what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 32 RSS Feed

CVE-2014-6278

Status Candidate

Overview

GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary commands via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271, CVE-2014-7169, and CVE-2014-6277.

Related Files

Apache Mod_cgi Bash Environment Variable Injection (Shellshock) Scanner
Posted Sep 1, 2024
Authored by Michal Zalewski, wvu, Stephane Chazelas | Site metasploit.com

This Metasploit module scans for the Shellshock vulnerability, a flaw in how the Bash shell handles external environment variables. This Metasploit module targets CGI scripts in the Apache web server by setting the HTTP_USER_AGENT environment variable to a malicious function definition. PROTIP: Use exploit/multi/handler with a PAYLOAD appropriate to your CMD, set ExitOnSession false, run -j, and then run this module to create sessions on vulnerable hosts. Note that this is not the recommended method for obtaining shells. If you require sessions, please use the apache_mod_cgi_bash_env_exec exploit module instead.

tags | exploit, web, shell, cgi, bash
advisories | CVE-2014-6271, CVE-2014-6278
SHA-256 | 87c833264ee49ea156b8462740c64928a943a3c37c5f3d9c388659dfaa1d03a0
Sun Secure Global Desktop / Oracle Global Desktop Shellshock
Posted Jun 7, 2016
Authored by lastc0de

Sun Secure Global Desktop and Oracle Global Desktop version 4.61.915 remote shellshock code execution exploit.

tags | exploit, remote, code execution
advisories | CVE-2014-6278
SHA-256 | 35ec240c60b7255eaaf64467d8712fa76be5b375b7a5237d5221f43ac829bf35
Cisco UCS Manager 2.1(1b) Shellshock
Posted Mar 17, 2016
Authored by thatchriseckert

Cisco UCS Manager version 2.1(1b) shellshock exploit that spawns a connect-back shell.

tags | exploit, shell
systems | cisco
advisories | CVE-2014-6278
SHA-256 | 8e555e4314339995e576394135e468491a5591e41f42cc88f61d026cdbae0718
Xpl-SHELLSHOCK-Ch3ck Shellshock Vulnerability Scanner
Posted May 3, 2015
Authored by Cleiton Pinheiro

PHP script that leverages user agents to scan for the shellshock vulnerability.

tags | tool, scanner, php
systems | unix
advisories | CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187
SHA-256 | c3fb3a101c43ddb2ec35601038641d0e74080bb19c7ab688fea8961529e512d4
HP Security Bulletin HPSBMU03220 1
Posted Mar 24, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03220 1 - Potential security vulnerabilities have been identified with HP Shunra Network Appliance / HP Shunra Wildcat Appliance running Bash Shell. The vulnerabilities, known as "Shellshock", could be exploited remotely to allow execution of code. Revision 1 of this advisory.

tags | advisory, shell, vulnerability, bash
advisories | CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2104-6277, CVE-2104-6278
SHA-256 | a6123d5b851b138a543e987a040efe52fa0e792954adbdefa8c34b543cc021b7
HP Security Bulletin HPSBMU03246 1
Posted Feb 10, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03246 1 - Potential security vulnerabilities have been identified with HP Insight Control for Linux Central Management Server Pre-boot Execution Environment that could be exploited remotely resulting in Denial of Service (DoS), disclosure of information, and other vulnerabilities. Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability
systems | linux
advisories | CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-7196
SHA-256 | 3bc364eb213e9861d4e21588302ac46a9d28eaf2ef45b15cfb72ed924b71144e
HP Security Bulletin HPSBMU03245 1
Posted Feb 10, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03245 1 - Potential security vulnerabilities have been identified with HP Insight Control server deployment Linux Preboot Execution Environment that could be exploited remotely resulting in Denial of Service (DoS), disclosure of information, and other vulnerabilities. Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability
systems | linux
advisories | CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187
SHA-256 | 547a09874ba71ce03f8459976cd14cc2cb14970581a4d419a52cee64bf714d9e
HP Security Bulletin HPSBGN03233 1
Posted Jan 14, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03233 1 - Potential security vulnerabilities have been identified with HP OneView running OpenSSL and Bash Shell. These vulnerabilities (POODLE and Shellshock) could be exploited remotely to create a Denial of Service (DoS), allow unauthorized access, or disclose information. Revision 1 of this advisory.

tags | advisory, denial of service, shell, vulnerability, bash
advisories | CVE-2014-3513, CVE-2014-3566, CVE-2014-3567, CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187
SHA-256 | 4b877dbe7e357236881b287abc3a3f36c78913bccdc7212120a575f1c5a5650e
HP Security Bulletin HPSBMU03217 1
Posted Dec 17, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03217 1 - A potential security vulnerability has been identified with HP Vertica. This is the Bash Shell vulnerability known as "ShellShock" which could be exploited remotely to allow execution of code. Revision 1 of this advisory.

