CVE-2014-6277
Description
GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access, and untrusted-pointer read and write operations) via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271 and CVE-2014-7169.
Risk Information
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple vulnerabilities are fixed in OS X El Capitan 10.11.6 Update | Mac |
| Multiple vulnerabilities are fixed in OS X El Capitan 10.11.6 Combo Update | Mac |
| Multiple vulnerabilities are fixed in OS X El Capitan 10.11.5 Update | Mac |
| Multiple vulnerabilities are fixed in OS X El Capitan 10.11.5 Combo Update | Mac |
| Multiple vulnerabilities are fixed in OS X El Capitan 10.11.4 Update | Mac |
| Multiple vulnerabilities are fixed in OS X El Capitan 10.11.4 Combo Update | Mac |
| Multiple vulnerabilities are fixed in OS X El Capitan 10.11.3 Update | Mac |
| Multiple vulnerabilities are fixed in OS X El Capitan 10.11.2 Update | Mac |
| Multiple vulnerabilities are fixed in OS X El Capitan 10.11.1 Update | Mac |
| SUSE-SU-2016:2872-1(SUSE Linux Enterprise Desktop 12-SP1 ) bash-4.2-82.1.x86_64.rpm | Linux |
| SUSE-SU-2016:2872-1(SUSE Linux Enterprise Desktop 12-SP1 ) bash-debuginfo-4.2-82.1.x86_64.rpm | Linux |
| SUSE-SU-2016:2872-1(SUSE Linux Enterprise Desktop 12-SP1 ) bash-debugsource-4.2-82.1.x86_64.rpm | Linux |
| SUSE-SU-2016:2872-1(SUSE Linux Enterprise Desktop 12-SP1 ) bash-doc-4.2-82.1.noarch.rpm | Linux |
| SUSE-SU-2016:2872-1(SUSE Linux Enterprise Desktop 12-SP1 ) bash-lang-4.2-82.1.noarch.rpm | Linux |
| SUSE-SU-2016:2872-1(SUSE Linux Enterprise Desktop 12-SP1 ) libreadline6-6.2-82.1.x86_64.rpm | Linux |
| SUSE-SU-2016:2872-1(SUSE Linux Enterprise Desktop 12-SP1 ) libreadline6-32bit-6.2-82.1.x86_64.rpm | Linux |
| SUSE-SU-2016:2872-1(SUSE Linux Enterprise Desktop 12-SP1 ) libreadline6-debuginfo-6.2-82.1.x86_64.rpm | Linux |
| SUSE-SU-2016:2872-1(SUSE Linux Enterprise Desktop 12-SP1 ) libreadline6-debuginfo-32bit-6.2-82.1.x86_64.rpm | Linux |
| SUSE-SU-2016:2872-1(SUSE Linux Enterprise Desktop 12-SP1 ) readline-doc-6.2-82.1.noarch.rpm | Linux |
| GNU Bash Environment Variable Command Injection Vulnerability For Cisco IOS XE Software | NCM |
| GNU Bash Environment Variable Command Injection Vulnerability For Cisco NX-OS Software | NCM |
| Improper Neutralization of Special Elements used in an OS Command (OS Command Injection) Vulnerability (CVE-2014-6277) | NCM |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-1706107 | Security Update for Cisco IOS XE Software 5.2(1)SV5(1.3a) |
| PATCH-1706149 | Security Update for Cisco NX-OS Software 4.1(3a)UCSM |
| PATCH-600753 | OS X El Capitan 10.11.6 Update |
| PATCH-600754 | OS X El Capitan 10.11.6 Combo Update |
| PATCH-600753 | OS X El Capitan 10.11.6 Update |
| PATCH-600754 | OS X El Capitan 10.11.6 Combo Update |
| PATCH-600753 | OS X El Capitan 10.11.6 Update |
| PATCH-600754 | OS X El Capitan 10.11.6 Combo Update |
| PATCH-600753 | OS X El Capitan 10.11.6 Update |
| PATCH-600753 | OS X El Capitan 10.11.6 Update |
| PATCH-600753 | OS X El Capitan 10.11.6 Update |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234