Уязвимость CVE-2014-7169: Информация

Описание

GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271.

Важность: CRITICAL (10,0)

URL: https://nvd.nist.gov/vuln/detail/CVE-2014-7169

Опубликовано: 25 сентября 2014 г.

Изменено: 18 ноября 2021 г.

Идентификатор типа ошибки: CWE-78

Исправленные пакеты

Имя пакета	Ветка	Исправлено в версии	Версия в репозитории	Errata ID	№ Задания	Состояние
bash	c7	3.2.54-alt0.M70P.1	3.2.54-alt0.M70P.1.M70C.1	ALT-PU-2014-2216-1	131197	Исправлено
bash4	sisyphus	4.2.49-alt1	4.4.23-alt1	ALT-PU-2014-2201-1	131126	Исправлено
bash4	p10	4.2.49-alt1	4.4.23-alt1	ALT-PU-2014-2201-1	131126	Исправлено
bash4	p9	4.2.49-alt1	4.4.23-alt1	ALT-PU-2014-2201-1	131126	Исправлено
bash4	c10f1	4.2.49-alt1	4.4.23-alt1	ALT-PU-2014-2201-1	131126	Исправлено
bash4	c9f2	4.2.49-alt1	4.4.23-alt1	ALT-PU-2014-2201-1	131126	Исправлено

Ссылки на рекомендации, решения и инструменты

Ссылка	Ресурс
http://twitter.com/taviso/statuses/514887394294652929
[oss-security] 20140924 Re: CVE-2014-6271: remote code execution through bash
http://lcamtuf.blogspot.com/2014/09/quick-notes-about-bash-bug-its-impact.html
USN-2363-1
TA14-268A	US Government Resource
20140926 GNU Bash Environmental Variable Command Injection Vulnerability
DSA-3035
VU#252743	US Government Resource
USN-2363-2
RHSA-2014:1306
https://www.suse.com/support/shellshock/
http://support.novell.com/security/cve/CVE-2014-7169.html
https://kb.bluecoat.com/index?page=content&id=SA82
http://support.apple.com/kb/HT6495
61626
59737
61641
http://linux.oracle.com/errata/ELSA-2014-3075.html
61700
61618
http://linux.oracle.com/errata/ELSA-2014-1306.html
http://linux.oracle.com/errata/ELSA-2014-3077.html
61676
http://www.novell.com/support/kb/doc.php?id=7015701
61622
http://linux.oracle.com/errata/ELSA-2014-3078.html
61479
61619
SUSE-SU-2014:1247
RHSA-2014:1311
RHSA-2014:1312
HPSBGN03117
openSUSE-SU-2014:1242
openSUSE-SU-2014:1229
HPSBHF03119
openSUSE-SU-2014:1254
SUSE-SU-2014:1259
61485
59907
61654
http://www-01.ibm.com/support/docview.wss?uid=swg21685749
http://packetstormsecurity.com/files/128567/CA-Technologies-GNU-Bash-Shellshock.html
HPSBHF03124
61565
61643
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10648
61633
61552
HPSBST03122
61283
61603
http://www-01.ibm.com/support/docview.wss?uid=isg3T1021272
http://www.vmware.com/security/advisories/VMSA-2014-0010.html
http://www.novell.com/support/kb/doc.php?id=7015721
61503
61711
61715
http://www-01.ibm.com/support/docview.wss?uid=swg21685914
61703
20141001 FW: NEW VMSA-2014-0010 - VMware product updates address critical Bash security vulnerabilities
http://packetstormsecurity.com/files/128517/VMware-Security-Advisory-2014-0010.html
http://www.oracle.com/technetwork/topics/security/bashcve-2014-7169-2317675.html
SUSE-SU-2014:1287
60947
http://www-01.ibm.com/support/docview.wss?uid=swg21686084
https://support.apple.com/kb/HT6535
61188
HPSBHF03125
APPLE-SA-2014-10-16-1
HPSBMU03133
HPSBGN03138
60034
61816
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004898
http://www-01.ibm.com/support/docview.wss?uid=swg21685733
61442
https://support.citrix.com/article/CTX200223
60055
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004897
61780
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004915
60193
http://www-01.ibm.com/support/docview.wss?uid=swg21685604
61855
60325
http://www-01.ibm.com/support/docview.wss?uid=swg21686131
61312
https://support.citrix.com/article/CTX200217
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004879
61128
61313
61287
http://www-01.ibm.com/support/docview.wss?uid=isg3T1021279
61129
http://www-01.ibm.com/support/docview.wss?uid=swg21686479
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096315
http://www-01.ibm.com/support/docview.wss?uid=swg21685541
https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15629.html
61471
61328
58200
61857
61065
61550
http://www-01.ibm.com/support/docview.wss?uid=swg21686494
60044
http://www-01.ibm.com/support/docview.wss?uid=swg21686445
http://www-01.ibm.com/support/docview.wss?uid=swg21687079
http://www-01.ibm.com/support/docview.wss?uid=isg3T1021361
60024
60063
61291
http://www-01.ibm.com/support/docview.wss?uid=swg21686246
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk102673&src=securityAlerts
60433
HPSBGN03142
openSUSE-SU-2014:1310
JVN#55667175
HPSBST03131
http://www.qnap.com/i/en/support/con_show.php?cid=61
HPSBMU03143
openSUSE-SU-2014:1308
HPSBST03129
HPSBHF03146
HPSBGN03141
HPSBST03157
HPSBMU03144
JVNDB-2014-000126
http://www-01.ibm.com/support/docview.wss?uid=swg21686447
RHSA-2014:1354
HPSBHF03145
61873
HPSBST03181
HPSBST03155
HPSBST03154
HPSBMU03165
HPSBMU03182
HPSBST03148
62343
62312
HPSBMU03245
HPSBMU03246
SSRT101711
HPSBMU03217
SSRT101868
SSRT101819
HPSBST03195
http://advisories.mageia.org/MGASA-2014-0393.html
MDVSA-2015:164
https://access.redhat.com/articles/1200223
https://kc.mcafee.com/corporate/index?page=content&id=SB10085
62228
https://access.redhat.com/node/1200223
59272
34879
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04518183
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04497075
20141001 NEW VMSA-2014-0010 - VMware product updates address critical Bash security vulnerabilities
https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes
https://www.arista.com/en/support/advisories-notices/security-advisories/1008-security-advisory-0006

