GNU Bash Environment Variable Handling Shell RCE Vulnerability (LSC) Network Vulnerability

Summary

This host is installed with GNU Bash Shell and is prone to remote command execution vulnerability.

Impact

Successful exploitation will allow remote or local attackers to inject shell commmands, allowing local privilege escalation or remote command execution depending on the application vector. Impact Level: Application

Solution

Apply the patch or upgrade to latest version, For updates refer to http://www.gnu.org/software/bash/

Insight

GNU bash contains a flaw that is triggered when evaluating environment variables passed from another environment. After processing a function definition, bash continues to process trailing strings.

Affected

GNU Bash through 4.3

Detection

References

https://access.redhat.com/solutions/1207723
https://blogs.akamai.com/2014/09/environment-bashing.html
https://bugzilla.redhat.com/show_bug.cgi?id=1141597
https://community.qualys.com/blogs/securitylabs/2014/09/24/

Updated on 2017-03-28

Severity

Classification

CVE CVE-2014-6271
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Alchemy Eye HTTP Command Execution
Adobe ColdFusion Authentication Bypass Vulnerability
Acidcat CMS Multiple Vulnerabilities
Advantech Studio 'NTWebServer.exe' Directory Traversal Vulnerability
AlienVault OSSIM Multiple Remote Code Execution Vulnerabilities

Take action and discover your vulnerabilities