CVE - CVE - 2014 - 6271

CVE-ID
cve - 2014 - 6271	了解更多国家漏洞数据库(NVD) •CVSS严重性评级•修复信息•••CPE SCAP映射脆弱的软件版本信息
描述
GNU Bash通过4.3进程落后于字符串函数定义环境变量的值,它允许远程攻击者通过精心设计的环境中执行任意代码,可以由向量涉及ForceCommand特性在OpenSSH sshd, mod_cgi和mod_cgid Apache HTTP服务器模块,脚本执行的未指明的DHCP客户,和其他的情况设置环境发生一种特权边界对面Bash执行,又名“弹震症”。NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.
引用
注意:引用为方便读者提供帮助区分漏洞。并不是完整列表。
苹果:苹果- sa - 2014 - 10 - 16 - 1 URL: http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html 报价:70103 URL: http://www.securityfocus.com/bid/70103 新vmsa BUGTRAQ: 20141001 - 2014 - 0010 - VMware产品更新地址关键Bash安全漏洞 URL: http://www.securityfocus.com/archive/1/533593/100/0/threaded 证书:ta14 - 268 a URL: http://www.us cert.gov/ncas/alerts/ta14 - 268 a CERT-VN: VU # 252743 URL: http://www.kb.cert.org/vuls/id/252743 思科:20140926 GNU Bash环境变量命令注入漏洞 URL: http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco - sa - 20140926 - bash 确认:http://advisories.mageia.org/mgasa - 2014 - 0388. - html 确认:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10673 确认:http://linux.oracle.com/errata/elsa - 2014 - 1293. - html 确认:http://linux.oracle.com/errata/elsa - 2014 - 1294. - html 确认:http://support.apple.com/kb/HT6495 确认:http://support.novell.com/security/cve/cve - 2014 - 6271. - html 确认:http://www ibm.com/support/docview.wss?uid=isg3t1021272——01. 确认:http://www ibm.com/support/docview.wss?uid=isg3t1021279——01. 确认:http://www ibm.com/support/docview.wss?uid=isg3t1021361——01. 确认:http://www ibm.com/support/docview.wss?uid=ssg1s1004879——01. 确认:http://www ibm.com/support/docview.wss?uid=ssg1s1004897——01. 确认:http://www ibm.com/support/docview.wss?uid=ssg1s1004898——01. 确认:http://www ibm.com/support/docview.wss?uid=ssg1s1004915——01. 确认:http://www ibm.com/support/docview.wss?uid=swg21685541——01. 确认:http://www ibm.com/support/docview.wss?uid=swg21685604——01. 确认:http://www ibm.com/support/docview.wss?uid=swg21685733——01. 确认:http://www ibm.com/support/docview.wss?uid=swg21685749——01. 确认:http://www ibm.com/support/docview.wss?uid=swg21685914——01. 确认:http://www ibm.com/support/docview.wss?uid=swg21686084——01. 确认:http://www ibm.com/support/docview.wss?uid=swg21686131——01. 确认:http://www ibm.com/support/docview.wss?uid=swg21686246——01. 确认:http://www ibm.com/support/docview.wss?uid=swg21686445——01. 确认:http://www ibm.com/support/docview.wss?uid=swg21686447——01. 确认:http://www ibm.com/support/docview.wss?uid=swg21686479——01. 确认:http://www ibm.com/support/docview.wss?uid=swg21686494——01. 确认:http://www ibm.com/support/docview.wss?uid=swg21687079——01. 确认:http://www - 947. - ibm.com/support/entry/portal/docdisplay?lndocid=migr - 5096315 确认:http://www.novell.com/support/kb/doc.php?id=7015701 确认:http://www.novell.com/support/kb/doc.php?id=7015721 确认:http://www.oracle.com/technetwork/topics/security/bashcve - 2014 - 7169 - 2317675. - html 确认:http://www.qnap.com/i/en/support/con_show.php?cid=61 确认:http://www.vmware.com/security/advisories/vmsa - 2014 - 0010. - html 确认:http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0 确认:https://access.redhat.com/articles/1200223 确认:https://access.redhat.com/node/1200223 确认:https://bugzilla.redhat.com/show_bug.cgi?id=1141597 