⚠ Actively exploited

Added to CISA KEV on 2022-01-28. Federal agencies required to patch by 2022-07-28. Required action: Apply updates per vendor instructions..

CVE-2014-7169

CWE-78 — OS Command Injection CWE-228 CWE-119 — Buffer Overflow37 documents15 sources

Severity

9.8CRITICAL

EPSS

90.1%

top 0.41%

CISA KEV

KEV

Added 2022-01-28

Due 2022-07-28

Exploit

Exploited in wild

Active exploitation observed

Affected products

Apple MAC OS X Arista EOS Checkpoint Security Gateway +71 more

Timeline

PublishedSep 25

KEV addedJan 28

Latest updateMay 13

KEV dueJul 28

CISA Required Action: Apply updates per vendor instructions.

Description

GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occu…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages63 packages

▶Debianbash< 4.3-9.2+3

▶Ubuntubash< 4.3-7ubuntu1.2+1

▶NVDgnu/bash4.3

▶NVDsuse/linux_enterprise_server10, 11, 12+2

▶NVDnovell/open_enterprise_server11.0, 2.0+1

Also affects: Debian Linux 7.0, Ubuntu Linux 10.04, 12.04, 14.04, Enterprise Linux 4.0, 5.0, 6.0, 7.0, 5.9, 6.4, 6.5, 7.3, 7.4, 7.5, 7.6, 7.7, 5.0_ppc, 5.9_ppc, 6.0_ppc64, 6.4_ppc64, 7.0_ppc64, 6.5_ppc64, 7.3_ppc64, 7.4_ppc64, 7.5_ppc64, 7.6_ppc64, 7.7_ppc64, 5.6, 6.2

Patches

Patch: www.oracle.com ↗Patch: www.oracle.com ↗

🔴Vulnerability Details

GHSA

GHSA-f7j6-xrjp-vffg: GNU Bash through 4↗2022-05-13

▶

OSV

bash vulnerability↗2014-09-26

▶

CVEList

CVE-2014-7169: GNU Bash through 4↗2014-09-25

▶

OSV

bash vulnerability↗2014-09-25

▶

OSV

CVE-2014-7169: GNU Bash through 4↗2014-09-25

▶

💥Exploits & PoCs

Exploit-DB

Kemp Load Master 7.1.16 - Multiple Vulnerabilities↗2015-04-02

▶

Exploit-DB

QNAP - Admin Shell via Bash Environment Variable Code Injection (Metasploit)↗2015-03-26

▶

Exploit-DB

QNAP - Web Server Remote Code Execution via Bash Environment Variable Code Injection (Metasploit)↗2015-03-26

▶

Exploit-DB

PHP < 5.6.2 - 'Shellshock' Safe Mode / disable_functions Bypass / Command Injection↗2014-11-03

▶

Exploit-DB

CUPS Filter - Bash Environment Variable Code Injection (Metasploit)↗2014-10-29

▶

📋Vendor Advisories

CISA

GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability↗2022-01-28

▶

Red Hat

bash: incorrect parsing of function definitions with nested command substitutions↗2014-09-29

▶

Red Hat

bash: uninitialized here document closing delimiter pointer use↗2014-09-27

▶

Ubuntu

Bash vulnerability↗2014-09-26

▶

Cisco

GNU Bash Environment Variable Command Injection Vulnerability↗2014-09-26

▶

📐Framework References

ATT&CK

Exploit Public-Facing Application↗

▶

💬Community

Bugzilla

CVE-2014-6278 bash: incorrect parsing of function definitions with nested command substitutions↗2014-09-29

▶

Bugzilla

CVE-2014-7186 bash: parser can allow out-of-bounds memory access while handling redir_stack↗2014-09-26

▶

Bugzilla

CVE-2014-7169 bash: code execution via specially-crafted environment (Incomplete fix for CVE-2014-6271)↗2014-09-25

▶

Bugzilla

CVE-2014-7169 bash: Code execution via specially-crafted environment (Incomplete fix for CVE-2014-6271) [fedora-all]↗2014-09-25

▶