CVE-2014-7169— GNU Bash 操作系统命令注入漏洞

KEV EPSS 89.06% · P100 更新日 2026-02-21

Public Exploits 15

ExploitDB · 15 EDB-34777#CVE-2014-7169 [remote] EDB-34895#CVE-2014-7169 [webapps] EDB-34839#CVE-2014-7169 [webapps] EDB-36503#CVE-2014-7169 [remote] EDB-36504#CVE-2014-7169 [remote]+10 件以上

In-the-Wild Activity Observed cisa_kev · confirmed

新しい脆弱性情報の通知を購読するログインして購読

I. CVE-2014-7169の基本情報

脆弱性情報

脆弱性についてご質問がありますか？Shenlongの分析が参考になるかご確認ください！

Shenlongの10の質問を表示 ↗

高度な大規模言語モデル技術を使用していますが、出力には不正確または古い情報が含まれる可能性があります。Shenlongはデータの正確性を確保するよう努めていますが、実際の状況に基づいて検証・判断してください。

脆弱性タイトル

N/A

ソース: NVD (National Vulnerability Database)

脆弱性説明

GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271.

ソース: NVD (National Vulnerability Database)

CVSS情報

N/A

ソース: NVD (National Vulnerability Database)

脆弱性タイプ

N/A

ソース: NVD (National Vulnerability Database)

脆弱性タイトル

GNU Bash 操作系统命令注入漏洞

ソース: CNNVD (China National Vulnerability Database)

脆弱性説明

GNU Bash是美国软件开发者布莱恩-福克斯（Brian J. Fox）为GNU计划而编写的一个Shell（命令语言解释器），它运行于类Unix操作系统中（Linux系统的默认Shell），并能够从标准输入设备或文件中读取、执行命令，同时也结合了一部分ksh和csh的特点。 GNU Bash 4.3 bash43-025及之前版本中存在安全漏洞，该漏洞源于程序没有正确处理环境变量值内的畸形函数定义。远程攻击者可借助特制的环境变量利用该漏洞写入文件。以下产品和模块受到影响：OpenSSH sshd中的Fo

ソース: CNNVD (China National Vulnerability Database)

CVSS情報

N/A

ソース: CNNVD (China National Vulnerability Database)

脆弱性タイプ

N/A

ソース: CNNVD (China National Vulnerability Database)

Shenlong 10 Questions — AI 深度分析

十问解析：根本原因、利用方式、修复建议、紧迫性。摘要免费，完整版需登录。

查看摘要完整分析（登录）

影響を受ける製品

ベンダー	プロダクト	影響を受けるバージョン	CPE	購読
-	n/a	n/a	-

II. CVE-2014-7169の公開POC

#	POC説明	ソースリンク	Shenlongリンク
1	DEPRECATED: Chef cookbook to audit & remediate "Shellshock" (BASH-CVE-2014-7169)	https://github.com/chef-boneyard/bash-shellshock	POC詳細
2	None	https://github.com/gina-alaska/bash-cve-2014-7169-cookbook	POC詳細
3	CVE-2014-7169 Shell Shock	https://github.com/Gobinath-B/SHELL-SCHOCK	POC詳細

