manager,
big-ip policy enforcement manager 11.6.0,
big-ip protocol security module,
big-ip wan optimization manager,
big-ip webaccelerator,
big-iq cloud,
big-iq device,
big-iq security,
debian linux 7.0,
enterprise linux 4.0,
enterprise linux 5.0,
enterprise linux 6.0,
enterprise linux 7.0,
enterprise linux desktop 5.0,
enterprise linux desktop 6.0,
enterprise linux desktop 7.0,
enterprise linux eus 5.9,
enterprise linux eus 6.4,
enterprise linux eus 6.5,
enterprise linux eus 7.3,
enterprise linux eus 7.4,
enterprise linux eus 7.5,
enterprise linux eus 7.6,
enterprise linux eus 7.7,
enterprise linux for ibm z systems 5.9 s390x,
enterprise linux for ibm z systems 6.4 s390x,
enterprise linux for ibm z systems 6.5 s390x,
enterprise linux for ibm z systems 7.3 s390x,
enterprise linux for ibm z systems 7.4 s390x,
enterprise linux for ibm z systems 7.5 s390x,
enterprise linux for ibm z systems 7.6 s390x,
enterprise linux for ibm z systems 7.7 s390x,
enterprise linux for power big endian 5.0 ppc,
enterprise linux for power big endian 5.9 ppc,
enterprise linux for power big endian 6.0 ppc64,
enterprise linux for power big endian 6.4 ppc64,
enterprise linux for power big endian 7.0 ppc64,
enterprise linux for power big endian eus 6.5 ppc64,
enterprise linux for power big endian eus 7.3 ppc64,
enterprise linux for power big endian eus 7.4 ppc64,
enterprise linux for power big endian eus 7.5 ppc64,
enterprise linux for power big endian eus 7.6 ppc64,
enterprise linux for power big endian eus 7.7 ppc64,
enterprise linux for scientific computing 6.0,
enterprise linux for scientific computing 7.0,
enterprise linux server 5.0,
enterprise linux server 6.0,
enterprise linux server 7.0,
enterprise linux server aus 5.6,
enterprise linux server aus 5.9,
enterprise linux server aus 6.2,
enterprise linux server aus 6.4,
enterprise linux server aus 6.5,
enterprise linux server aus 7.3,
enterprise linux server aus 7.4,
enterprise linux server aus 7.6,
enterprise linux server aus 7.7,
enterprise linux server from rhui 5.0,
enterprise linux server from rhui 6.0,
enterprise linux server from rhui 7.0,
enterprise linux server tus 6.5,
enterprise linux server tus 7.3,
enterprise linux server tus 7.6,
enterprise linux server tus 7.7,
enterprise linux workstation 5.0,
enterprise linux workstation 6.0,
enterprise linux workstation 7.0,
enterprise manager,
eos,
esx 4.0,
esx 4.1,
flex system v7000 firmware,
gluster storage server for on-premise 2.1,
infosphere guardium database activity monitoring 8.2,
infosphere guardium database activity monitoring 9.0,
infosphere guardium database activity monitoring 9.1,
linux 4,
linux 5,
linux 6,
linux enterprise desktop 11,
linux enterprise desktop 12,
linux enterprise server 10,
linux enterprise server 11,
linux enterprise server 12,
linux enterprise software development kit 11,
linux enterprise software development kit 12,
mac os x,
mageia 3.0,
mageia 4.0,
netscaler sdx firmware,
open enterprise server 11.0,
open enterprise server 2.0,
opensuse 12.3,
opensuse 13.1,
opensuse 13.2,
pureapplication system,
pureapplication system 2.0.0.0,
qradar risk manager 7.1.0,
qradar security information and event manager 7.1.0,
qradar security information and event manager 7.1.1,
qradar security information and event manager 7.1.2,
qradar security information and event manager 7.2,
qradar security information and event manager 7.2.0,
qradar security information and event manager 7.2.1,
qradar security information and event manager 7.2.2,
qradar security information and event manager 7.2.3,
qradar security information and event manager 7.2.4,
qradar security information and event manager 7.2.5,
qradar security information and event manager 7.2.6,
qradar security information and event manager 7.2.7,
qradar security information and event manager 7.2.8,
qradar security information and event manager 7.2.8.15,
qradar security information and event manager 7.2.9,
qradar vulnerability manager 7.2.0,
qradar vulnerability manager 7.2.1,
qradar vulnerability manager 7.2.2,
qradar vulnerability manager 7.2.3,
qradar vulnerability manager 7.2.4,
qradar vulnerability manager 7.2.6,
qradar vulnerability manager 7.2.8,
qts,
qts 4.1.1,
san volume controller firmware,
security access manager for mobile 8.0 firmware 8.0.0.1,
security access manager for mobile 8.0 firmware 8.0.0.2,
security access manager for mobile 8.0 firmware 8.0.0.3,
security access manager for mobile 8.0 firmware 8.0.0.5,
security access manager for web 7.0 firmware 7.0.0.1,
security access manager for web 7.0 firmware 7.0.0.2,
security access manager for web 7.0 firmware 7.0.0.3,
security access manager for web 7.0 firmware 7.0.0.4,
security access manager for web 7.0 firmware 7.0.0.5,
security access manager for web 7.0 firmware 7.0.0.6,
security access manager for web 7.0 firmware 7.0.0.7,
security access manager for web 7.0 firmware 7.0.0.8,
security access manager for web 8.0 firmware 8.0.0.2,
security access manager for web 8.0 firmware 8.0.0.3,
security access manager for web 8.0 firmware 8.0.0.5,
security gateway,
smartcloud entry appliance 2.3.0,
smartcloud entry appliance 2.4.0,
smartcloud entry appliance 3.1.0,
smartcloud entry appliance 3.2.0,
smartcloud provisioning 2.1.0,
software defined network for virtual environments,
starter kit for cloud 2.2.0,
stn6500 firmware,
stn6800 firmware,
stn7800 firmware,
storwize v3500 firmware,
storwize v3700 firmware,
storwize v5000 firmware,
storwize v7000 firmware,
studio onsite 1.3,
traffix signaling delivery controller,
traffix signaling delivery controller 3.3.2,
traffix signaling delivery controller 3.4.1,
traffix signaling delivery controller 3.5.1,
traffix signaling delivery controller 4.1.0,
ubuntu linux 10.04,
ubuntu linux 12.04,
ubuntu linux 14.04,
vcenter server appliance 5.0,
vcenter server appliance 5.1,
vcenter server appliance 5.5,
virtualization 3.4,
workload deployer,
zenworks configuration management 10.3,
zenworks configuration management 11,
zenworks configuration management 11.1,
zenworks configuration management 11.2,
zenworks configuration management 11.3.0

