GNU Bash Environment Variable Handling Shell RCE Vulnerability (LSC) - 03 Network Vulnerability

Summary

This host is installed with GNU Bash Shell and is prone to remote command execution vulnerability.

Impact

Successful exploitation will allow remote or local attackers to inject shell commmands, allowing local privilege escalation or remote command execution depending on the application vector. Impact Level: System/Application

Solution

Apply the patch from the link below, https://ftp.gnu.org/gnu/bash/

Insight

GNU bash contains a flaw that is triggered when evaluating environment variables passed from another environment. After processing a function definition, bash continues to process trailing strings. Incomplete fix to CVE-2014-7169, CVE-2014-6271, and CVE-2014-6277

Affected

GNU Bash through 4.3 bash43-026

Detection

References

http://lcamtuf.blogspot.in/2014/09/bash-bug-apply-unofficial-patch-now.html
http://www.osvdb.org/112169

Updated on 2017-03-28

Severity

Classification

CVE CVE-2014-6278

CVSS	Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe AIR Multiple Vulnerabilities(APSB14-22)-(Mac OS X)
Adobe Acrobat and Reader PDF Handling Multiple Vulnerabilities (Windows)
Adobe AIR Security Bypass Vulnerability Jan14 (Windows)
Adobe Acrobat Multiple Vulnerabilities-01 Dec14 (Windows)
Adobe Air Code Execution and DoS Vulnerabilities (MAC OS X)

Take action and discover your vulnerabilities