CVE-2014-6271— GNU Bash 远程代码执行漏洞
新しい脆弱性情報の通知を購読するログインして購読
I. CVE-2014-6271の基本情報
脆弱性情報
脆弱性についてご質問がありますか?Shenlongの分析が参考になるかご確認ください!
Shenlongの10の質問を表示 ↗ 高度な大規模言語モデル技術を使用していますが、出力には不正確または古い情報が含まれる可能性があります。Shenlongはデータの正確性を確保するよう努めていますが、実際の状況に基づいて検証・判断してください。
脆弱性タイトル
N/A
ソース: NVD (National Vulnerability Database)
脆弱性説明
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.
ソース: NVD (National Vulnerability Database)
CVSS情報
N/A
ソース: NVD (National Vulnerability Database)
脆弱性タイプ
N/A
ソース: NVD (National Vulnerability Database)
脆弱性タイトル
GNU Bash 远程代码执行漏洞
ソース: CNNVD (China National Vulnerability Database)
脆弱性説明
GNU Bash是美国软件开发者布莱恩-福克斯(Brian J. Fox)为GNU计划而编写的一个Shell(命令语言解释器),它运行于类Unix操作系统中(Linux系统的默认Shell),并能够从标准输入设备或文件中读取、执行命令,同时也结合了一部分ksh和csh的特点。 GNU Bash 4.3及之前版本中存在安全漏洞,该漏洞源于程序没有正确处理环境变量值内的函数定义。远程攻击者可借助特制的环境变量利用该漏洞执行任意代码。以下产品和模块可能会被利用:OpenSSH sshd中的ForceComman
ソース: CNNVD (China National Vulnerability Database)
CVSS情報
N/A
ソース: CNNVD (China National Vulnerability Database)
脆弱性タイプ
N/A
ソース: CNNVD (China National Vulnerability Database)
影響を受ける製品
| ベンダー | プロダクト | 影響を受けるバージョン | CPE | 購読 |
|---|---|---|---|---|
| - | n/a | n/a | - |
II. CVE-2014-6271の公開POC
| # | POC説明 | ソースリンク | Shenlongリンク |
|---|---|---|---|
| 1 | Collected fixes for bash CVE-2014-6271 | https://github.com/dlitz/bash-cve-2014-6271-fixes | POC詳細 |
| 2 | Patch for CVE-2014-6271 | https://github.com/npm/ansible-bashpocalypse | POC詳細 |
| 3 | patched-bash-4.3 for CVE-2014-6271 | https://github.com/ryancnelson/patched-bash-4.3 | POC詳細 |
| 4 | Chef cookbook that will fail if bash vulnerability found per CVE-2014-6271 | https://github.com/jblaine/cookbook-bash-CVE-2014-6271 | POC詳細 |
| 5 | None | https://github.com/rrreeeyyy/cve-2014-6271-spec | POC詳細 |
| 6 | Python Scanner for "ShellShock" (CVE-2014-6271) | https://github.com/scottjpack/shellshock_scanner | POC詳細 |
| 7 | Written fro CVE-2014-6271 | https://github.com/Anklebiter87/Cgi-bin_bash_Reverse | POC詳細 |
| 8 | a auto script to fix CVE-2014-6271 bash vulnerability | https://github.com/justzx2011/bash-up | POC詳細 |
| 9 | None | https://github.com/mattclegg/CVE-2014-6271 | POC詳細 |
| 10 | Quick and dirty nessus .audit file to check is bash is vulnerable to CVE-2014-6271 | https://github.com/ilismal/Nessus_CVE-2014-6271_check | POC詳細 |
| 11 | CVE-2014-6271 RCE tool | https://github.com/RainMak3r/Rainstorm | POC詳細 |
| 12 | Simple script to check for CVE-2014-6271 | https://github.com/gabemarshall/shocknaww | POC詳細 |
| 13 | None | https://github.com/woltage/CVE-2014-6271 | POC詳細 |
| 14 | CVE-2014-6271の検証用Vagrantfileです | https://github.com/ariarijp/vagrant-shellshock | POC詳細 |
| 15 | scripts associate with bourne shell EVN function parsing vulnerability CVE-2014-6271 | https://github.com/themson/shellshock | POC詳細 |
| 16 | CVE-2014-6271 (ShellShock) RCE PoC tool | https://github.com/securusglobal/BadBash | POC詳細 |
| 17 | scaner for cve-2014-6271 | https://github.com/villadora/CVE-2014-6271 | POC詳細 |
| 18 | Salt recipe for shellshock (CVE-2014-6271) | https://github.com/APSL/salt-shellshock | POC詳細 |