Exploited in the Wild

Reported by:

mkienow-r7 indicated source as Government or Industry Alert (https://www.cisa.gov/known-exploited-vulnerabilities-catalog)

Reported: January 29, 2022 12:23am UTC (2 years ago)

AttackerKB Worker indicated source as Government or Industry Alert (https://www.cisa.gov/news-events/alerts/2022/01/28/cisa-adds-eight-known-exploited-vulnerabilities-catalog)

Reported: November 08, 2024 8:29am UTC (1 month ago)

References

Canonical

CVE-2014-7169 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169)

Advisory

http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004897

http://www-01.ibm.com/support/docview.wss?uid=swg21685749

[oss-security] 20140924 Re: CVE-2014-6271: remote code execution through bash (http://www.openwall.com/lists/oss-security/2014/09/24/32)

HPSBMU03165 (http://marc.info?l=bugtraq&m=141577137423233&w=2)

HPSBHF03119 (http://marc.info?l=bugtraq&m=141216668515282&w=2)

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk102673&src=securityAlerts

HPSBST03131 (http://marc.info?l=bugtraq&m=141383138121313&w=2)

SSRT101819 (http://marc.info?l=bugtraq&m=142721162228379&w=2)

20141001 NEW VMSA-2014-0010 - VMware product updates address critical Bash security vulnerabilities (http://www.securityfocus.com/archive/1/533593/100/0/threaded)

HPSBMU03245 (http://marc.info?l=bugtraq&m=142358026505815&w=2)

http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00038.html

http://www-01.ibm.com/support/docview.wss?uid=swg21686084

http://www-01.ibm.com/support/docview.wss?uid=swg21686479

SECUNIA-61188 (http://secunia.com/advisories/61188)

JVN#55667175 (http://jvn.jp/en/jp/JVN55667175/index.html)