AI生成POCプレミアム

公開POCは見つかりませんでした。

ログインしてAI POCを生成

III. CVE-2014-7169のインテリジェンス情報

请登录查看更多情报信息。

https://access.redhat.com/node/1200223x_refsource_CONFIRM
http://www.vmware.com/security/advisories/VMSA-2014-0010.htmlx_refsource_CONFIRM
http://www.qnap.com/i/en/support/con_show.php?cid=61x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21685604x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21686479x_refsource_CONFIRM
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096315x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21686445x_refsource_CONFIRM
http://advisories.mageia.org/MGASA-2014-0393.htmlx_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21686246x_refsource_CONFIRM
http://support.apple.com/kb/HT6495x_refsource_CONFIRM
http://www.novell.com/support/kb/doc.php?id=7015701x_refsource_CONFIRM
http://linux.oracle.com/errata/ELSA-2014-3077.htmlx_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=isg3T1021279x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21686084x_refsource_CONFIRM
https://www.arista.com/en/support/advisories-notices/security-advisories/1008-security-advisory-0006x_refsource_MISC
http://www-01.ibm.com/support/docview.wss?uid=swg21685541x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21685914x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21687079x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004897x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004915x_refsource_CONFIRM
http://www.novell.com/support/kb/doc.php?id=7015721x_refsource_CONFIRM
http://www.oracle.com/technetwork/topics/security/bashcve-2014-7169-2317675.htmlx_refsource_CONFIRM
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10648x_refsource_CONFIRM
https://kb.bluecoat.com/index?page=content&id=SA82x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21685749x_refsource_CONFIRM
http://linux.oracle.com/errata/ELSA-2014-1306.htmlx_refsource_CONFIRM
https://kc.mcafee.com/corporate/index?page=content&id=SB10085x_refsource_CONFIRM
http://twitter.com/taviso/statuses/514887394294652929x_refsource_MISC
http://support.novell.com/security/cve/CVE-2014-7169.htmlx_refsource_CONFIRM
https://support.apple.com/kb/HT6535x_refsource_CONFIRM
https://access.redhat.com/articles/1200223x_refsource_CONFIRM
https://support.citrix.com/article/CTX200217x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=isg3T1021272x_refsource_CONFIRM
Multiple GNU Bash vulnerabilitiesx_refsource_CONFIRM
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04497075x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21686494x_refsource_CONFIRM
http://packetstormsecurity.com/files/128517/VMware-Security-Advisory-2014-0010.htmlx_refsource_MISC
https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixesx_refsource_CONFIRM
Security Bulletin: Vulnerabilities in Bash affect IBM SDN VE (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278)x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21686447x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21685733x_refsource_CONFIRM
https://www.suse.com/support/shellshock/x_refsource_CONFIRM
http://linux.oracle.com/errata/ELSA-2014-3075.htmlx_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004898x_refsource_CONFIRM
http://linux.oracle.com/errata/ELSA-2014-3078.htmlx_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21686131x_refsource_CONFIRM
https://support.citrix.com/article/CTX200223x_refsource_CONFIRM
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04518183x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004879x_refsource_CONFIRM
http://lcamtuf.blogspot.com/2014/09/quick-notes-about-bash-bug-its-impact.htmlx_refsource_MISC
http://secunia.com/advisories/61291third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/61471third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/61703third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/61552third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/61700third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/61711third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/61857third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/58200third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/61312third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/59907third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/61283third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/61313third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/61188third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/61855third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/60034third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/61550third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/61676third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/60044third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/60947third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/60024third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/59272third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/60055third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/62343third-party-advisoryx_refsource_SECUNIA
https://www.exploit-db.com/exploits/34879/exploitx_refsource_EXPLOIT-DB
