CVE-2014-7169
Public Exploits 15
In-the-Wild Activity Observed cisa_kev · confirmed
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2014-7169
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
GNU Bash 操作系统命令注入漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
GNU Bash是美国软件开发者布莱恩-福克斯(Brian J. Fox)为GNU计划而编写的一个Shell(命令语言解释器),它运行于类Unix操作系统中(Linux系统的默认Shell),并能够从标准输入设备或文件中读取、执行命令,同时也结合了一部分ksh和csh的特点。 GNU Bash 4.3 bash43-025及之前版本中存在安全漏洞,该漏洞源于程序没有正确处理环境变量值内的畸形函数定义。远程攻击者可借助特制的环境变量利用该漏洞写入文件。以下产品和模块受到影响:OpenSSH sshd中的Fo
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Shenlong Deep Dive — AI Deep Analysis
10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| - | n/a | n/a | - |
II. Public POCs for CVE-2014-7169
| # | POC Description | Source Link | Shenlong Link |
|---|---|---|---|
| 1 | DEPRECATED: Chef cookbook to audit & remediate "Shellshock" (BASH-CVE-2014-7169) | https://github.com/chef-boneyard/bash-shellshock | POC Details |
| 2 | None | https://github.com/gina-alaska/bash-cve-2014-7169-cookbook | POC Details |
| 3 | CVE-2014-7169 Shell Shock | https://github.com/Gobinath-B/SHELL-SCHOCK | POC Details |
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2014-7169
请登录查看更多情报信息。
Advisory · 2Mailing list · 1
- https://access.redhat.com/node/1200223x_refsource_CONFIRM
- http://www.vmware.com/security/advisories/VMSA-2014-0010.htmlx_refsource_CONFIRM
- http://www.qnap.com/i/en/support/con_show.php?cid=61x_refsource_CONFIRM
- http://www-01.ibm.com/support/docview.wss?uid=swg21685604x_refsource_CONFIRM
- http://www-01.ibm.com/support/docview.wss?uid=swg21686479x_refsource_CONFIRM
- http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096315x_refsource_CONFIRM
- http://www-01.ibm.com/support/docview.wss?uid=swg21686445x_refsource_CONFIRM
- http://advisories.mageia.org/MGASA-2014-0393.htmlx_refsource_CONFIRM
- http://www-01.ibm.com/support/docview.wss?uid=swg21686246x_refsource_CONFIRM
- http://support.apple.com/kb/HT6495x_refsource_CONFIRM
- http://www.novell.com/support/kb/doc.php?id=7015701x_refsource_CONFIRM
- http://linux.oracle.com/errata/ELSA-2014-3077.htmlx_refsource_CONFIRM
- http://www-01.ibm.com/support/docview.wss?uid=isg3T1021279x_refsource_CONFIRM
- http://www-01.ibm.com/support/docview.wss?uid=swg21686084x_refsource_CONFIRM
- http://www-01.ibm.com/support/docview.wss?uid=swg21685541x_refsource_CONFIRM
- http://www-01.ibm.com/support/docview.wss?uid=swg21685914x_refsource_CONFIRM
- http://www-01.ibm.com/support/docview.wss?uid=swg21687079x_refsource_CONFIRM
- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004897x_refsource_CONFIRM
- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004915x_refsource_CONFIRM
- http://www.novell.com/support/kb/doc.php?id=7015721x_refsource_CONFIRM
- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10648x_refsource_CONFIRM
- https://kb.bluecoat.com/index?page=content&id=SA82x_refsource_CONFIRM
- http://www-01.ibm.com/support/docview.wss?uid=swg21685749x_refsource_CONFIRM
- http://linux.oracle.com/errata/ELSA-2014-1306.htmlx_refsource_CONFIRM
- https://kc.mcafee.com/corporate/index?page=content&id=SB10085x_refsource_CONFIRM
- http://twitter.com/taviso/statuses/514887394294652929x_refsource_MISC