SECUNIA-61676 (http://secunia.com/advisories/61676)

http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00044.html

SECUNIA-60433 (http://secunia.com/advisories/60433)

HPSBMU03143 (http://marc.info?l=bugtraq&m=141383026420882&w=2)

HPSBMU03182 (http://marc.info?l=bugtraq&m=141585637922673&w=2)

http://rhn.redhat.com/errata/RHSA-2014-1306.html

HPSBST03155 (http://marc.info?l=bugtraq&m=141576728022234&w=2)

http://www-01.ibm.com/support/docview.wss?uid=swg21685541

SECUNIA-61715 (http://secunia.com/advisories/61715)

USN-2363-2 (http://www.ubuntu.com/usn/USN-2363-2)

http://www.oracle.com/technetwork/topics/security/bashcve-2014-7169-2317675.html

SECUNIA-61816 (http://secunia.com/advisories/61816)

http://lists.opensuse.org/opensuse-updates/2014-10/msg00025.html

SECUNIA-61442 (http://secunia.com/advisories/61442)

HPSBMU03246 (http://marc.info?l=bugtraq&m=142358078406056&w=2)

HPSBST03195 (http://marc.info?l=bugtraq&m=142805027510172&w=2)

SECUNIA-61283 (http://secunia.com/advisories/61283)

SSRT101711 (http://marc.info?l=bugtraq&m=142113462216480&w=2)

https://kc.mcafee.com/corporate/index?page=content&id=SB10085

http://lists.opensuse.org/opensuse-updates/2014-10/msg00023.html

SECUNIA-61654 (http://secunia.com/advisories/61654)

http://www.novell.com/support/kb/doc.php?id=7015701

http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096315

SECUNIA-62312 (http://secunia.com/advisories/62312)

SECUNIA-59272 (http://secunia.com/advisories/59272)

HPSBST03122 (http://marc.info?l=bugtraq&m=141319209015420&w=2)

https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15629.html

HPSBMU03217 (http://marc.info?l=bugtraq&m=141879528318582&w=2)

http://rhn.redhat.com/errata/RHSA-2014-1312.html

http://www-01.ibm.com/support/docview.wss?uid=swg21685604

USN-2363-1 (http://www.ubuntu.com/usn/USN-2363-1)

SSRT101868 (http://marc.info?l=bugtraq&m=142118135300698&w=2)

SECUNIA-61703 (http://secunia.com/advisories/61703)

http://support.apple.com/kb/HT6495

VU#252743 (http://www.kb.cert.org/vuls/id/252743)

SECUNIA-61065 (http://secunia.com/advisories/61065)

http://linux.oracle.com/errata/ELSA-2014-3075.html

HPSBST03129 (http://marc.info?l=bugtraq&m=141383196021590&w=2)

HPSBMU03144 (http://marc.info?l=bugtraq&m=141383081521087&w=2)

http://www-01.ibm.com/support/docview.wss?uid=swg21686445

http://support.novell.com/security/cve/CVE-2014-7169.html

http://www-01.ibm.com/support/docview.wss?uid=swg21686131

JVNDB-2014-000126 (http://jvndb.jvn.jp/jvndb/JVNDB-2014-000126)

TA14-268A (http://www.us-cert.gov/ncas/alerts/TA14-268A)

SECUNIA-61641 (http://secunia.com/advisories/61641)

http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00042.html

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10648

https://access.redhat.com/node/1200223

http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00004.html

http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004898

APPLE-SA-2014-10-16-1 (http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html)

http://www-01.ibm.com/support/docview.wss?uid=swg21685914

20141001 FW: NEW VMSA-2014-0010 - VMware product updates address critical Bash security vulnerabilities (http://seclists.org/fulldisclosure/2014/Oct/0)

http://www.mandriva.com/security/advisories?name=MDVSA-2015:164

SECUNIA-61619 (http://secunia.com/advisories/61619)

http://linux.oracle.com/errata/ELSA-2014-3078.html

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04497075

SECUNIA-60325 (http://secunia.com/advisories/60325)

https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes

SECUNIA-60024 (http://secunia.com/advisories/60024)

EXPLOIT-DB-34879 (https://www.exploit-db.com/exploits/34879)