| 19 | Ansible role to check the CVE-2014-6271 vulnerability | https://github.com/teedeedubya/bash-fix-exploit | POC詳細 |
| 20 | Debian Lenny Bash packages with cve-2014-6271 patches (i386 and amd64) | https://github.com/internero/debian-lenny-bash_3.2.52-cve-2014-6271 | POC詳細 |
| 21 | None | https://github.com/u20024804/bash-3.2-fixed-CVE-2014-6271 | POC詳細 |
| 22 | None | https://github.com/u20024804/bash-4.2-fixed-CVE-2014-6271 | POC詳細 |
| 23 | None | https://github.com/u20024804/bash-4.3-fixed-CVE-2014-6271 | POC詳細 |
| 24 | A python script to enumerate CGI scripts vulnerable to CVE-2014-6271 on one specific server | https://github.com/francisck/shellshock-cgi | POC詳細 |
| 25 | A script, in C, to check if CGI scripts are vulnerable to CVE-2014-6271 (The Bash Bug) | https://github.com/proclnas/ShellShock-CGI-Scan | POC詳細 |
| 26 | CVE-2014-6271 Remote Interactive Shell - PoC Exploit | https://github.com/sch3m4/RIS | POC詳細 |
| 27 | None | https://github.com/ryeyao/CVE-2014-6271_Test | POC詳細 |
| 28 | shellshock CVE-2014-6271 CGI Exploit, Use like Openssh via CGI | https://github.com/cj1324/CGIShell | POC詳細 |
| 29 | This module determine the vulnerability of a bash binary to the shellshock exploits (CVE-2014-6271 or CVE-2014-7169) and then patch that where possible | https://github.com/renanvicente/puppet-shellshock | POC詳細 |
| 30 | Android app to scan for bash Vulnerability - CVE-2014-6271 also known as Shellshock | https://github.com/indiandragon/Shellshock-Vulnerability-Scan | POC詳細 |
| 31 | :scream: Python library and utility for CVE-2014-6271 (aka. "shellshock") | https://github.com/ramnes/pyshellshock | POC詳細 |
| 32 | This is a Python Application that helps you detect if your machine that run bash is vulnerable by CVE-2014-6271 | https://github.com/akiraaisha/shellshocker-python | POC詳細 |
| 33 | Using google to scan sites for "ShellShock" (CVE-2014-6271) | https://github.com/352926/shellshock_crawler | POC詳細 |
| 34 | system reading course | https://github.com/kelleykong/cve-2014-6271-mengjia-kong | POC詳細 |
| 35 | reading course | https://github.com/huanlu/cve-2014-6271-huan-lu | POC詳細 |
| 36 | This is an Android Application that helps you detect if your machine that run bash is vulnerable by CVE-2014-6271 | https://github.com/sunnyjiang/shellshocker-android | POC詳細 |
| 37 | A script, in C, to check if CGI scripts are vulnerable to CVE-2014-6271 (The Bash Bug). | https://github.com/P0cL4bs/ShellShock-CGI-Scan | POC詳細 |
| 38 | Vulnerability as a service: showcasing CVS-2014-6271, a.k.a. Shellshock | https://github.com/hmlio/vaas-cve-2014-6271 | POC詳細 |
| 39 | Shellshock exploit + vulnerable environment | https://github.com/opsxcq/exploit-CVE-2014-6271 | POC詳細 |
| 40 | None | https://github.com/Pilou-Pilou/docker_CVE-2014-6271. | POC詳細 |
| 41 | Shellshock POC | CVE-2014-6271 | cgi-bin reverse shell | https://github.com/zalalov/CVE-2014-6271 | POC詳細 |
