Back to search
CVE-2014-6278
Published: Sep 30, 2014
Modified: Dec 30, 2025
PUBLISHED
Description
GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary commands via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271, CVE-2014-7169, and CVE-2014-6277.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004897
x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21685749
x_refsource_CONFIRM
HPSBMU03165
vendor-advisory
x_refsource_HP
http://linux.oracle.com/errata/ELSA-2014-3093
x_refsource_CONFIRM
SSRT101819
vendor-advisory
x_refsource_HP
HPSBMU03245
vendor-advisory
x_refsource_HP
http://www-01.ibm.com/support/docview.wss?uid=swg21686479
x_refsource_CONFIRM
JVN#55667175
third-party-advisory
x_refsource_JVN
60433
third-party-advisory
x_refsource_SECUNIA
HPSBMU03143
vendor-advisory
x_refsource_HP
HPSBMU03182
vendor-advisory
x_refsource_HP
HPSBST03155
vendor-advisory
x_refsource_HP
http://www-01.ibm.com/support/docview.wss?uid=swg21685541
x_refsource_CONFIRM
61816
third-party-advisory
x_refsource_SECUNIA
openSUSE-SU-2014:1310
vendor-advisory
x_refsource_SUSE
61442
third-party-advisory
x_refsource_SECUNIA
HPSBMU03246
vendor-advisory
x_refsource_HP
61283
third-party-advisory
x_refsource_SECUNIA
https://kc.mcafee.com/corporate/index?page=content&id=SB10085
x_refsource_CONFIRM
61654
third-party-advisory
x_refsource_SECUNIA
USN-2380-1
vendor-advisory
x_refsource_UBUNTU
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096315
x_refsource_CONFIRM
62312
third-party-advisory
x_refsource_SECUNIA
https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15629.html
x_refsource_CONFIRM
HPSBMU03217
vendor-advisory
x_refsource_HP
https://security-tracker.debian.org/tracker/CVE-2014-6278
x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21685604
x_refsource_CONFIRM
SSRT101868
vendor-advisory
x_refsource_HP
61703
third-party-advisory
x_refsource_SECUNIA
61065
third-party-advisory
x_refsource_SECUNIA
HPSBST03129
vendor-advisory
x_refsource_HP
HPSBMU03144
vendor-advisory
x_refsource_HP
http://www-01.ibm.com/support/docview.wss?uid=swg21686445
x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21686131
x_refsource_CONFIRM
JVNDB-2014-000126
third-party-advisory
x_refsource_JVNDB
SSRT101827
vendor-advisory
x_refsource_HP
61641
third-party-advisory
x_refsource_SECUNIA
39887
exploit
x_refsource_EXPLOIT-DB
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10648
x_refsource_CONFIRM
SUSE-SU-2014:1287
vendor-advisory
x_refsource_SUSE
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004898
x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21685914
x_refsource_CONFIRM
MDVSA-2015:164
vendor-advisory
x_refsource_MANDRIVA
HPSBMU03220
vendor-advisory
x_refsource_HP
60325
third-party-advisory
x_refsource_SECUNIA
60024
third-party-advisory
x_refsource_SECUNIA
20140926 GNU Bash Environment Variable Command Injection Vulnerability
vendor-advisory
x_refsource_CISCO
https://bugzilla.redhat.com/show_bug.cgi?id=1147414
x_refsource_CONFIRM
62343
third-party-advisory
x_refsource_SECUNIA
61565
third-party-advisory
x_refsource_SECUNIA
https://www.suse.com/support/shellshock/
x_refsource_CONFIRM
HPSBST03157
vendor-advisory
x_refsource_HP
61313
third-party-advisory
x_refsource_SECUNIA
SSRT101742
vendor-advisory
x_refsource_HP
61485
third-party-advisory
x_refsource_SECUNIA
HPSBST03154
vendor-advisory
x_refsource_HP
http://www-01.ibm.com/support/docview.wss?uid=isg3T1021272
x_refsource_CONFIRM
HPSBGN03142
vendor-advisory
x_refsource_HP
61312
third-party-advisory
x_refsource_SECUNIA
http://linux.oracle.com/errata/ELSA-2014-3094
x_refsource_CONFIRM
60193
third-party-advisory
x_refsource_SECUNIA
http://www.vmware.com/security/advisories/VMSA-2014-0010.html
x_refsource_CONFIRM
60063
third-party-advisory
x_refsource_SECUNIA
60034
third-party-advisory
x_refsource_SECUNIA
59907
third-party-advisory
x_refsource_SECUNIA
58200
third-party-advisory
x_refsource_SECUNIA
HPSBST03181
vendor-advisory
x_refsource_HP
61643
third-party-advisory
x_refsource_SECUNIA
http://www.novell.com/support/kb/doc.php?id=7015721
x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21687079
x_refsource_CONFIRM
61503
third-party-advisory
x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg21686246
x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004915
x_refsource_CONFIRM
http://support.novell.com/security/cve/CVE-2014-6278.html
x_refsource_CONFIRM
HPSBHF03145
vendor-advisory
x_refsource_HP
http://www.qnap.com/i/en/support/con_show.php?cid=61
x_refsource_CONFIRM
61552
third-party-advisory
x_refsource_SECUNIA
61780
third-party-advisory
x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=isg3T1021279
x_refsource_CONFIRM
https://support.citrix.com/article/CTX200223
x_refsource_CONFIRM
39568
exploit
x_refsource_EXPLOIT-DB
HPSBGN03138
vendor-advisory
x_refsource_HP
60044
third-party-advisory
x_refsource_SECUNIA
61291
third-party-advisory
x_refsource_SECUNIA
HPSBHF03125
vendor-advisory
x_refsource_HP
61287
third-party-advisory
x_refsource_SECUNIA
HPSBHF03146
vendor-advisory
x_refsource_HP
HPSBGN03233
vendor-advisory
x_refsource_HP
SSRT101739
vendor-advisory
x_refsource_HP
http://www-01.ibm.com/support/docview.wss?uid=isg3T1021361
x_refsource_CONFIRM
HPSBGN03141
vendor-advisory
x_refsource_HP
61128
third-party-advisory
x_refsource_SECUNIA
https://support.citrix.com/article/CTX200217
x_refsource_CONFIRM
61471
third-party-advisory
x_refsource_SECUNIA
60055
third-party-advisory
x_refsource_SECUNIA
59961
third-party-advisory
x_refsource_SECUNIA
61550
third-party-advisory
x_refsource_SECUNIA
61633
third-party-advisory
x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg21686494
x_refsource_CONFIRM
https://kb.bluecoat.com/index?page=content&id=SA82
x_refsource_CONFIRM
61328
third-party-advisory
x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg21685733
x_refsource_CONFIRM
61129
third-party-advisory
x_refsource_SECUNIA
61603
third-party-advisory
x_refsource_SECUNIA
61857
third-party-advisory
x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004879
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now