CISA KEV 정보
| 취약점명 | GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability |
|---|---|
| 설명 | GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute code. This CVE correctly remediates the vulnerability in CVE-2014-6271. |
| 조치사항 | Apply updates per vendor instructions. |
| 랜섬웨어 캠페인 악용 | Unknown |
| CWE | CWE-78 |
| 등록일 (KEV) | 2022-01-28 |
| 조치 기한 | 2022-07-28 |
| 추가 참고 | https://nvd.nist.gov/vuln/detail/CVE-2014-7169 |
NVD 상세 정보
CVSS v3.1: 9.8 CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HCVSS v2.0: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C설명: GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271.
CWE: CWE-78 | CWE-78
참조
- http://advisories.mageia.org/MGASA-2014-0393.html [Third Party Advisory]
- http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html [Broken Link]
- http://jvn.jp/en/jp/JVN55667175/index.html [Third Party Advisory]
- http://jvndb.jvn.jp/jvndb/JVNDB-2014-000126 [Third Party Advisory, VDB Entry]
- http://lcamtuf.blogspot.com/2014/09/quick-notes-about-bash-bug-its-impact.html [Third Party Advisory]
- http://linux.oracle.com/errata/ELSA-2014-1306.html [Third Party Advisory]
- http://linux.oracle.com/errata/ELSA-2014-3075.html [Third Party Advisory]
- http://linux.oracle.com/errata/ELSA-2014-3077.html [Third Party Advisory]
- http://linux.oracle.com/errata/ELSA-2014-3078.html [Third Party Advisory]
- http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00038.html [Mailing List, Third Party Advisory]
- http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00041.html [Mailing List, Third Party Advisory]
- http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00042.html [Mailing List, Third Party Advisory]
- http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00044.html [Mailing List, Third Party Advisory]
- http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00048.html [Mailing List, Third Party Advisory]
- http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00004.html [Mailing List, Third Party Advisory]
- ... 외 306건
This product uses the NVD API but is not endorsed or certified by the NVD.