| 42 | A simple python shell-like exploit for the Shellschok CVE-2014-6271 bug. | https://github.com/heikipikker/shellshock-shell | POC詳細 |
| 43 | Shellshock exploitation script that is able to upload and RCE using any vector due to its versatility. | https://github.com/0x00-0x00/CVE-2014-6271 | POC詳細 |
| 44 | CS4238 Computer Security Practices | https://github.com/kowshik-sundararajan/CVE-2014-6271 | POC詳細 |
| 45 | Shellshock vulnerability attacker | https://github.com/w4fz5uck5/ShockZaum-CVE-2014-6271 | POC詳細 |
| 46 | None | https://github.com/Aruthw/CVE-2014-6271 | POC詳細 |
| 47 | cve-2014-6271 | https://github.com/cved-sources/cve-2014-6271 | POC詳細 |
| 48 | None | https://github.com/shawntns/exploit-CVE-2014-6271 | POC詳細 |
| 49 | None | https://github.com/Sindadziy/cve-2014-6271 | POC詳細 |
| 50 | cve-2014-6271 | https://github.com/wenyu1999/bash-shellshock | POC詳細 |
| 51 | None | https://github.com/Sindayifu/CVE-2019-14287-CVE-2014-6271 | POC詳細 |
| 52 | None | https://github.com/Any3ite/CVE-2014-6271 | POC詳細 |
| 53 | *CVE-2014-6271* Unix Arbitrary Code Execution Exploit commonly know as Shell Shock. Examples, Docs, Incident Response and Vulnerability/Risk Assessment, and Additional Resources may be dumped here. Enjoy :) --- somhmxxghoul --- | https://github.com/somhm-solutions/Shell-Shock | POC詳細 |
| 54 | This is an individual assignment for secure network programming | https://github.com/rashmikadileeshara/CVE-2014-6271-Shellshock- | POC詳細 |
| 55 | None | https://github.com/Dilith006/CVE-2014-6271 | POC詳細 |
| 56 | None | https://github.com/cyberharsh/Shellbash-CVE-2014-6271 | POC詳細 |
| 57 | None | https://github.com/MuirlandOracle/CVE-2014-6271-IPFire | POC詳細 |
| 58 | This Repo is PoC environment of CVE-2014-6271(https://nvd.nist.gov/vuln/detail/cve-2014-6271). | https://github.com/mochizuki875/CVE-2014-6271-Apache-Debian | POC詳細 |
| 59 | Shellshock exploit aka CVE-2014-6271 | https://github.com/b4keSn4ke/CVE-2014-6271 | POC詳細 |
| 60 | CVE-2014-6271 Shellshock | https://github.com/hadrian3689/shellshock | POC詳細 |
| 61 | ShellShock interactive-shell exploit | https://github.com/akr3ch/CVE-2014-6271 | POC詳細 |
| 62 | None | https://github.com/0xConstant/CVE-2014-6271 | POC詳細 |
| 63 | [Python/Shell] - Tested in HackTheBox - Shocker (Easy) CVE-2014-6271 | https://github.com/Gurguii/cgi-bin-shellshock | POC詳細 |
| 64 | A docker container vulnerable to Shellshock - CVE-2014-6271 | https://github.com/anujbhan/shellshock-victim-host | POC詳細 |
| 65 | [CVE-2014-6271] Apache Shellshock Remote Command Injection tool for quick reverse shell and file browsing | https://github.com/FilipStudeny/-CVE-2014-6271-Shellshock-Remote-Command-Injection- | POC詳細 |
| 66 | None | https://github.com/mritunjay-k/CVE-2014-6271 | POC詳細 |
| 67 | None | https://github.com/Brandaoo/CVE-2014-6271 | POC詳細 |
| 68 | Exploitation of "Shellshock" Vulnerability. Remote code execution in Apache with mod_cgi | https://github.com/Jsmoreira02/CVE-2014-6271 | POC詳細 |
| 69 | None | https://github.com/hanmin0512/CVE-2014-6271_pwnable | POC詳細 |
