CVE - CVE - 2014 - 6277

CVE-ID
cve - 2014 - 6277	了解更多国家漏洞数据库(NVD) •CVSS严重性评级•修复信息•••CPE SCAP映射脆弱的软件版本信息
描述
GNU Bash通过4.3 bash43 - 026不正确解析函数定义环境变量的值,它允许远程攻击者执行任意代码或引起拒绝服务(未初始化的内存访问,untrusted-pointer读和写操作)通过精心设计环境中,所展示的向量涉及ForceCommand特性在OpenSSH sshd, mod_cgi和mod_cgid Apache HTTP服务器模块,脚本执行的未指明的DHCP客户,和其他的情况设置环境发生一种特权边界对面Bash执行。注意:这个漏洞存在,因为一个不完整的修复cve - 2014 - 6271和cve - 2014 - 7169。
引用
注意:引用为方便读者提供帮助区分漏洞。并不是完整列表。
苹果:苹果- sa - 2015 - 01 - 27 - 4 URL: http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html 苹果:苹果- sa - 2015 - 09 - 30 - 3所示 URL: http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html 思科:20140926 GNU Bash环境变量命令注入漏洞 URL: http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco - sa - 20140926 - bash 确认:http://linux.oracle.com/errata/elsa - 2014 - 3093 确认:http://linux.oracle.com/errata/elsa - 2014 - 3094 确认:http://support.apple.com/HT204244 确认:http://support.novell.com/security/cve/cve - 2014 - 6277. - html 确认:http://www ibm.com/support/docview.wss?uid=isg3t1021272——01. 确认:http://www ibm.com/support/docview.wss?uid=isg3t1021279——01. 确认:http://www ibm.com/support/docview.wss?uid=isg3t1021361——01. 确认:http://www ibm.com/support/docview.wss?uid=ssg1s1004879——01. 确认:http://www ibm.com/support/docview.wss?uid=ssg1s1004897——01. 确认:http://www ibm.com/support/docview.wss?uid=ssg1s1004898——01. 确认:http://www ibm.com/support/docview.wss?uid=ssg1s1004915——01. 确认:http://www ibm.com/support/docview.wss?uid=swg21685541——01. 确认:http://www ibm.com/support/docview.wss?uid=swg21685604——01. 确认:http://www ibm.com/support/docview.wss?uid=swg21685733——01. 确认:http://www ibm.com/support/docview.wss?uid=swg21685749——01. 确认:http://www ibm.com/support/docview.wss?uid=swg21685914——01. 确认:http://www ibm.com/support/docview.wss?uid=swg21686131——01. 确认:http://www ibm.com/support/docview.wss?uid=swg21686246——01. 确认:http://www ibm.com/support/docview.wss?uid=swg21686445——01. 确认:http://www ibm.com/support/docview.wss?uid=swg21686479——01. 确认:http://www ibm.com/support/docview.wss?uid=swg21686494——01. 确认:http://www ibm.com/support/docview.wss?uid=swg21687079——01. 确认:http://www - 947. - ibm.com/support/entry/portal/docdisplay?lndocid=migr - 5096315 确认:http://www.novell.com/support/kb/doc.php?id=7015721 确认:http://www.oracle.com/technetwork/topics/security/bashcve - 2014 - 7169 - 2317675. - html 确认:http://www.qnap.com/i/en/support/con_show.php?cid=61 确认:http://www.vmware.com/security/advisories/vmsa - 2014 - 0010. - html 确认:https://kb.bluecoat.com/index?page=content&id=SA82 确认:https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10648 确认:https://kc.mcafee.com/corporate/index?page=content&id=SB10085 确认:https://support.apple.com/HT205267 确认:https://support.citrix.com/article/CTX200217 确认:https://support.citrix.com/article/CTX200223 确认:https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15629.html 确认:https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04497075 确认:https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04518183 确认:https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk102673&src=securityAlerts 确认:https://www.suse.com/support/shellshock/ 惠普:HPSBGN03138 URL: http://marc.info/?l=bugtraq&m=141330468527613&w=2 惠普:HPSBGN03141 URL: http://marc.info/?l=bugtraq&m=141383304022067&w=2 惠普:HPSBGN03142 URL: http://marc.info/?l=bugtraq&m=141383244821813&w=2 惠普:HPSBGN03233 URL: http://marc.info/?l=bugtraq&m=142118135300698&w=2 惠普:HPSBHF03125 URL: http://marc.info/?l=bugtraq&m=141345648114150&w=2 惠普:HPSBHF03145 URL: http://marc.info/?l=bugtraq&m=141383465822787&w=2 惠普:HPSBHF03146 URL: http://marc.info/?l=bugtraq&m=141383353622268&w=2 惠普:HPSBMU03143 URL: http://marc.info/?l=bugtraq&m=141383026420882&w=2 惠普:HPSBMU03144 URL: http://marc.info/?l=bugtraq&m=141383081521087&w=2 惠普:HPSBMU03165 URL: http://marc.info/?l=bugtraq&m=141577137423233&w=2 惠普:HPSBMU03182 URL: http://marc.info/?l=bugtraq&m=141585637922673&w=2 惠普:HPSBMU03217 URL: http://marc.info/?l=bugtraq&m=141879528318582&w=2 惠普:HPSBMU03220 URL: http://marc.info/?l=bugtraq&m=142721162228379&w=2 惠普:HPSBMU03236 URL: http://marc.info/?l=bugtraq&m=142289270617409&w=2 