http://secunia.com/advisories/61626third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/61485third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/61618third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/61641third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/61654third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/61129third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/60325third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/60193third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/61643third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/62228third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/61622third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/61287third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/61715third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/60433third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/61633third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/61816third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/61479third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/61619third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/61780third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/61065third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/61873third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/61503third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/61328third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/61442third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/62312third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/59737third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/61565third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/61603third-party-advisoryx_refsource_SECUNIA
http://www.debian.org/security/2014/dsa-3035vendor-advisoryx_refsource_DEBIAN
http://www.kb.cert.org/vuls/id/252743third-party-advisoryx_refsource_CERT-VN
http://www.us-cert.gov/ncas/alerts/TA14-268Athird-party-advisoryx_refsource_CERT
http://marc.info/?l=bugtraq&m=142721162228379&w=2vendor-advisoryx_refsource_HP
http://www.ubuntu.com/usn/USN-2363-2vendor-advisoryx_refsource_UBUNTU
http://www.ubuntu.com/usn/USN-2363-1vendor-advisoryx_refsource_UBUNTU
http://marc.info/?l=bugtraq&m=141383026420882&w=2vendor-advisoryx_refsource_HP
http://marc.info/?l=bugtraq&m=141585637922673&w=2vendor-advisoryx_refsource_HP
http://marc.info/?l=bugtraq&m=141694386919794&w=2vendor-advisoryx_refsource_HP
http://marc.info/?l=bugtraq&m=141235957116749&w=2vendor-advisoryx_refsource_HP
http://marc.info/?l=bugtraq&m=141383465822787&w=2vendor-advisoryx_refsource_HP
http://marc.info/?l=bugtraq&m=142358026505815&w=2vendor-advisoryx_refsource_HP
http://marc.info/?l=bugtraq&m=141330425327438&w=2vendor-advisoryx_refsource_HP
http://marc.info/?l=bugtraq&m=141216668515282&w=2vendor-advisoryx_refsource_HP
http://marc.info/?l=bugtraq&m=141383353622268&w=2vendor-advisoryx_refsource_HP
http://marc.info/?l=bugtraq&m=142358078406056&w=2vendor-advisoryx_refsource_HP
http://marc.info/?l=bugtraq&m=141577241923505&w=2vendor-advisoryx_refsource_HP
http://marc.info/?l=bugtraq&m=142805027510172&w=2vendor-advisoryx_refsource_HP
http://marc.info/?l=bugtraq&m=141383081521087&w=2vendor-advisoryx_refsource_HP
http://marc.info/?l=bugtraq&m=141383196021590&w=2vendor-advisoryx_refsource_HP
http://marc.info/?l=bugtraq&m=141879528318582&w=2vendor-advisoryx_refsource_HP
'[security bulletin] HPSBGN03117 rev.1 - HP Remote Device Access: Virtual Customer Access System (vCA' - MARCvendor-advisoryx_refsource_HP
http://marc.info/?l=bugtraq&m=141345648114150&w=2vendor-advisoryx_refsource_HP
http://marc.info/?l=bugtraq&m=141450491804793&w=2vendor-advisoryx_refsource_HP
http://marc.info/?l=bugtraq&m=141383304022067&w=2vendor-advisoryx_refsource_HP
http://marc.info/?l=bugtraq&m=141319209015420&w=2vendor-advisoryx_refsource_HP
http://marc.info/?l=bugtraq&m=141576728022234&w=2vendor-advisoryx_refsource_HP
http://marc.info/?l=bugtraq&m=141383244821813&w=2vendor-advisoryx_refsource_HP
http://marc.info/?l=bugtraq&m=141383138121313&w=2vendor-advisoryx_refsource_HP
http://marc.info/?l=bugtraq&m=141330468527613&w=2vendor-advisoryx_refsource_HP
http://marc.info/?l=bugtraq&m=141577137423233&w=2vendor-advisoryx_refsource_HP
http://marc.info/?l=bugtraq&m=141577297623641&w=2vendor-advisoryx_refsource_HP
http://jvn.jp/en/jp/JVN55667175/index.htmlthird-party-advisoryx_refsource_JVN
http://www.mandriva.com/security/advisories?name=MDVSA-2015:164vendor-advisoryx_refsource_MANDRIVA
http://rhn.redhat.com/errata/RHSA-2014-1354.htmlvendor-advisoryx_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2014-1312.htmlvendor-advisoryx_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2014-1306.htmlvendor-advisoryx_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2014-1311.htmlvendor-advisoryx_refsource_REDHAT
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00048.htmlvendor-advisoryx_refsource_SUSE
http://jvndb.jvn.jp/jvndb/JVNDB-2014-000126third-party-advisoryx_refsource_JVNDB
http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00004.htmlvendor-advisoryx_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00042.htmlvendor-advisoryx_refsource_SUSE
http://lists.opensuse.org/opensuse-updates/2014-10/msg00025.htmlvendor-advisoryx_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00041.htmlvendor-advisoryx_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00044.htmlvendor-advisoryx_refsource_SUSE
http://lists.opensuse.org/opensuse-updates/2014-10/msg00023.htmlvendor-advisoryx_refsource_SUSE
http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.htmlvendor-advisoryx_refsource_APPLE
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00038.htmlvendor-advisoryx_refsource_SUSE
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bashvendor-advisoryx_refsource_CISCO
http://www.openwall.com/lists/oss-security/2014/09/24/32mailing-listx_refsource_MLIST
http://www.securityfocus.com/archive/1/533593/100/0/threadedmailing-listx_refsource_BUGTRAQ
https://nvd.nist.gov/vuln/detail/CVE-2014-7169