| 70 | Shellshock vulnerability reverse shell | https://github.com/0xTabun/CVE-2014-6271 | POC詳細 |
| 71 | EXPLOIT FOR CVE-2014-6271 | https://github.com/0xN7y/CVE-2014-6271 | POC詳細 |
| 72 | The Shellshock Exploit is a tool designed to efficiently exploit the Shellshock vulnerability (CVE-2014-6271) in susceptible CGI servers, enabling a precise takeover of the target server. Shellshock is a critical security vulnerability that affects the Bash shell, allowing attackers to execute arbitrary commands on the targeted system | https://github.com/MY7H404/CVE-2014-6271-Shellshock | POC詳細 |
| 73 | Shellshock exploit (CVE-2014-6271) | https://github.com/AlissoftCodes/Shellshock | POC詳細 |
| 74 | Python3 Shellshock (CVE-2014-6271) Scanner | https://github.com/hackintoanetwork/shellshock | POC詳細 |
| 75 | Shellshock exploit (CVE-2014-6271) | https://github.com/AlissonFaoli/Shellshock | POC詳細 |
| 76 | Shelly is a lightweight and efficient vulnerability scanner designed to identify and mitigate Shellshock (CVE-2014-6271 & CVE-2014-7169) vulnerabilities in Bash environments. | https://github.com/ajansha/shellshock | POC詳細 |
| 77 | A PoC exploit for CVE-2014-6271 - Shellshock | https://github.com/K3ysTr0K3R/CVE-2014-6271-EXPLOIT | POC詳細 |
| 78 | Exploit para abusar de la vulnerabilidad Shellshock (CVE-2014-6271). | https://github.com/TheRealCiscoo/Shellshock-Exploit | POC詳細 |
| 79 | None | https://github.com/RadYio/CVE-2014-6271 | POC詳細 |
| 80 | None | https://github.com/banomaly/CVE-2014-6271 | POC詳細 |
| 81 | Vulnerability Exploitation | https://github.com/YunchoHang/CVE-2014-6271-SHELLSHOCK | POC詳細 |
| 82 | GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka ShellShock. | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2014/CVE-2014-6271.yaml | POC詳細 |
| 83 | None | https://github.com/Threekiii/Awesome-POC/blob/master/%E6%93%8D%E4%BD%9C%E7%B3%BB%E7%BB%9F%E6%BC%8F%E6%B4%9E/Shellshock%20%E7%A0%B4%E5%A3%B3%E6%BC%8F%E6%B4%9E%20CVE-2014-6271.md | POC詳細 |
| 84 | None | https://github.com/chaitin/xray-plugins/blob/main/poc/manual/bash-cve-2014-6271.yml | POC詳細 |
| 85 | https://github.com/vulhub/vulhub/blob/master/bash/CVE-2014-6271/README.md | POC詳細 | |
| 86 | None | https://github.com/Isidoro4-kor/bash-CVE-2014-6271 | POC詳細 |
| 87 | Shellshock Vulnerability Scanner | https://github.com/moften/CVE-2014-6271 | POC詳細 |
| 88 | CVE-2014-6271(RCE) poc Exploit | https://github.com/knightc0de/Shellshock_vuln_Exploit | POC詳細 |
| 89 | This is my implementation of shellshock exploit | https://github.com/rsherstnev/CVE-2014-6271 | POC詳細 |
| 90 | None | https://github.com/RAJMadhusankha/Shellshock-CVE-2014-6271-Exploitation-and-Analysis | POC詳細 |
| 91 | Exploitation of "Shellshock" Vulnerability. Remote code execution in Apache with mod_cgi | https://github.com/J0hnTh3Kn1ght/CVE-2014-6271 | POC詳細 |
| 92 | A complete, modern demonstration lab for CVE-2014-6271 (Shellshock), including architecture, exploitation steps, Burp Suite usage, reverse shells, countermeasures, and full command cheat-sheet. | https://github.com/DrHaitham/CVE-2014-6271-Shellshock- | POC詳細 |
