Home

CVE-2014-6271

Description

GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka ShellShock. NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.

Risk Information

Base Score
9.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
94.22

Associated Vulnerability

VulnerabilityOS Platform
Multiple vulnerabilities are fixed in OS X Yosemite 10.10.5 UpdateMac
Multiple vulnerabilities are fixed in OS X Yosemite 10.10.5 Combo UpdateMac
GNU Bourne Again SHell (USN-2362-1) bash_4.2-2ubuntu2.6_i386.debLinux
GNU Bourne Again SHell (USN-2362-1) bash_4.2-2ubuntu2.6_amd64.debLinux
GNU Bourne Again SHell (USN-2362-1) bash_4.3-7ubuntu1.5_i386.debLinux
GNU Bourne Again SHell (USN-2362-1) bash_4.3-7ubuntu1.5_amd64.debLinux
bash security update(DSA-3035-1) bash_4.2+dfsg-0.1+deb7u3_i386.debLinux
GNU Bash Environment Variable Command Injection Vulnerability For Cisco IOS XE SoftwareNCM
GNU Bash Environment Variable Command Injection Vulnerability For Cisco NX-OS SoftwareNCM
GNU Bash Environment Variable Command Injection VulnerabilityNCM
Improper Neutralization of Special Elements used in an OS Command (OS Command Injection) Vulnerability (CVE-2014-6271)NCM

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-1706107Security Update for Cisco IOS XE Software 5.2(1)SV5(1.3a)
PATCH-1706149Security Update for Cisco NX-OS Software 4.1(3a)UCSM
PATCH-600354OS X Yosemite 10.10.5 Update
PATCH-600458OS X Yosemite 10.10.5 Combo Update

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234