Same Patch Batch · n/a · 2014-09-25 · 27 CVEs total

CVE-2014-6715		Android SlotMachine应用程序加密问题漏洞
CVE-2014-1568		Mozilla Network Security Services 安全漏洞
CVE-2014-3361		Cisco IOS 缓冲区溢出漏洞
CVE-2014-3360		Cisco IOS和IOS XE 操作系统命令注入漏洞
CVE-2014-3359		Cisco IOS和IOS XE 资源管理错误漏洞
CVE-2014-3358		Cisco IOS和IOS XE 操作系统命令注入漏洞
CVE-2014-3357		Cisco IOS和IOS XE 操作系统命令注入漏洞
CVE-2014-3356		Cisco IOS和IOS XE 缓冲区溢出漏洞
CVE-2014-3355		Cisco IOS和IOS XE 缓冲区溢出漏洞
CVE-2014-3354		Cisco IOS和IOS XE 输入验证漏洞
CVE-2014-6718		Android My Mobile Day应用程序加密问题漏洞
CVE-2014-6717		Android iTriage Health应用程序加密问题漏洞
CVE-2014-6716		Android fastin应用程序加密问题漏洞
CVE-2014-6702		Android StarSat International应用程序加密问题漏洞
CVE-2014-6714		Android WebMD应用程序加密问题漏洞
CVE-2014-6713		Android MedQuiz: Medical Chat and MCQs应用程序加密问题漏洞
CVE-2014-6712		Android Airlines International应用程序加密问题漏洞
CVE-2014-6711		Android ABC Lounge Webradio应用程序加密问题漏洞
CVE-2014-6710		Android Chifro Kids Coloring Game应用程序加密问题漏洞
CVE-2014-6709		Android TechRadar News应用程序加密问题漏洞

Showing 20 of 27 CVEs. View all on vendor page →

IV. 関連脆弱性

同じ製品: n/a

同じベンダー: n/a

V. CVE-2014-7169へのコメント

まだコメントはありません

目標達成すべての支援者に感謝 — 100%達成しました！

CVE-2014-7169— GNU Bash 操作系统命令注入漏洞

Public Exploits 15

I. CVE-2014-7169の基本情報

脆弱性情報

脆弱性タイトル

脆弱性説明

CVSS情報

脆弱性タイプ

脆弱性タイトル

脆弱性説明

CVSS情報

脆弱性タイプ

Shenlong 10 Questions — AI 深度分析

影響を受ける製品

II. CVE-2014-7169の公開POC

III. CVE-2014-7169のインテリジェンス情報

Same Patch Batch · n/a · 2014-09-25 · 27 CVEs total

IV. 関連脆弱性

V. CVE-2014-7169へのコメント

コメントを残す

目標達成 すべての支援者に感謝 — 100%達成しました！

CVE-2014-7169— GNU Bash 操作系统命令注入漏洞

Public Exploits 15

I. CVE-2014-7169の基本情報

脆弱性情報

脆弱性タイトル

脆弱性説明

CVSS情報

脆弱性タイプ

脆弱性タイトル

脆弱性説明

CVSS情報

脆弱性タイプ

Shenlong 10 Questions — AI 深度分析

影響を受ける製品

II. CVE-2014-7169の公開POC

III. CVE-2014-7169のインテリジェンス情報

Same Patch Batch · n/a · 2014-09-25 · 27 CVEs total

IV. 関連脆弱性

V. CVE-2014-7169へのコメント

コメントを残す

目標達成すべての支援者に感謝 — 100%達成しました！