CVE-2014-6277— GNU Bash 操作系统命令注入漏洞
获取后续新漏洞提醒登录后订阅
一、 漏洞 CVE-2014-6277 基础信息
漏洞信息
对漏洞内容有疑问?看看神龙的深度分析是否有帮助!
查看神龙十问 ↗ 尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
N/A
来源: 美国国家漏洞数据库 NVD
Vulnerability Description
GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access, and untrusted-pointer read and write operations) via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271 and CVE-2014-7169.
来源: 美国国家漏洞数据库 NVD
CVSS Information
N/A
来源: 美国国家漏洞数据库 NVD
Vulnerability Type
N/A
来源: 美国国家漏洞数据库 NVD
Vulnerability Title
GNU Bash 操作系统命令注入漏洞
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Description
GNU Bash是美国软件开发者布莱恩-福克斯(Brian J. Fox)为GNU计划而编写的一个Shell(命令语言解释器),它运行于类Unix操作系统中(Linux系统的默认Shell),并能够从标准输入设备或文件中读取、执行命令,同时也结合了一部分ksh和csh的特点。 GNU Bash 4.3 bash43-026及之前版本中存在安全漏洞,该漏洞源于程序没有正确解析环境变量中的函数定义。远程攻击者可通过特制的环境变量利用该漏洞执行任意代码或造成拒绝服务(未初始化的内存访问,不可信指针读取和写入操作
来源: 中国国家信息安全漏洞库 CNNVD
CVSS Information
N/A
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Type
N/A
来源: 中国国家信息安全漏洞库 CNNVD
受影响产品
| 厂商 | 产品 | 影响版本 | CPE | 订阅 |
|---|---|---|---|---|
| - | n/a | n/a | - |
二、漏洞 CVE-2014-6277 的公开POC
| # | POC 描述 | 源链接 | 神龙链接 |
|---|
AI 生成 POC高级
未找到公开 POC。
登录以生成 AI POC三、漏洞 CVE-2014-6277 的情报信息
Please 登录 to view more intelligence information
- https://support.apple.com/HT205267x_refsource_CONFIRM
- http://support.novell.com/security/cve/CVE-2014-6277.htmlx_refsource_CONFIRM
- http://www.vmware.com/security/advisories/VMSA-2014-0010.htmlx_refsource_CONFIRM
- http://www.qnap.com/i/en/support/con_show.php?cid=61x_refsource_CONFIRM
- http://www-01.ibm.com/support/docview.wss?uid=swg21685604x_refsource_CONFIRM
- http://www-01.ibm.com/support/docview.wss?uid=swg21686479x_refsource_CONFIRM
- http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096315x_refsource_CONFIRM
- http://www-01.ibm.com/support/docview.wss?uid=swg21686445x_refsource_CONFIRM
- http://www-01.ibm.com/support/docview.wss?uid=swg21686246x_refsource_CONFIRM
- http://www-01.ibm.com/support/docview.wss?uid=isg3T1021279x_refsource_CONFIRM
- http://www-01.ibm.com/support/docview.wss?uid=swg21685541x_refsource_CONFIRM
- http://www-01.ibm.com/support/docview.wss?uid=swg21685914x_refsource_CONFIRM
- http://www-01.ibm.com/support/docview.wss?uid=swg21687079x_refsource_CONFIRM
- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004897x_refsource_CONFIRM
- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004915x_refsource_CONFIRM
- http://support.apple.com/HT204244x_refsource_CONFIRM
- http://www.novell.com/support/kb/doc.php?id=7015721x_refsource_CONFIRM
- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10648x_refsource_CONFIRM
- https://kb.bluecoat.com/index?page=content&id=SA82x_refsource_CONFIRM
- http://www-01.ibm.com/support/docview.wss?uid=swg21685749x_refsource_CONFIRM
- https://kc.mcafee.com/corporate/index?page=content&id=SB10085x_refsource_CONFIRM
- https://support.citrix.com/article/CTX200217x_refsource_CONFIRM
- http://www-01.ibm.com/support/docview.wss?uid=isg3T1021272x_refsource_CONFIRM
- Multiple GNU Bash vulnerabilitiesx_refsource_CONFIRM
- http://www-01.ibm.com/support/docview.wss?uid=swg21686494x_refsource_CONFIRM
- http://www-01.ibm.com/support/docview.wss?uid=swg21685733x_refsource_CONFIRM
- https://www.suse.com/support/shellshock/x_refsource_CONFIRM
- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004898x_refsource_CONFIRM
- http://www-01.ibm.com/support/docview.wss?uid=swg21686131x_refsource_CONFIRM
- https://support.citrix.com/article/CTX200223x_refsource_CONFIRM
- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004879x_refsource_CONFIRM
- http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00004.htmlvendor-advisoryx_refsource_SUSE
- http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.htmlvendor-advisoryx_refsource_APPLE
- http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.htmlvendor-advisoryx_refsource_APPLE
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bashvendor-advisoryx_refsource_CISCO
- https://nvd.nist.gov/vuln/detail/CVE-2014-6277
同批安全公告 · n/a · 2014-09-27 · 共 17 条
| CVE-2014-3062 | IBM Security QRadar SIEM 远程代码执行漏洞 | |
| CVE-2014-5459 | PHP Pear‘/tmp/’Directory 安全漏洞 | |
| CVE-2014-6734 | Android Wine Making应用程序加密问题漏洞 | |
| CVE-2014-6735 | Android imagine Next bmobile应用程序加密问题漏洞 | |
| CVE-2014-6736 | Android EPL Hat Trick应用程序加密问题漏洞 | |
| CVE-2014-6737 | Android Ultimate Target-Armored Sniper应用程序加密问题漏洞 | |
| CVE-2014-6738 | Android Maccabi Tel Aviv应用程序加密问题漏洞 | |
| CVE-2014-6739 | Android Well-Being Connect Mobile应用程序加密问题漏洞 | |
| CVE-2014-6740 | Android XD Forum应用程序加密问题漏洞 | |
| CVE-2014-6741 | Android John MacArthur应用程序加密问题漏洞 | |
| CVE-2014-6742 | Android All around Cyprus应用程序加密问题漏洞 | |
| CVE-2014-6743 | Android Hearsay: A Social Party Game应用程序加密问题漏洞 | |
| CVE-2014-6744 | Android Al-Ahsa News应用程序加密问题漏洞 | |
| CVE-2014-6745 | Android Family Location应用程序加密问题漏洞 | |
| CVE-2014-6746 | Android Infiniti Roadside Assistance应用程序加密问题漏洞 | |
| CVE-2014-6747 | Android SeeOn应用程序加密问题漏洞 |
IV. Related Vulnerabilities
V. Comments for CVE-2014-6277
暂无评论