| 93 | Recreating Shellshock (CVE-2014-6271) - the bash vulnerability that endangered millions of servers. Automated exploitation toolkit + Burp Suite methodology + Docker lab. Built for security research & education. Offensive security portfolio project. | https://github.com/mtaha-sec/bash-apocalypse | POC詳細 |
| 94 | None | https://github.com/andres101c/Shellshock-CVE-2014-6271 | POC詳細 |
| 95 | CVE-2014-6271 Shellshock | https://github.com/Industri4l-H3ll-Xpl0it3rs/CVE-2014-6271-Shellshock | POC詳細 |
AI生成POCプレミアム
公開POCは見つかりませんでした。
ログインしてAI POCを生成III. CVE-2014-6271のインテリジェンス情報
お願いします ログイン より多くのインテリジェンス情報を見る
- https://access.redhat.com/node/1200223x_refsource_CONFIRM
- http://www.vmware.com/security/advisories/VMSA-2014-0010.htmlx_refsource_CONFIRM
- http://support.novell.com/security/cve/CVE-2014-6271.htmlx_refsource_CONFIRM
- http://www.qnap.com/i/en/support/con_show.php?cid=61x_refsource_CONFIRM
- http://www-01.ibm.com/support/docview.wss?uid=swg21685604x_refsource_CONFIRM
- http://www-01.ibm.com/support/docview.wss?uid=swg21686479x_refsource_CONFIRM
- http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096315x_refsource_CONFIRM
- http://www-01.ibm.com/support/docview.wss?uid=swg21686445x_refsource_CONFIRM
- http://www-01.ibm.com/support/docview.wss?uid=swg21686246x_refsource_CONFIRM
- http://support.apple.com/kb/HT6495x_refsource_CONFIRM
- http://www.novell.com/support/kb/doc.php?id=7015701x_refsource_CONFIRM
- http://www-01.ibm.com/support/docview.wss?uid=isg3T1021279x_refsource_CONFIRM
- http://www-01.ibm.com/support/docview.wss?uid=swg21686084x_refsource_CONFIRM
- http://www-01.ibm.com/support/docview.wss?uid=swg21685541x_refsource_CONFIRM
- http://www-01.ibm.com/support/docview.wss?uid=swg21685914x_refsource_CONFIRM
- http://www-01.ibm.com/support/docview.wss?uid=swg21687079x_refsource_CONFIRM
- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004897x_refsource_CONFIRM
- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004915x_refsource_CONFIRM
- http://www.novell.com/support/kb/doc.php?id=7015721x_refsource_CONFIRM
- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10648x_refsource_CONFIRM
- https://kb.bluecoat.com/index?page=content&id=SA82x_refsource_CONFIRM
- http://www-01.ibm.com/support/docview.wss?uid=swg21685749x_refsource_CONFIRM
- http://advisories.mageia.org/MGASA-2014-0388.htmlx_refsource_CONFIRM
- https://kc.mcafee.com/corporate/index?page=content&id=SB10085x_refsource_CONFIRM
- https://support.apple.com/kb/HT6535x_refsource_CONFIRM
- https://access.redhat.com/articles/1200223x_refsource_CONFIRM
- https://support.citrix.com/article/CTX200217x_refsource_CONFIRM
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10673x_refsource_CONFIRM
- http://www-01.ibm.com/support/docview.wss?uid=isg3T1021272x_refsource_CONFIRM
- Bash specially-crafted environment variables code injection attackx_refsource_CONFIRM
