Summary
This host is installed with GNU Bash Shell
and is prone to remote command execution vulnerability.
Impact
Successful exploitation will allow remote
or local attackers to inject shell commmands, allowing local privilege escalation or remote command execution depending on the application vector.
Impact Level: System/Application
Solution
Apply the patch from the link below,
https://ftp.gnu.org/gnu/bash/
Insight
GNU bash contains a flaw that is triggered
when evaluating environment variables passed from another environment.
After processing a function definition, bash continues to process trailing strings. Incomplete fix to CVE-2014-7169, CVE-2014-6271, and CVE-2014-6277
Affected
GNU Bash through 4.3 bash43-026
Detection
Login to the target machine with ssh
credentials and check its possible to execute the commands via GNU bash shell.
References
Severity
Classification
-
CVE CVE-2014-6278 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe AIR Multiple Vulnerabilities-01 Sep13 (Windows)
- Adobe Flash Player 'SWF' File Multiple Code Execution Vulnerability - Mac OS X
- Adobe Acrobat Multiple Vulnerabilities - 01 Jan14 (Mac OS X)
- Adobe Air Multiple Vulnerabilities -01 August 12 (Mac OS X)
- Adobe Air Multiple Vulnerabilities - December12 (Mac OS X)