SECUNIA-61622 (http://secunia.com/advisories/61622)

https://access.redhat.com/articles/1200223

SECUNIA-62343 (http://secunia.com/advisories/62343)

http://advisories.mageia.org/MGASA-2014-0393.html

SECUNIA-61565 (http://secunia.com/advisories/61565)

https://www.suse.com/support/shellshock

HPSBST03157 (http://marc.info?l=bugtraq&m=141450491804793&w=2)

SECUNIA-61313 (http://secunia.com/advisories/61313)

SECUNIA-61873 (http://secunia.com/advisories/61873)

SECUNIA-61485 (http://secunia.com/advisories/61485)

http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00041.html

SECUNIA-61618 (http://secunia.com/advisories/61618)

SECUNIA-60947 (http://secunia.com/advisories/60947)

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04518183

https://support.apple.com/kb/HT6535

HPSBST03154 (http://marc.info?l=bugtraq&m=141577297623641&w=2)

http://www-01.ibm.com/support/docview.wss?uid=isg3T1021272

HPSBGN03142 (http://marc.info?l=bugtraq&m=141383244821813&w=2)

SECUNIA-61312 (http://secunia.com/advisories/61312)

SECUNIA-60193 (http://secunia.com/advisories/60193)

http://www.vmware.com/security/advisories/VMSA-2014-0010.html

SECUNIA-61479 (http://secunia.com/advisories/61479)

SECUNIA-60063 (http://secunia.com/advisories/60063)

SECUNIA-60034 (http://secunia.com/advisories/60034)

HPSBMU03133 (http://marc.info?l=bugtraq&m=141330425327438&w=2)

SECUNIA-59907 (http://secunia.com/advisories/59907)

SECUNIA-58200 (http://secunia.com/advisories/58200)

HPSBST03181 (http://marc.info?l=bugtraq&m=141577241923505&w=2)

SECUNIA-61643 (http://secunia.com/advisories/61643)

http://www.novell.com/support/kb/doc.php?id=7015721

http://www-01.ibm.com/support/docview.wss?uid=swg21687079

SECUNIA-61503 (http://secunia.com/advisories/61503)

http://www-01.ibm.com/support/docview.wss?uid=swg21686246

http://rhn.redhat.com/errata/RHSA-2014-1354.html

HPSBGN03117 (http://marc.info?l=bugtraq&m=141216207813411&w=2)

http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004915

HPSBHF03145 (http://marc.info?l=bugtraq&m=141383465822787&w=2)

http://www.qnap.com/i/en/support/con_show.php?cid=61

HPSBST03148 (http://marc.info?l=bugtraq&m=141694386919794&w=2)

SECUNIA-61552 (http://secunia.com/advisories/61552)

SECUNIA-61780 (http://secunia.com/advisories/61780)

http://www-01.ibm.com/support/docview.wss?uid=isg3T1021279

https://support.citrix.com/article/CTX200223

http://linux.oracle.com/errata/ELSA-2014-3077.html

http://www-01.ibm.com/support/docview.wss?uid=swg21686447

SECUNIA-62228 (http://secunia.com/advisories/62228)

HPSBGN03138 (http://marc.info?l=bugtraq&m=141330468527613&w=2)

SECUNIA-61855 (http://secunia.com/advisories/61855)

HPSBHF03124 (http://marc.info?l=bugtraq&m=141235957116749&w=2)

SECUNIA-60044 (http://secunia.com/advisories/60044)

SECUNIA-61291 (http://secunia.com/advisories/61291)

HPSBHF03125 (http://marc.info?l=bugtraq&m=141345648114150&w=2)

SECUNIA-59737 (http://secunia.com/advisories/59737)

SECUNIA-61287 (http://secunia.com/advisories/61287)

HPSBHF03146 (http://marc.info?l=bugtraq&m=141383353622268&w=2)

SECUNIA-61711 (http://secunia.com/advisories/61711)

http://www-01.ibm.com/support/docview.wss?uid=isg3T1021361

HPSBGN03141 (http://marc.info?l=bugtraq&m=141383304022067&w=2)

http://rhn.redhat.com/errata/RHSA-2014-1311.html

SECUNIA-61128 (http://secunia.com/advisories/61128)

DSA-3035 (http://www.debian.org/security/2014/dsa-3035)

https://support.citrix.com/article/CTX200217

SECUNIA-61471 (http://secunia.com/advisories/61471)

SECUNIA-60055 (http://secunia.com/advisories/60055)

20140926 GNU Bash Environmental Variable Command Injection Vulnerability (http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash)