- Multiple GNU Bash vulnerabilitiesx_refsource_CONFIRM
- http://www-01.ibm.com/support/docview.wss?uid=swg21686494x_refsource_CONFIRM
- http://linux.oracle.com/errata/ELSA-2014-1294.htmlx_refsource_CONFIRM
- http://www-01.ibm.com/support/docview.wss?uid=swg21686447x_refsource_CONFIRM
- http://www-01.ibm.com/support/docview.wss?uid=swg21685733x_refsource_CONFIRM
- https://www.suse.com/support/shellshock/x_refsource_CONFIRM
- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004898x_refsource_CONFIRM
- https://bugzilla.redhat.com/show_bug.cgi?id=1141597x_refsource_CONFIRM
- http://www-01.ibm.com/support/docview.wss?uid=swg21686131x_refsource_CONFIRM
- https://support.citrix.com/article/CTX200223x_refsource_CONFIRM
- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004879x_refsource_CONFIRM
- http://linux.oracle.com/errata/ELSA-2014-1293.htmlx_refsource_CONFIRM
- '[security bulletin] HPSBGN03117 rev.1 - HP Remote Device Access: Virtual Customer Access System (vCA' - MARCvendor-advisoryx_refsource_HP
- http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00004.htmlvendor-advisoryx_refsource_SUSE
- http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00049.htmlvendor-advisoryx_refsource_SUSE
- http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00029.htmlvendor-advisoryx_refsource_SUSE
- http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00034.htmlvendor-advisoryx_refsource_SUSE
- http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00040.htmlvendor-advisoryx_refsource_SUSE
- http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00037.htmlvendor-advisoryx_refsource_SUSE
- http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00044.htmlvendor-advisoryx_refsource_SUSE
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bashvendor-advisoryx_refsource_CISCO
- https://nvd.nist.gov/vuln/detail/CVE-2014-6271
Same Patch Batch · n/a · 2014-09-24 · 12 CVEs total
| CVE-2014-6693 | Android Juiker应用程序加密问题漏洞 | |
| CVE-2014-6694 | Android 5SOS Family Planet应用程序加密问题漏洞 | |
| CVE-2014-6695 | Android Wedding Photo Frames-Love Pics应用程序加密问题漏洞 | |
| CVE-2014-6696 | Android Candy Girl Party Makeover应用程序加密问题漏洞 | |
| CVE-2014-6697 | Android Morocco Weather应用程序加密问题漏洞 | |
| CVE-2014-6698 | Android Galaxy Online 2应用程序加密问题漏洞 | |
| CVE-2014-6699 | Android Weather Channel应用程序加密问题漏洞 | |
| CVE-2014-6700 | Android NBA Game Time 2013-2014应用程序加密问题漏洞 | |
| CVE-2014-6701 | Android Vendormate Mobile应用程序加密问题漏洞 | |
| CVE-2014-3380 | Cisco Unified Communications Domain Manager Platform Software 安全漏洞 | |
| CVE-2014-5323 | Android Yuko Yuko应用程序加密问题漏洞 |
IV. 関連脆弱性
同じベンダー: n/a
- CVE-2026-8252
Open5GS SMF smf_nsmf_handle_create_data_in_hsmf null pointer - CVE-2026-8251
Open5GS SMF npcf-handler.c update_authorized_pcc_rule_and_qo - CVE-2026-8250
Open5GS SMF n4-build.c smf_n4_build_qos_flow_to_modify_list - CVE-2026-8249
Open5GS SMF npcf-handler.c update_authorized_pcc_rule_and_qo - CVE-2026-8248
Open5GS SMF npcf-handler.c update_authorized_pcc_rule_and_qo
V. CVE-2014-6271へのコメント
まだコメントはありません