CVE-2014-7169

Published: Sep 25, 2014

Modified: Oct 22, 2025

PUBLISHED

Description

GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://packetstormsecurity.com/files/128517/VMware-Security-Advisory-2014-0010.html

x_refsource_MISC

http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004897

x_refsource_CONFIRM

http://www-01.ibm.com/support/docview.wss?uid=swg21685749

x_refsource_CONFIRM

[oss-security] 20140924 Re: CVE-2014-6271: remote code execution through bash

mailing-list

x_refsource_MLIST

HPSBMU03165

vendor-advisory

x_refsource_HP

HPSBHF03119

vendor-advisory

x_refsource_HP

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk102673&src=securityAlerts

x_refsource_CONFIRM

HPSBST03131

vendor-advisory

x_refsource_HP

SSRT101819

vendor-advisory

x_refsource_HP

20141001 NEW VMSA-2014-0010 - VMware product updates address critical Bash security vulnerabilities

mailing-list

x_refsource_BUGTRAQ

HPSBMU03245

vendor-advisory

x_refsource_HP

openSUSE-SU-2014:1229

vendor-advisory

x_refsource_SUSE

http://www-01.ibm.com/support/docview.wss?uid=swg21686084

x_refsource_CONFIRM

http://www-01.ibm.com/support/docview.wss?uid=swg21686479

x_refsource_CONFIRM

61188

third-party-advisory

x_refsource_SECUNIA

JVN#55667175

third-party-advisory

x_refsource_JVN

61676

third-party-advisory

x_refsource_SECUNIA

openSUSE-SU-2014:1254

vendor-advisory

x_refsource_SUSE

60433

third-party-advisory

x_refsource_SECUNIA

HPSBMU03143

vendor-advisory

x_refsource_HP

HPSBMU03182

vendor-advisory

x_refsource_HP

RHSA-2014:1306

vendor-advisory

x_refsource_REDHAT

HPSBST03155

vendor-advisory

x_refsource_HP

http://www-01.ibm.com/support/docview.wss?uid=swg21685541

x_refsource_CONFIRM

61715

third-party-advisory

x_refsource_SECUNIA

USN-2363-2

vendor-advisory

x_refsource_UBUNTU

http://www.oracle.com/technetwork/topics/security/bashcve-2014-7169-2317675.html

x_refsource_CONFIRM

61816

third-party-advisory

x_refsource_SECUNIA

openSUSE-SU-2014:1310

vendor-advisory

x_refsource_SUSE

61442

third-party-advisory

x_refsource_SECUNIA

HPSBMU03246

vendor-advisory

x_refsource_HP

HPSBST03195

vendor-advisory

x_refsource_HP

61283

third-party-advisory

x_refsource_SECUNIA

SSRT101711

vendor-advisory

x_refsource_HP

https://kc.mcafee.com/corporate/index?page=content&id=SB10085

x_refsource_CONFIRM

openSUSE-SU-2014:1308

vendor-advisory

x_refsource_SUSE

61654

third-party-advisory

x_refsource_SECUNIA

http://www.novell.com/support/kb/doc.php?id=7015701

x_refsource_CONFIRM

http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096315

x_refsource_CONFIRM

62312

third-party-advisory

x_refsource_SECUNIA

59272

third-party-advisory

x_refsource_SECUNIA

HPSBST03122

vendor-advisory

x_refsource_HP

https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15629.html

x_refsource_CONFIRM

HPSBMU03217

vendor-advisory

x_refsource_HP

RHSA-2014:1312

vendor-advisory

x_refsource_REDHAT

http://www-01.ibm.com/support/docview.wss?uid=swg21685604

x_refsource_CONFIRM

USN-2363-1

vendor-advisory

x_refsource_UBUNTU

SSRT101868

vendor-advisory

x_refsource_HP

61703

third-party-advisory

x_refsource_SECUNIA

http://support.apple.com/kb/HT6495

x_refsource_CONFIRM

VU#252743

third-party-advisory

x_refsource_CERT-VN

61065

third-party-advisory

x_refsource_SECUNIA

http://linux.oracle.com/errata/ELSA-2014-3075.html

x_refsource_CONFIRM

HPSBST03129

vendor-advisory

x_refsource_HP

HPSBMU03144

vendor-advisory

x_refsource_HP

http://www-01.ibm.com/support/docview.wss?uid=swg21686445

x_refsource_CONFIRM

http://support.novell.com/security/cve/CVE-2014-7169.html

x_refsource_CONFIRM

http://www-01.ibm.com/support/docview.wss?uid=swg21686131

x_refsource_CONFIRM

JVNDB-2014-000126

third-party-advisory

x_refsource_JVNDB

SSRT101827

vendor-advisory

x_refsource_HP

TA14-268A

third-party-advisory

x_refsource_CERT

61641

third-party-advisory

x_refsource_SECUNIA

SUSE-SU-2014:1247

vendor-advisory

x_refsource_SUSE

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10648

x_refsource_CONFIRM

https://access.redhat.com/node/1200223

x_refsource_CONFIRM

SUSE-SU-2014:1287

vendor-advisory

x_refsource_SUSE

http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004898

x_refsource_CONFIRM

APPLE-SA-2014-10-16-1

vendor-advisory

x_refsource_APPLE

http://www-01.ibm.com/support/docview.wss?uid=swg21685914

x_refsource_CONFIRM

20141001 FW: NEW VMSA-2014-0010 - VMware product updates address critical Bash security vulnerabilities

mailing-list

x_refsource_FULLDISC

MDVSA-2015:164

vendor-advisory

x_refsource_MANDRIVA

61619

third-party-advisory

x_refsource_SECUNIA

http://linux.oracle.com/errata/ELSA-2014-3078.html

x_refsource_CONFIRM

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04497075

x_refsource_CONFIRM

HPSBMU03220

vendor-advisory

x_refsource_HP

60325

third-party-advisory

x_refsource_SECUNIA

https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes

x_refsource_CONFIRM

60024

third-party-advisory

x_refsource_SECUNIA

http://packetstormsecurity.com/files/128567/CA-Technologies-GNU-Bash-Shellshock.html

