Back to search
CVE-2014-6271
Published: Sep 24, 2014
Modified: Oct 22, 2025
PUBLISHED
Description
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
37816
exploit
x_refsource_EXPLOIT-DB
SUSE-SU-2014:1223
vendor-advisory
x_refsource_SUSE
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004897
x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21685749
x_refsource_CONFIRM
HPSBMU03165
vendor-advisory
x_refsource_HP
SSRT101816
vendor-advisory
x_refsource_HP
39918
exploit
x_refsource_EXPLOIT-DB
HPSBHF03119
vendor-advisory
x_refsource_HP
RHSA-2014:1295
vendor-advisory
x_refsource_REDHAT
openSUSE-SU-2014:1226
vendor-advisory
x_refsource_SUSE
HPSBST03131
vendor-advisory
x_refsource_HP
SSRT101819
vendor-advisory
x_refsource_HP
20141001 NEW VMSA-2014-0010 - VMware product updates address critical Bash security vulnerabilities
mailing-list
x_refsource_BUGTRAQ
HPSBMU03245
vendor-advisory
x_refsource_HP
http://www-01.ibm.com/support/docview.wss?uid=swg21686084
x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21686479
x_refsource_CONFIRM
HPSBST03196
vendor-advisory
x_refsource_HP
61188
third-party-advisory
x_refsource_SECUNIA
JVN#55667175
third-party-advisory
x_refsource_JVN
61676
third-party-advisory
x_refsource_SECUNIA
40619
exploit
x_refsource_EXPLOIT-DB
openSUSE-SU-2014:1254
vendor-advisory
x_refsource_SUSE
60433
third-party-advisory
x_refsource_SECUNIA
38849
exploit
x_refsource_EXPLOIT-DB
HPSBMU03143
vendor-advisory
x_refsource_HP
HPSBMU03182
vendor-advisory
x_refsource_HP
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10673
x_refsource_CONFIRM
SUSE-SU-2014:1260
vendor-advisory
x_refsource_SUSE
HPSBST03155
vendor-advisory
x_refsource_HP
http://www-01.ibm.com/support/docview.wss?uid=swg21685541
x_refsource_CONFIRM
61715
third-party-advisory
x_refsource_SECUNIA
61816
third-party-advisory
x_refsource_SECUNIA
openSUSE-SU-2014:1310
vendor-advisory
x_refsource_SUSE
61442
third-party-advisory
x_refsource_SECUNIA
HPSBMU03246
vendor-advisory
x_refsource_HP
HPSBST03195
vendor-advisory
x_refsource_HP
61283
third-party-advisory
x_refsource_SECUNIA
SSRT101711
vendor-advisory
x_refsource_HP
USN-2362-1
vendor-advisory
x_refsource_UBUNTU
https://kc.mcafee.com/corporate/index?page=content&id=SB10085
x_refsource_CONFIRM
openSUSE-SU-2014:1308
vendor-advisory
x_refsource_SUSE
61654
third-party-advisory
x_refsource_SECUNIA
61542
third-party-advisory
x_refsource_SECUNIA
http://www.novell.com/support/kb/doc.php?id=7015701
x_refsource_CONFIRM
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096315
x_refsource_CONFIRM
62312
third-party-advisory
x_refsource_SECUNIA
59272
third-party-advisory
x_refsource_SECUNIA
HPSBST03122
vendor-advisory
x_refsource_HP
https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15629.html
x_refsource_CONFIRM
HPSBMU03217
vendor-advisory
x_refsource_HP
http://www-01.ibm.com/support/docview.wss?uid=swg21685604
x_refsource_CONFIRM
SSRT101868
vendor-advisory
x_refsource_HP
61703
third-party-advisory
x_refsource_SECUNIA
http://support.apple.com/kb/HT6495
x_refsource_CONFIRM
VU#252743
third-party-advisory
x_refsource_CERT-VN
61065
third-party-advisory
x_refsource_SECUNIA
SUSE-SU-2014:1213
vendor-advisory
x_refsource_SUSE
HPSBST03129
vendor-advisory
x_refsource_HP
HPSBMU03144
vendor-advisory
x_refsource_HP
http://www-01.ibm.com/support/docview.wss?uid=swg21686445
x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21686131
x_refsource_CONFIRM
70103
vdb-entry
x_refsource_BID
JVNDB-2014-000126
third-party-advisory
x_refsource_JVNDB
SSRT101827
vendor-advisory
x_refsource_HP
TA14-268A
third-party-advisory
x_refsource_CERT
SUSE-SU-2014:1212
vendor-advisory
x_refsource_SUSE
61641
third-party-advisory
x_refsource_SECUNIA
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10648
x_refsource_CONFIRM
https://access.redhat.com/node/1200223
x_refsource_CONFIRM
SUSE-SU-2014:1287
vendor-advisory
x_refsource_SUSE
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004898
x_refsource_CONFIRM
APPLE-SA-2014-10-16-1
vendor-advisory
x_refsource_APPLE
http://www-01.ibm.com/support/docview.wss?uid=swg21685914
x_refsource_CONFIRM
20141001 FW: NEW VMSA-2014-0010 - VMware product updates address critical Bash security vulnerabilities
mailing-list
x_refsource_FULLDISC
MDVSA-2015:164
vendor-advisory
x_refsource_MANDRIVA
RHSA-2014:1293
vendor-advisory
x_refsource_REDHAT
openSUSE-SU-2014:1238
vendor-advisory
x_refsource_SUSE
HPSBMU03220
vendor-advisory
x_refsource_HP
60325
third-party-advisory