惠普:HPSBMU03245 URL: http://marc.info/?l=bugtraq&m=142358026505815&w=2 惠普:HPSBMU03246 URL: http://marc.info/?l=bugtraq&m=142358078406056&w=2 惠普:HPSBST03129 URL: http://marc.info/?l=bugtraq&m=141383196021590&w=2 惠普:HPSBST03154 URL: http://marc.info/?l=bugtraq&m=141577297623641&w=2 惠普:HPSBST03155 URL: http://marc.info/?l=bugtraq&m=141576728022234&w=2 惠普:HPSBST03157 URL: http://marc.info/?l=bugtraq&m=141450491804793&w=2 惠普:HPSBST03181 URL: http://marc.info/?l=bugtraq&m=141577241923505&w=2 惠普:SSRT101739 URL: http://marc.info/?l=bugtraq&m=142118135300698&w=2 惠普:SSRT101742 URL: http://marc.info/?l=bugtraq&m=142358026505815&w=2 惠普:SSRT101819 URL: http://marc.info/?l=bugtraq&m=142721162228379&w=2 惠普:SSRT101827 URL: http://marc.info/?l=bugtraq&m=141879528318582&w=2 惠普:SSRT101830 URL: http://marc.info/?l=bugtraq&m=142289270617409&w=2 惠普:SSRT101868 URL: http://marc.info/?l=bugtraq&m=142118135300698&w=2 JVN: JVN # 55667175 URL: http://jvn.jp/en/jp/JVN55667175/index.html JVNDB: JVNDB - 2014 - 000126 URL: http://jvndb.jvn.jp/jvndb/jvndb - 2014 - 000126 MANDRIVA: MDVSA-2015:164 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2015:164~~(过时的来源) MISC: http://lcamtuf.blogspot.com/2014/09/bash-bug-apply-unofficial-patch-now.html MISC: http://lcamtuf.blogspot.com/2014/10/bash-bug-how-we-finally-cracked.html MISC: http://packetstormsecurity.com/files/128567/CA-Technologies-GNU-Bash-Shellshock.html SECUNIA: 58200 URL: http://secunia.com/advisories/58200 SECUNIA: 59907 URL: http://secunia.com/advisories/59907 SECUNIA: 59961 URL: http://secunia.com/advisories/59961 SECUNIA: 60024 URL: http://secunia.com/advisories/60024 SECUNIA: 60034 URL: http://secunia.com/advisories/60034 SECUNIA: 60044 URL: http://secunia.com/advisories/60044 SECUNIA: 60055 URL: http://secunia.com/advisories/60055 SECUNIA: 60063 URL: http://secunia.com/advisories/60063 SECUNIA: 60193 URL: http://secunia.com/advisories/60193 SECUNIA: 60325 URL: http://secunia.com/advisories/60325 SECUNIA: 60433 URL: http://secunia.com/advisories/60433 SECUNIA: 61065 URL: http://secunia.com/advisories/61065 SECUNIA: 61128 URL: http://secunia.com/advisories/61128 SECUNIA: 61129 URL: http://secunia.com/advisories/61129 SECUNIA: 61283 URL: http://secunia.com/advisories/61283 SECUNIA: 61287 URL: http://secunia.com/advisories/61287 SECUNIA: 61291 URL: http://secunia.com/advisories/61291 SECUNIA: 61312 URL: http://secunia.com/advisories/61312 SECUNIA: 61313 URL: http://secunia.com/advisories/61313 SECUNIA: 61328 URL: http://secunia.com/advisories/61328 SECUNIA: 61442 URL: http://secunia.com/advisories/61442 SECUNIA: 61471 URL: http://secunia.com/advisories/61471 SECUNIA: 61485 URL: http://secunia.com/advisories/61485 SECUNIA: 61503 URL: http://secunia.com/advisories/61503 SECUNIA: 61550 URL: http://secunia.com/advisories/61550 SECUNIA: 61552 URL: http://secunia.com/advisories/61552 SECUNIA: 61565 URL: http://secunia.com/advisories/61565 SECUNIA: 61603 URL: http://secunia.com/advisories/61603 SECUNIA: 61633 URL: http://secunia.com/advisories/61633 SECUNIA: 61641 URL: http://secunia.com/advisories/61641 SECUNIA: 61643 URL: http://secunia.com/advisories/61643 SECUNIA: 61654 URL: http://secunia.com/advisories/61654 SECUNIA: 61703 URL: http://secunia.com/advisories/61703 SECUNIA: 61780 URL: http://secunia.com/advisories/61780 SECUNIA: 61816 URL: http://secunia.com/advisories/61816 SECUNIA: 61857 URL: http://secunia.com/advisories/61857 SECUNIA: 62312 URL: http://secunia.com/advisories/62312 SECUNIA: 62343 URL: http://secunia.com/advisories/62343 SUSE: SUSE-SU-2014:1287 URL: http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00004.html SUSE: openSUSE-SU-2014:1310 URL: http://lists.opensuse.org/opensuse-updates/2014-10/msg00025.html UBUNTU: usn - 2380 - 1 URL: http://www.ubuntu.com/usn/usn - 2380 - 1
分配中央社
Debian GNU / Linux
创建日期记录
20140909	免责声明:记录创建日期可能反映了CVE ID分配或保留的时候,,不一定表示当发现了这个漏洞,与受影响的供应商,在CVE公开披露,或更新。
阶段(遗留)
分配(20140909)
票(遗留)

评论(遗留)

提出(遗留)
N /一个
这是一个记录CVE列表,它提供了共同的标识符公开已知的网络安全漏洞。
CVE使用关键字搜索: 你也可以搜索参考使用CVE参考地图。
更多信息:CVE请求Web表单(从下拉框中选择“其他”)

回到顶部

cve - 2014 - 6277