x_refsource_MISC

34879

exploit

x_refsource_EXPLOIT-DB

61622

third-party-advisory

x_refsource_SECUNIA

https://access.redhat.com/articles/1200223

x_refsource_CONFIRM

62343

third-party-advisory

x_refsource_SECUNIA

http://advisories.mageia.org/MGASA-2014-0393.html

x_refsource_CONFIRM

61565

third-party-advisory

x_refsource_SECUNIA

https://www.suse.com/support/shellshock/

x_refsource_CONFIRM

HPSBST03157

vendor-advisory

x_refsource_HP

61313

third-party-advisory

x_refsource_SECUNIA

SSRT101742

vendor-advisory

x_refsource_HP

61873

third-party-advisory

x_refsource_SECUNIA

61485

third-party-advisory

x_refsource_SECUNIA

openSUSE-SU-2014:1242

vendor-advisory

x_refsource_SUSE

61618

third-party-advisory

x_refsource_SECUNIA

60947

third-party-advisory

x_refsource_SECUNIA

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04518183

x_refsource_CONFIRM

https://support.apple.com/kb/HT6535

x_refsource_CONFIRM

HPSBST03154

vendor-advisory

x_refsource_HP

http://www-01.ibm.com/support/docview.wss?uid=isg3T1021272

x_refsource_CONFIRM

HPSBGN03142

vendor-advisory

x_refsource_HP

61312

third-party-advisory

x_refsource_SECUNIA

60193

third-party-advisory

x_refsource_SECUNIA

http://www.vmware.com/security/advisories/VMSA-2014-0010.html

x_refsource_CONFIRM

61479

third-party-advisory

x_refsource_SECUNIA

60063

third-party-advisory

x_refsource_SECUNIA

60034

third-party-advisory

x_refsource_SECUNIA

HPSBMU03133

vendor-advisory

x_refsource_HP

http://lcamtuf.blogspot.com/2014/09/quick-notes-about-bash-bug-its-impact.html

x_refsource_MISC

59907

third-party-advisory

x_refsource_SECUNIA

58200

third-party-advisory

x_refsource_SECUNIA

HPSBST03181

vendor-advisory

x_refsource_HP

61643

third-party-advisory

x_refsource_SECUNIA

http://twitter.com/taviso/statuses/514887394294652929

x_refsource_MISC

http://www.novell.com/support/kb/doc.php?id=7015721

x_refsource_CONFIRM

http://www-01.ibm.com/support/docview.wss?uid=swg21687079

x_refsource_CONFIRM

61503

third-party-advisory

x_refsource_SECUNIA

http://www-01.ibm.com/support/docview.wss?uid=swg21686246

x_refsource_CONFIRM

RHSA-2014:1354

vendor-advisory

x_refsource_REDHAT

HPSBGN03117

vendor-advisory

x_refsource_HP

http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004915

x_refsource_CONFIRM

HPSBHF03145

vendor-advisory

x_refsource_HP

http://www.qnap.com/i/en/support/con_show.php?cid=61

x_refsource_CONFIRM

HPSBST03148

vendor-advisory

x_refsource_HP

61552

third-party-advisory

x_refsource_SECUNIA

61780

third-party-advisory