tags | advisory, shell, bash
advisories | CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2104-6277, CVE-2104-6278
SHA-256 | bba781db0ea6237d24c41632509ea14fbeb0e32ee6e7ac09ab25b8319078c862
HP Security Bulletin HPSBST03154 2
Posted Dec 9, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBST03154 2 - A potential security vulnerability has been identified with HP StoreFabric C-series MDS switches and HP C-series Nexus 5K switches running Bash Shell. This is the Bash Shell vulnerability known as "ShellShock" which could be exploited remotely to allow execution of code. Revision 2 of this advisory.

tags | advisory, shell, bash
advisories | CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187
SHA-256 | 1fd37f9427784b3b37be04b743ed2eb89dd0ff93ce83329650327ceec8f74b04
HP Security Bulletin HPSBMU03182 1
Posted Nov 13, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03182 1 - A potential security vulnerability has been identified with HP Server Automation. This is the Bash Shell vulnerability known as "ShellShock" which could be exploited remotely to allow execution of code. Revision 1 of this advisory.

tags | advisory, shell, bash
advisories | CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2104-6277, CVE-2104-6278
SHA-256 | 2c7547ad37486e13bbfb803f26b54786b2666a0d9a0dc7130cbe590247c0434c
HP Security Bulletin HPSBST03155 1
Posted Nov 12, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBST03155 1 - A potential security vulnerability has been identified with HP StoreFabric H-series switches running Bash Shell. This is the Bash Shell vulnerability known as "ShellShock" which could be exploited remotely to allow execution of code. Revision 1 of this advisory.

tags | advisory, shell, bash
advisories | CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187
SHA-256 | f3dcc135fd2c1cf8a1c5df3a69efd02a182cdabdb8e9370883499a6a98eeecfc
HP Security Bulletin HPSBST03154 1
Posted Nov 12, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBST03154 1 - A potential security vulnerability has been identified with HP StoreFabric C-series MDS switches and HP C-series Nexus 5K switches running Bash Shell. This is the Bash Shell vulnerability known as "ShellShock" which could be exploited remotely to allow execution of code. Revision 1 of this advisory.

tags | advisory, shell, bash
advisories | CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187
SHA-256 | f9534957739ab8f3e7e9de8f9c4bf5789882431d3a5cde51340596d597abe334
HP Security Bulletin HPSBST03181 1
Posted Nov 12, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBST03181 1 - A potential security vulnerability has been identified with HP StoreEver ESL G3 Tape Library. This is the Bash Shell vulnerability known as "ShellShock" which could be exploited remotely to allow execution of code. Revision 1 of this advisory.

tags | advisory, shell, bash
advisories | CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187
SHA-256 | cbb07b428d53f1c1557655cd70c5d064f9bc9d949a6557331a6e0111d76d716b
HP Security Bulletin HPSBHF03124 2
Posted Nov 12, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBHF03124 2 - Potential security vulnerabilities have been identified with certain HP Thin Clients running Bash Shell. The vulnerabilities, known as "Shellshock", could be exploited remotely to allow execution of code. Revision 2 of this advisory.

tags | advisory, shell, vulnerability, bash
advisories | CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2104-6277, CVE-2104-6278
SHA-256 | c8f6d879ddf7cc323158feb1bb78035393d71910932a07f1d6aa7f0deabbcef6
HP Security Bulletin HPSBMU03165 1
Posted Nov 12, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03165 1 - A potential security vulnerability has been identified with HP Propel. This is the Bash Shell vulnerability known as "ShellShock" which could be exploited remotely to allow execution of code. Revision 1 of this advisory.

tags | advisory, shell, bash
advisories | CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2104-6277, CVE-2104-6278
SHA-256 | 993d69d889cb57ea4e97b5967566ea9fa56baaa30d0ca057ac83149e29c4add3
CUPS Filter Bash Environment Variable Code Injection
Posted Oct 28, 2014
Authored by Michal Zalewski, Stephane Chazelas | Site metasploit.com

This Metasploit module exploits a post-auth code injection in specially crafted environment variables in Bash, specifically targeting CUPS filters through the PRINTER_INFO and PRINTER_LOCATION variables by default.