SECUNIA-61550 (http://secunia.com/advisories/61550)

SECUNIA-61633 (http://secunia.com/advisories/61633)

http://www-01.ibm.com/support/docview.wss?uid=swg21686494

http://linux.oracle.com/errata/ELSA-2014-1306.html

https://kb.bluecoat.com/index?page=content&id=SA82

http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00048.html

SECUNIA-61328 (http://secunia.com/advisories/61328)

http://www-01.ibm.com/support/docview.wss?uid=swg21685733

SECUNIA-61129 (http://secunia.com/advisories/61129)

SECUNIA-61700 (http://secunia.com/advisories/61700)

SECUNIA-61626 (http://secunia.com/advisories/61626)

SECUNIA-61603 (http://secunia.com/advisories/61603)

SECUNIA-61857 (http://secunia.com/advisories/61857)

http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004879

HPSBMU03165 (http://marc.info/?l=bugtraq&m=141577137423233&w=2)

HPSBHF03119 (http://marc.info/?l=bugtraq&m=141216668515282&w=2)

HPSBST03131 (http://marc.info/?l=bugtraq&m=141383138121313&w=2)

SSRT101819 (http://marc.info/?l=bugtraq&m=142721162228379&w=2)

HPSBMU03245 (http://marc.info/?l=bugtraq&m=142358026505815&w=2)

HPSBMU03143 (http://marc.info/?l=bugtraq&m=141383026420882&w=2)

HPSBMU03182 (http://marc.info/?l=bugtraq&m=141585637922673&w=2)

HPSBST03155 (http://marc.info/?l=bugtraq&m=141576728022234&w=2)

HPSBMU03246 (http://marc.info/?l=bugtraq&m=142358078406056&w=2)

HPSBST03195 (http://marc.info/?l=bugtraq&m=142805027510172&w=2)

SSRT101711 (http://marc.info/?l=bugtraq&m=142113462216480&w=2)

HPSBST03122 (http://marc.info/?l=bugtraq&m=141319209015420&w=2)

HPSBMU03217 (http://marc.info/?l=bugtraq&m=141879528318582&w=2)

SSRT101868 (http://marc.info/?l=bugtraq&m=142118135300698&w=2)

HPSBST03129 (http://marc.info/?l=bugtraq&m=141383196021590&w=2)

HPSBMU03144 (http://marc.info/?l=bugtraq&m=141383081521087&w=2)

EXPLOIT-DB-34879 (https://www.exploit-db.com/exploits/34879/)

https://www.suse.com/support/shellshock/

HPSBST03157 (http://marc.info/?l=bugtraq&m=141450491804793&w=2)

HPSBST03154 (http://marc.info/?l=bugtraq&m=141577297623641&w=2)

HPSBGN03142 (http://marc.info/?l=bugtraq&m=141383244821813&w=2)

HPSBMU03133 (http://marc.info/?l=bugtraq&m=141330425327438&w=2)

HPSBST03181 (http://marc.info/?l=bugtraq&m=141577241923505&w=2)

HPSBGN03117 (http://marc.info/?l=bugtraq&m=141216207813411&w=2)

HPSBHF03145 (http://marc.info/?l=bugtraq&m=141383465822787&w=2)

HPSBST03148 (http://marc.info/?l=bugtraq&m=141694386919794&w=2)

HPSBGN03138 (http://marc.info/?l=bugtraq&m=141330468527613&w=2)

HPSBHF03124 (http://marc.info/?l=bugtraq&m=141235957116749&w=2)

HPSBHF03125 (http://marc.info/?l=bugtraq&m=141345648114150&w=2)

HPSBHF03146 (http://marc.info/?l=bugtraq&m=141383353622268&w=2)

HPSBGN03141 (http://marc.info/?l=bugtraq&m=141383304022067&w=2)

Miscellaneous

http://packetstormsecurity.com/files/128517/VMware-Security-Advisory-2014-0010.html

http://packetstormsecurity.com/files/128567/CA-Technologies-GNU-Bash-Shellshock.html

http://lcamtuf.blogspot.com/2014/09/quick-notes-about-bash-bug-its-impact.html

http://twitter.com/taviso/statuses/514887394294652929

https://www.arista.com/en/support/advisories-notices/security-advisories/1008-security-advisory-0006

Rapid7

Technical Analysis