x_refsource_SECUNIA
60024
third-party-advisory
x_refsource_SECUNIA
34879
exploit
x_refsource_EXPLOIT-DB
https://access.redhat.com/articles/1200223
x_refsource_CONFIRM
62343
third-party-advisory
x_refsource_SECUNIA
61565
third-party-advisory
x_refsource_SECUNIA
https://www.suse.com/support/shellshock/
x_refsource_CONFIRM
HPSBST03157
vendor-advisory
x_refsource_HP
61313
third-party-advisory
x_refsource_SECUNIA
SSRT101742
vendor-advisory
x_refsource_HP
61873
third-party-advisory
x_refsource_SECUNIA
61485
third-party-advisory
x_refsource_SECUNIA
60947
third-party-advisory
x_refsource_SECUNIA
https://support.apple.com/kb/HT6535
x_refsource_CONFIRM
HPSBST03154
vendor-advisory
x_refsource_HP
HPSBST03265
vendor-advisory
x_refsource_HP
http://www-01.ibm.com/support/docview.wss?uid=isg3T1021272
x_refsource_CONFIRM
HPSBGN03142
vendor-advisory
x_refsource_HP
61312
third-party-advisory
x_refsource_SECUNIA
60193
third-party-advisory
x_refsource_SECUNIA
http://www.vmware.com/security/advisories/VMSA-2014-0010.html
x_refsource_CONFIRM
http://linux.oracle.com/errata/ELSA-2014-1294.html
x_refsource_CONFIRM
60063
third-party-advisory
x_refsource_SECUNIA
60034
third-party-advisory
x_refsource_SECUNIA
HPSBMU03133
vendor-advisory
x_refsource_HP
59907
third-party-advisory
x_refsource_SECUNIA
58200
third-party-advisory
x_refsource_SECUNIA
HPSBST03181
vendor-advisory
x_refsource_HP
61643
third-party-advisory
x_refsource_SECUNIA
http://www.novell.com/support/kb/doc.php?id=7015721
x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21687079
x_refsource_CONFIRM
61503
third-party-advisory
x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg21686246
x_refsource_CONFIRM
RHSA-2014:1354
vendor-advisory
x_refsource_REDHAT
40938
exploit
x_refsource_EXPLOIT-DB
HPSBGN03117
vendor-advisory
x_refsource_HP
http://support.novell.com/security/cve/CVE-2014-6271.html
x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004915
x_refsource_CONFIRM
61547
third-party-advisory
x_refsource_SECUNIA
HPSBHF03145
vendor-advisory
x_refsource_HP
http://www.qnap.com/i/en/support/con_show.php?cid=61
x_refsource_CONFIRM
HPSBST03148
vendor-advisory
x_refsource_HP
61552
third-party-advisory
x_refsource_SECUNIA
61780
third-party-advisory
x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=isg3T1021279
x_refsource_CONFIRM
https://support.citrix.com/article/CTX200223
x_refsource_CONFIRM
DSA-3032
vendor-advisory
x_refsource_DEBIAN
http://www-01.ibm.com/support/docview.wss?uid=swg21686447
x_refsource_CONFIRM
62228
third-party-advisory
x_refsource_SECUNIA
HPSBGN03138
vendor-advisory
x_refsource_HP
61855
third-party-advisory
x_refsource_SECUNIA
HPSBHF03124
vendor-advisory
x_refsource_HP
60044
third-party-advisory
x_refsource_SECUNIA
61291
third-party-advisory
x_refsource_SECUNIA
RHSA-2014:1294
vendor-advisory
x_refsource_REDHAT
HPSBHF03125
vendor-advisory
x_refsource_HP
59737
third-party-advisory
x_refsource_SECUNIA
61287
third-party-advisory
x_refsource_SECUNIA
HPSBHF03146
vendor-advisory
x_refsource_HP
HPSBGN03233
vendor-advisory
x_refsource_HP
https://bugzilla.redhat.com/show_bug.cgi?id=1141597
x_refsource_CONFIRM
SSRT101739
vendor-advisory
x_refsource_HP
61711
third-party-advisory
x_refsource_SECUNIA
HPSBOV03228
vendor-advisory
x_refsource_HP
http://www-01.ibm.com/support/docview.wss?uid=isg3T1021361
x_refsource_CONFIRM
HPSBGN03141
vendor-advisory
x_refsource_HP
http://advisories.mageia.org/MGASA-2014-0388.html
x_refsource_CONFIRM
61128
third-party-advisory
x_refsource_SECUNIA
https://support.citrix.com/article/CTX200217
x_refsource_CONFIRM
61471
third-party-advisory
x_refsource_SECUNIA
60055
third-party-advisory
x_refsource_SECUNIA
20140926 GNU Bash Environmental Variable Command Injection Vulnerability
vendor-advisory
x_refsource_CISCO
61550
third-party-advisory
x_refsource_SECUNIA
61633
third-party-advisory
x_refsource_SECUNIA
http://linux.oracle.com/errata/ELSA-2014-1293.html
x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21686494
x_refsource_CONFIRM
https://kb.bluecoat.com/index?page=content&id=SA82
x_refsource_CONFIRM
61328
third-party-advisory
x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg21685733
x_refsource_CONFIRM
42938
exploit
x_refsource_EXPLOIT-DB
61129
third-party-advisory
x_refsource_SECUNIA
61700
third-party-advisory
x_refsource_SECUNIA
61603
third-party-advisory
x_refsource_SECUNIA
61857
third-party-advisory
x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004879
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now