x_refsource_SECUNIA

http://www-01.ibm.com/support/docview.wss?uid=isg3T1021279

x_refsource_CONFIRM

https://support.citrix.com/article/CTX200223

x_refsource_CONFIRM

http://linux.oracle.com/errata/ELSA-2014-3077.html

x_refsource_CONFIRM

http://www-01.ibm.com/support/docview.wss?uid=swg21686447

x_refsource_CONFIRM

62228

third-party-advisory

x_refsource_SECUNIA

HPSBGN03138

vendor-advisory

x_refsource_HP

61855

third-party-advisory

x_refsource_SECUNIA

HPSBHF03124

vendor-advisory

x_refsource_HP

60044

third-party-advisory

x_refsource_SECUNIA

61291

third-party-advisory

x_refsource_SECUNIA

HPSBHF03125

vendor-advisory

x_refsource_HP

59737

third-party-advisory

x_refsource_SECUNIA

61287

third-party-advisory

x_refsource_SECUNIA

HPSBHF03146

vendor-advisory

x_refsource_HP

HPSBGN03233

vendor-advisory

x_refsource_HP

SSRT101739

vendor-advisory

x_refsource_HP

61711

third-party-advisory

x_refsource_SECUNIA

HPSBOV03228

vendor-advisory

x_refsource_HP

http://www-01.ibm.com/support/docview.wss?uid=isg3T1021361

x_refsource_CONFIRM

HPSBGN03141

vendor-advisory

x_refsource_HP

RHSA-2014:1311

vendor-advisory

x_refsource_REDHAT

61128

third-party-advisory

x_refsource_SECUNIA

DSA-3035

vendor-advisory

x_refsource_DEBIAN

https://support.citrix.com/article/CTX200217

x_refsource_CONFIRM

61471

third-party-advisory

x_refsource_SECUNIA

60055

third-party-advisory

x_refsource_SECUNIA

20140926 GNU Bash Environmental Variable Command Injection Vulnerability

vendor-advisory

x_refsource_CISCO

61550

third-party-advisory

x_refsource_SECUNIA

61633

third-party-advisory

x_refsource_SECUNIA

http://www-01.ibm.com/support/docview.wss?uid=swg21686494

x_refsource_CONFIRM

http://linux.oracle.com/errata/ELSA-2014-1306.html

x_refsource_CONFIRM

https://kb.bluecoat.com/index?page=content&id=SA82

x_refsource_CONFIRM

SUSE-SU-2014:1259

vendor-advisory

x_refsource_SUSE

61328

third-party-advisory

x_refsource_SECUNIA

http://www-01.ibm.com/support/docview.wss?uid=swg21685733

x_refsource_CONFIRM

61129

third-party-advisory

x_refsource_SECUNIA

61700

third-party-advisory

x_refsource_SECUNIA

61626

third-party-advisory

x_refsource_SECUNIA

61603

third-party-advisory

x_refsource_SECUNIA

61857

third-party-advisory

x_refsource_SECUNIA

http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004879

x_refsource_CONFIRM

https://www.arista.com/en/support/advisories-notices/security-advisories/1008-security-advisory-0006

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2014-7169

Description

Affected Products

References