- http://support.novell.com/security/cve/CVE-2014-7169.htmlx_refsource_CONFIRM
- https://support.apple.com/kb/HT6535x_refsource_CONFIRM
- https://access.redhat.com/articles/1200223x_refsource_CONFIRM
- https://support.citrix.com/article/CTX200217x_refsource_CONFIRM
- http://www-01.ibm.com/support/docview.wss?uid=isg3T1021272x_refsource_CONFIRM
- Multiple GNU Bash vulnerabilitiesx_refsource_CONFIRM
- http://www-01.ibm.com/support/docview.wss?uid=swg21686494x_refsource_CONFIRM
- http://www-01.ibm.com/support/docview.wss?uid=swg21686447x_refsource_CONFIRM
- http://www-01.ibm.com/support/docview.wss?uid=swg21685733x_refsource_CONFIRM
- https://www.suse.com/support/shellshock/x_refsource_CONFIRM
- http://linux.oracle.com/errata/ELSA-2014-3075.htmlx_refsource_CONFIRM
- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004898x_refsource_CONFIRM
- http://linux.oracle.com/errata/ELSA-2014-3078.htmlx_refsource_CONFIRM
- http://www-01.ibm.com/support/docview.wss?uid=swg21686131x_refsource_CONFIRM
- https://support.citrix.com/article/CTX200223x_refsource_CONFIRM
- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004879x_refsource_CONFIRM
- '[security bulletin] HPSBGN03117 rev.1 - HP Remote Device Access: Virtual Customer Access System (vCA' - MARCvendor-advisoryx_refsource_HP
- http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00048.htmlvendor-advisoryx_refsource_SUSE
- http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00004.htmlvendor-advisoryx_refsource_SUSE
- http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00042.htmlvendor-advisoryx_refsource_SUSE
- http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00041.htmlvendor-advisoryx_refsource_SUSE
- http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00044.htmlvendor-advisoryx_refsource_SUSE
- http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00038.htmlvendor-advisoryx_refsource_SUSE
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bashvendor-advisoryx_refsource_CISCO
- https://nvd.nist.gov/vuln/detail/CVE-2014-7169
Same Patch Batch · n/a · 2014-09-25 · 27 CVEs total
| CVE-2014-6715 | Android SlotMachine应用程序加密问题漏洞 | |
| CVE-2014-1568 | Mozilla Network Security Services 安全漏洞 | |
| CVE-2014-3361 | Cisco IOS 缓冲区溢出漏洞 | |
| CVE-2014-3360 | Cisco IOS和IOS XE 操作系统命令注入漏洞 | |
| CVE-2014-3359 | Cisco IOS和IOS XE 资源管理错误漏洞 | |
| CVE-2014-3358 | Cisco IOS和IOS XE 操作系统命令注入漏洞 | |
| CVE-2014-3357 | Cisco IOS和IOS XE 操作系统命令注入漏洞 | |
| CVE-2014-3356 | Cisco IOS和IOS XE 缓冲区溢出漏洞 | |
| CVE-2014-3355 | Cisco IOS和IOS XE 缓冲区溢出漏洞 | |
| CVE-2014-3354 | Cisco IOS和IOS XE 输入验证漏洞 | |
| CVE-2014-6718 | Android My Mobile Day应用程序加密问题漏洞 | |
| CVE-2014-6717 | Android iTriage Health应用程序加密问题漏洞 | |
| CVE-2014-6716 | Android fastin应用程序加密问题漏洞 | |
| CVE-2014-6702 | Android StarSat International应用程序加密问题漏洞 | |
| CVE-2014-6714 | Android WebMD应用程序加密问题漏洞 | |
| CVE-2014-6713 | Android MedQuiz: Medical Chat and MCQs应用程序加密问题漏洞 | |
| CVE-2014-6712 | Android Airlines International应用程序加密问题漏洞 | |
| CVE-2014-6711 | Android ABC Lounge Webradio应用程序加密问题漏洞 | |
| CVE-2014-6710 | Android Chifro Kids Coloring Game应用程序加密问题漏洞 | |
| CVE-2014-6709 | Android TechRadar News应用程序加密问题漏洞 |
Showing top 20 of 27 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
V. Comments for CVE-2014-7169
No comments yet