确认:https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare +数据+中心+手术+软件+漏洞修复确认:https://kb.bluecoat.com/index?page=content&id=SA82 确认:https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10648 确认:https://kc.mcafee.com/corporate/index?page=content&id=SB10085 确认:https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/ 确认:https://support.apple.com/kb/HT6535 确认:https://support.citrix.com/article/CTX200217 确认:https://support.citrix.com/article/CTX200223 确认:https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15629.html 确认:https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04497075 确认:https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04518183 确认:https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk102673&src=securityAlerts 确认:https://www.suse.com/support/shellshock/ DEBIAN: dsa - 3032 URL: http://www.debian.org/security/2014/dsa - 3032 EXPLOIT-DB: 34879 URL: https://www.exploit-db.com/exploits/34879/ EXPLOIT-DB: 37816 URL: https://www.exploit-db.com/exploits/37816/ EXPLOIT-DB: 38849 URL: https://www.exploit-db.com/exploits/38849/ EXPLOIT-DB: 39918 URL: https://www.exploit-db.com/exploits/39918/ EXPLOIT-DB: 40619 URL: https://www.exploit-db.com/exploits/40619/ EXPLOIT-DB: 40938 URL: https://www.exploit-db.com/exploits/40938/ EXPLOIT-DB: 42938 URL: https://www.exploit-db.com/exploits/42938/ FULLDISC: 20141001弗兰克-威廉姆斯:新vmsa - 2014 - 0010 - VMware产品更新地址关键Bash安全漏洞 URL: http://seclists.org/fulldisclosure/2014/Oct/0 惠普:HPSBGN03117 URL: http://marc.info/?l=bugtraq&m=141216207813411&w=2 惠普:HPSBGN03138 URL: http://marc.info/?l=bugtraq&m=141330468527613&w=2 惠普:HPSBGN03141 URL: http://marc.info/?l=bugtraq&m=141383304022067&w=2 惠普:HPSBGN03142 URL: http://marc.info/?l=bugtraq&m=141383244821813&w=2 惠普:HPSBGN03233 URL: http://marc.info/?l=bugtraq&m=142118135300698&w=2 惠普:HPSBHF03119 URL: http://marc.info/?l=bugtraq&m=141216668515282&w=2 惠普:HPSBHF03124 URL: http://marc.info/?l=bugtraq&m=141235957116749&w=2 惠普:HPSBHF03125 URL: http://marc.info/?l=bugtraq&m=141345648114150&w=2 惠普:HPSBHF03145 URL: http://marc.info/?l=bugtraq&m=141383465822787&w=2 惠普:HPSBHF03146 URL: http://marc.info/?l=bugtraq&m=141383353622268&w=2 惠普:HPSBMU03133 URL: http://marc.info/?l=bugtraq&m=141330425327438&w=2 惠普:HPSBMU03143 URL: http://marc.info/?l=bugtraq&m=141383026420882&w=2 惠普:HPSBMU03144 URL: http://marc.info/?l=bugtraq&m=141383081521087&w=2 惠普:HPSBMU03165 URL: http://marc.info/?l=bugtraq&m=141577137423233&w=2 惠普:HPSBMU03182 URL: http://marc.info/?l=bugtraq&m=141585637922673&w=2 惠普:HPSBMU03217 URL: http://marc.info/?l=bugtraq&m=141879528318582&w=2 惠普:HPSBMU03220 URL: http://marc.info/?l=bugtraq&m=142721162228379&w=2 惠普:HPSBMU03245 URL: http://marc.info/?l=bugtraq&m=142358026505815&w=2 惠普:HPSBMU03246 URL: http://marc.info/?l=bugtraq&m=142358078406056&w=2 惠普:HPSBOV03228 URL: http://marc.info/?l=bugtraq&m=142113462216480&w=2 惠普:HPSBST03122 URL: http://marc.info/?l=bugtraq&m=141319209015420&w=2 惠普:HPSBST03129 URL: http://marc.info/?l=bugtraq&m=141383196021590&w=2 惠普:HPSBST03131 URL: http://marc.info/?l=bugtraq&m=141383138121313&w=2 惠普:HPSBST03148 URL: http://marc.info/?l=bugtraq&m=141694386919794&w=2 惠普:HPSBST03154 URL: http://marc.info/?l=bugtraq&m=141577297623641&w=2 惠普:HPSBST03155 URL: http://marc.info/?l=bugtraq&m=141576728022234&w=2 惠普:HPSBST03157 URL: http://marc.info/?l=bugtraq&m=141450491804793&w=2 惠普:HPSBST03181 URL: http://marc.info/?l=bugtraq&m=141577241923505&w=2 惠普:HPSBST03195 URL: http://marc.info/?l=bugtraq&m=142805027510172&w=2 惠普:HPSBST03196 URL: http://marc.info/?l=bugtraq&m=142719845423222&w=2 惠普:HPSBST03265 URL: http://marc.info/?l=bugtraq&m=142546741516006&w=2 惠普:SSRT101711 URL: http://marc.info/?l=bugtraq&m=142113462216480&w=2 惠普:SSRT101739 URL: http://marc.info/?l=bugtraq&m=142118135300698&w=2 惠普:SSRT101742 URL: http://marc.info/?l=bugtraq&m=142358026505815&w=2 惠普:SSRT101816 URL: http://marc.info/?l=bugtraq&m=142719845423222&w=2 惠普:SSRT101819 URL: http://marc.info/?l=bugtraq&m=142721162228379&w=2 惠普:SSRT101827 URL: http://marc.info/?l=bugtraq&m=141879528318582&w=2 惠普:SSRT101868 URL: http://marc.info/?l=bugtraq&m=142118135300698&w=2 JVN: JVN # 55667175 URL: http://jvn.jp/en/jp/JVN55667175/index.html JVNDB: JVNDB - 2014 - 000126 URL: http://jvndb.jvn.jp/jvndb/jvndb - 2014 - 000126 MANDRIVA: MDVSA-2015:164 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2015:164~~(过时的来源) MISC: http://lcamtuf.blogspot.com/2014/09/quick-notes-about-bash-bug-its-impact.html MISC: http://packetstormsecurity.com/files/128517/vmware -安全顾问- 2014 - 0010. - html MISC: http://packetstormsecurity.com/files/128567/CA-Technologies-GNU-Bash-Shellshock.html MISC: http://packetstormsecurity.com/files/128573/Apache-mod_cgi-Remote-Command-Execution.html MISC: http://packetstormsecurity.com/files/137376/IPFire-Bash-Environment-Variable-Injection-Shellshock.html MISC: http://packetstormsecurity.com/files/161107/SonicWall-SSL-VPN-Shellshock-Remote-Code-Execution.html MISC: https://www.arista.com/en/support/advisories - notices/security advisories/1008 -安全-咨询- 0006 红帽:RHSA-2014:1293 URL: http://rhn.redhat.com/errata/rhsa - 2014 - 1293. - html 红帽:RHSA-2014:1294 URL: http://rhn.redhat.com/errata/rhsa - 2014 - 1294. - html 红帽:RHSA-2014:1295 URL: http://rhn.redhat.com/errata/rhsa - 2014 - 1295. - html 红帽:RHSA-2014:1354 URL: http://rhn.redhat.com/errata/rhsa - 2014 - 1354. - html SECUNIA: 58200 URL: http://secunia.com/advisories/58200 SECUNIA: 59272 URL: http://secunia.com/advisories/59272 SECUNIA: 59737 URL: http://secunia.com/advisories/59737 SECUNIA: 59907 URL: http://secunia.com/advisories/59907 SECUNIA: 60024 URL: http://secunia.com/advisories/60024 SECUNIA: 60034 URL: http://secunia.com/advisories/60034 SECUNIA: 60044 URL: http://secunia.com/advisories/60044 SECUNIA: 60055 URL: http://secunia.com/advisories/60055 SECUNIA: 60063 URL: http://secunia.com/advisories/60063 SECUNIA: 60193 URL: http://secunia.com/advisories/60193 SECUNIA: 60325 URL: http://secunia.com/advisories/60325 SECUNIA: 60433 URL: http://secunia.com/advisories/60433 SECUNIA: 60947 URL: http://secunia.com/advisories/60947 SECUNIA: 61065 URL: http://secunia.com/advisories/61065 SECUNIA: 61128 URL: http://secunia.com/advisories/61128 SECUNIA: 61129 URL: http://secunia.com/advisories/61129 SECUNIA: 61188 URL: http://secunia.com/advisories/61188 SECUNIA: 61283 URL: http://secunia.com/advisories/61283 SECUNIA: 61287 URL: http://secunia.com/advisories/61287 SECUNIA: 61291 URL: http://secunia.com/advisories/61291 SECUNIA: 61312 URL: http://secunia.com/advisories/61312 SECUNIA: 61313 URL: http://secunia.com/advisories/61313 SECUNIA: 61328 URL: http://secunia.com/advisories/61328 SECUNIA: 61442 URL: http://secunia.com/advisories/61442 SECUNIA: 61471 URL: http://secunia.com/advisories/61471 SECUNIA: 61485 URL: http://secunia.com/advisories/61485 SECUNIA: 61503 URL: http://secunia.com/advisories/61503 SECUNIA: 61542 URL: http://secunia.com/advisories/61542 SECUNIA: 61547 URL: http://secunia.com/advisories/61547 SECUNIA: 61550 URL: http://secunia.com/advisories/61550 SECUNIA: 61552 URL: http://secunia.com/advisories/61552 SECUNIA: 61565 URL: http://secunia.com/advisories/61565 SECUNIA: 61603 URL: http://secunia.com/advisories/61603 SECUNIA: 61633 URL: http://secunia.com/advisories/61633 SECUNIA: 61641 URL: http://secunia.com/advisories/61641 SECUNIA: 61643 URL: http://secunia.com/advisories/61643 SECUNIA: 61654 URL: http://secunia.com/advisories/61654 SECUNIA: 61676 URL: http://secunia.com/advisories/61676 SECUNIA: 61700 URL: http://secunia.com/advisories/61700 SECUNIA: 61703 URL: http://secunia.com/advisories/61703 SECUNIA: 61711 URL: http://secunia.com/advisories/61711 SECUNIA: 61715 URL: http://secunia.com/advisories/61715 SECUNIA: 61780 URL: http://secunia.com/advisories/61780 SECUNIA: 61816 URL: http://secunia.com/advisories/61816 SECUNIA: 61855 URL: http://secunia.com/advisories/61855 SECUNIA: 61857 URL: http://secunia.com/advisories/61857 SECUNIA: 61873 URL: http://secunia.com/advisories/61873 SECUNIA: 62228 URL: http://secunia.com/advisories/62228 SECUNIA: 62312 URL: http://secunia.com/advisories/62312 SECUNIA: 62343 URL: http://secunia.com/advisories/62343 SUSE: SUSE-SU-2014:1212 URL: http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00028.html SUSE: SUSE-SU-2014:1213 URL: http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00029.html SUSE: SUSE-SU-2014:1223 URL: http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00034.html SUSE: SUSE-SU-2014:1260 URL: http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00049.html SUSE: SUSE-SU-2014:1287 URL: http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00004.html SUSE: openSUSE-SU-2014:1226 URL: http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00037.html SUSE: openSUSE-SU-2014:1238 URL: http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00040.html SUSE: openSUSE-SU-2014:1254 URL: http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00044.html SUSE: openSUSE-SU-2014:1308 URL: http://lists.opensuse.org/opensuse-updates/2014-10/msg00023.html SUSE: openSUSE-SU-2014:1310 URL: http://lists.opensuse.org/opensuse-updates/2014-10/msg00025.html UBUNTU: usn - 2362 - 1 URL: http://www.ubuntu.com/usn/usn - 2362 - 1
分配中央社
Debian GNU / Linux
创建日期记录
20140909	免责声明:记录创建日期可能反映了CVE ID分配或保留的时候,,不一定表示当发现了这个漏洞,与受影响的供应商,在CVE公开披露,或更新。
阶段(遗留)
分配(20140909)
票(遗留)

评论(遗留)

提出(遗留)
N /一个
这是一个记录CVE列表,它提供了共同的标识符公开已知的网络安全漏洞。
CVE使用关键字搜索: 你也可以搜索参考使用CVE参考地图。
更多信息:CVE请求Web表单(从下拉框中选择“其他”)

回到顶部

cve - 2014 - 6271