Подверженные конфигурации:
1. Конфигурация 1
  cpe:2.3:a:gnu:bash:4.0:rc1:*:*:*:*:*:*
  cpe:2.3:a:gnu:bash:4.3:*:*:*:*:*:*:*
  cpe:2.3:a:gnu:bash:3.2.48:*:*:*:*:*:*:*
  cpe:2.3:a:gnu:bash:1.14.3:*:*:*:*:*:*:*
  cpe:2.3:a:gnu:bash:4.1:*:*:*:*:*:*:*
  cpe:2.3:a:gnu:bash:2.05:a:*:*:*:*:*:*
  cpe:2.3:a:gnu:bash:2.05:b:*:*:*:*:*:*
  cpe:2.3:a:gnu:bash:2.05:*:*:*:*:*:*:*
  cpe:2.3:a:gnu:bash:1.14.1:*:*:*:*:*:*:*
  cpe:2.3:a:gnu:bash:3.0:*:*:*:*:*:*:*
  cpe:2.3:a:gnu:bash:2.01:*:*:*:*:*:*:*
  cpe:2.3:a:gnu:bash:2.04:*:*:*:*:*:*:*
  cpe:2.3:a:gnu:bash:2.0:*:*:*:*:*:*:*
  cpe:2.3:a:gnu:bash:2.01.1:*:*:*:*:*:*:*
  cpe:2.3:a:gnu:bash:1.14.7:*:*:*:*:*:*:*
  cpe:2.3:a:gnu:bash:3.1:*:*:*:*:*:*:*
  cpe:2.3:a:gnu:bash:1.14.6:*:*:*:*:*:*:*
  cpe:2.3:a:gnu:bash:1.14.2:*:*:*:*:*:*:*
  cpe:2.3:a:gnu:bash:4.0:*:*:*:*:*:*:*
  cpe:2.3:a:gnu:bash:1.14.4:*:*:*:*:*:*:*
  cpe:2.3:a:gnu:bash:4.2:*:*:*:*:*:*:*
  cpe:2.3:a:gnu:bash:2.02.1:*:*:*:*:*:*:*
  cpe:2.3:a:gnu:bash:3.0.16:*:*:*:*:*:*:*
  cpe:2.3:a:gnu:bash:1.14.5:*:*:*:*:*:*:*
  cpe:2.3:a:gnu:bash:1.14.0:*:*:*:*:*:*:*
  cpe:2.3:a:gnu:bash:2.02:*:*:*:*:*:*:*
  cpe:2.3:a:gnu:bash:3.2:*:*:*:*:*:*:*
  cpe:2.3:a:gnu:bash:2.03:*:*:*:*:*:*:*

Версия: v24.5.1

Наверх

Уязвимость CVE-2014-7169: Информация

Описание

Исправленные пакеты

Ссылки на рекомендации, решения и инструменты

Конфигурация 1