Описание
GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271.
It was found that the fix for CVE-2014-6271 was incomplete, and Bash still allowed certain characters to be injected into other environments via specially crafted environment variables. An attacker could potentially use this flaw to override or bypass environment restrictions to execute shell commands. Certain services and applications allow remote unauthenticated attackers to provide environment variables, allowing them to exploit this issue.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 3 | bash | Affected | ||
| Red Hat Enterprise Linux Extended Update Support 5.6 | bash | Affected | ||
| Red Hat Enterprise Linux 4 Extended Lifecycle Support | bash | Fixed | RHSA-2014:1311 | 26.09.2014 |
| Red Hat Enterprise Linux 5 | bash | Fixed | RHSA-2014:1306 | 26.09.2014 |
| Red Hat Enterprise Linux 5.6 Long Life | bash | Fixed | RHSA-2014:1311 | 26.09.2014 |
| Red Hat Enterprise Linux 5.9 Extended Update Support | bash | Fixed | RHSA-2014:1311 | 26.09.2014 |
| Red Hat Enterprise Linux 6 | bash | Fixed | RHSA-2014:1306 | 26.09.2014 |
| Red Hat Enterprise Linux 6.2 Advanced Update Support | bash | Fixed | RHSA-2014:1311 | 26.09.2014 |
| Red Hat Enterprise Linux 6.4 Extended Update Support | bash | Fixed | RHSA-2014:1311 | 26.09.2014 |
| Red Hat Enterprise Linux 7 | bash | Fixed | RHSA-2014:1306 | 26.09.2014 |
Показывать по
Дополнительная информация
Статус:
EPSS
5.1 Medium
CVSS2
Связанные уязвимости
GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271.
GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271.
GNU Bash through 4.3 bash43-025 processes trailing strings after certa ...
GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271.
EPSS
5.1 Medium
CVSS2