Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

CVE-2014-6277

Disclosure Date: September 27, 2014
Exploited in the Wild
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access, and untrusted-pointer read and write operations) via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271 and CVE-2014-7169.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
None
Impact Score:
Unknown
Exploitability Score:
Unknown
Vector:
Unknown
Attack Vector (AV):
Unknown
Attack Complexity (AC):
Unknown
Privileges Required (PR):
Unknown
User Interaction (UI):
Unknown
Scope (S):
Unknown
Confidentiality (C):
Unknown
Integrity (I):
Unknown
Availability (A):
Unknown

General Information

Vendors

  • gnu

Products

  • bash 1.14.0,
  • bash 1.14.1,
  • bash 1.14.2,
  • bash 1.14.3,
  • bash 1.14.4,
  • bash 1.14.5,
  • bash 1.14.6,
  • bash 1.14.7,
  • bash 2.0,
  • bash 2.01,
  • bash 2.01.1,
  • bash 2.02,
  • bash 2.02.1,
  • bash 2.03,
  • bash 2.04,
  • bash 2.05,
  • bash 3.0,
  • bash 3.0.16,
  • bash 3.1,
  • bash 3.2,
  • bash 3.2.48,
  • bash 4.0,
  • bash 4.1,
  • bash 4.2,
  • bash 4.3

Exploited in the Wild

Reported by:

References

Advisory

Additional Info

Technical Analysis