tags | exploit, bash
advisories | CVE-2014-6271, CVE-2014-6278
SHA-256 | 5a376a0f4e8be0b42906123abc72f100a271655c6310963fc913fc7504861155
HP Security Bulletin HPSBST03157
Posted Oct 27, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBST03157 - A potential security vulnerability has been identified with HP StoreEver ESL E-series Tape Library and HP Virtual Library System (VLS) running Bash Shell. This is the Bash Shell vulnerability known as "ShellShock" which could be exploited remotely to allow execution of code. Revision 1 of this advisory.

tags | advisory, shell, bash
advisories | CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187
SHA-256 | e9d6c975aaed8023b6f21f043ef708d1380c041f1f05607e46608de48932d0f7
HP Security Bulletin HPSBHF03146
Posted Oct 20, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBHF03146 - A potential security vulnerability has been identified with HP Integrity SD2 CB900s i4 & i2. This is the Bash Shell vulnerability known as "Shellshock" which could be exploited remotely to allow execution of code. This vulnerability allows users that have been granted access to a shell script to escalate privilege and execute unrestricted commands at the same security level as the Bash script. Revision 1 of this advisory.

tags | advisory, shell, bash
advisories | CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7169
SHA-256 | 71138975f2ecb9835216b1124791afaa131e7f859aaecdae0c613c524094559d
HP Security Bulletin HPSBHF03145
Posted Oct 20, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBHF03145 - A potential security vulnerability has been identified with HP Integrity Superdome X and HP ConvergedSystem 900 for SAP HANA. This is the Bash Shell vulnerability known as "Shellshock" which could be exploited remotely to allow execution of code. This vulnerability allows users that have been granted access to a shell script to escalate privilege and execute unrestricted commands at the same security level as the Bash script. Revision 1 of this advisory.

tags | advisory, shell, bash
advisories | CVE-2014-0224, CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7169
SHA-256 | 2fd50d7e08d80f7519616b15757f4e909dcbfe0263378c1519b97902f322248d
HP Security Bulletin HPSBGN03141
Posted Oct 20, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03141 - A potential security vulnerability has been identified with HP Automation Insight. This is the Bash Shell vulnerability known as "Shellshock" which could be exploited remotely to allow execution of code. This vulnerability allows users that have been granted access to a shell script to escalate privilege and execute unrestricted commands at the same security level as the Bash script. Revision 1 of this advisory.

tags | advisory, shell, bash
advisories | CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187
SHA-256 | 24dee4b8f6b5ddb5d65f8c4322c72420242ee64a9c4bb8a0cb9e1a6cbc7f3d0a
HP Security Bulletin HPSBGN03142
Posted Oct 20, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03142 - A potential security vulnerability has been identified with HP Business Service Automation Essentials. This is the Bash Shell vulnerability known as "Shellshock" which could be exploited remotely to allow execution of code. This vulnerability allows users that have been granted access to a shell script to escalate privilege and execute unrestricted commands at the same security level as the Bash script. Revision 1 of this advisory.

tags | advisory, shell, bash
advisories | CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187
SHA-256 | d574847ce7c8fec49d12de9d8ba41f61736d3916c841666ecefa508ce7691a21
HP Security Bulletin HPSBST03129
Posted Oct 20, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBST03129 - A potential security vulnerability has been identified with HP StoreFabric B-series switches running Bash Shell. This is the Bash Shell vulnerability known as "ShellShock" which could be exploited remotely to allow execution of code. Revision 1 of this advisory.

tags | advisory, shell, bash
advisories | CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187
SHA-256 | 29cdba50ad78b04a98c9fe494d60a6e306a9c9eeb0944502a88270c9bc2b3672
HP Security Bulletin HPSBMU03144
Posted Oct 20, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03144 - A potential security vulnerability has been identified with HP Operation Agent Virtual Appliance. This is the Bash Shell vulnerability known as "Shellshock" which could be exploited remotely to allow execution of code. This vulnerability allows users that have been granted access to a shell script to escalate privilege and execute unrestricted commands at the same security level as the Bash script. Revision 1 of this advisory.

tags | advisory, shell, bash
advisories | CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187
SHA-256 | 64edb263b2832abacd7836db8a8ef12dccda691a3aef95347dfd9324eed8d66f
HP Security Bulletin HPSBMU03143
Posted Oct 20, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03143 - A potential security vulnerability has been identified with HP Virtualization Performance Viewer. This is the Bash Shell vulnerability known as "Shellshock" which could be exploited remotely to allow execution of code. This vulnerability allows users that have been granted access to a shell script to escalate privilege and execute unrestricted commands at the same security level as the Bash script. Revision 1 of this advisory.

tags | advisory, shell, bash
advisories | CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187
SHA-256 | 794de02c30241366d47f3cc27adf32db27562f26c7bf7597b2338a634f30289e
Page 1 of 2
Back12Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close