Launchpad.net

CVE 2014-7169

GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271.

Related bugs and status

CVE-2014-7169 (Candidate) is related to these bugs:

Bug #1373781: bash incomplete fix for CVE-2014-6271

		In	Importance	Status
1373781	bash incomplete fix for CVE-2014-6271	bash (Ubuntu)	Undecided	Fix Released
1373781	bash incomplete fix for CVE-2014-6271	bash (Ubuntu Lucid)	Undecided	Fix Released
1373781	bash incomplete fix for CVE-2014-6271	bash (Ubuntu Utopic)	Undecided	Fix Released
1373781	bash incomplete fix for CVE-2014-6271	bash (Ubuntu Precise)	Undecided	Fix Released
1373781	bash incomplete fix for CVE-2014-6271	bash (Ubuntu Trusty)	Undecided	Fix Released

Bug #1373965: bash: specially-crafted environment variables can be used to inject shell commands

		In	Importance	Status
1373965	bash: specially-crafted environment variables can be used to inject shell commands	Mirantis OpenStack	Critical	Fix Committed
1373965	bash: specially-crafted environment variables can be used to inject shell commands	Mirantis OpenStack 5.1.x	Critical	Fix Released
1373965	bash: specially-crafted environment variables can be used to inject shell commands	Mirantis OpenStack 6.0.x	Critical	Fix Committed
1373965	bash: specially-crafted environment variables can be used to inject shell commands	Mirantis OpenStack 5.0.x	Critical	In Progress

See the

CVE page on Mitre.org for more details.

References

MLIST: [oss-security] 2014092...
MISC: http://twitter.com/tav...
MISC: http://lcamtuf.blogspo...
CISCO: 20140926 GNU Bash Envi...
DEBIAN: DSA-3035
REDHAT: RHSA-2014:1306
UBUNTU: USN-2363-1
UBUNTU: USN-2363-2
CERT: TA14-268A
CERT-VN: VU#252743
CONFIRM: http://support.novell....
CONFIRM: https://www.suse.com/s...
CONFIRM: http://linux.oracle.co...
CONFIRM: http://linux.oracle.co...
CONFIRM: http://linux.oracle.co...
CONFIRM: http://linux.oracle.co...
CONFIRM: http://support.apple.c...
CONFIRM: http://www.novell.com/...
SECUNIA: 59737
SECUNIA: 61479
SECUNIA: 61618
SECUNIA: 61619
SECUNIA: 61622
SECUNIA: 61626
SECUNIA: 61641
SECUNIA: 61676
SECUNIA: 61700
REDHAT: RHSA-2014:1311
REDHAT: RHSA-2014:1312
SUSE: SUSE-SU-2014:1247
SUSE: SUSE-SU-2014:1259
SUSE: openSUSE-SU-2014:1229
SUSE: openSUSE-SU-2014:1242
SUSE: openSUSE-SU-2014:1254
FULLDISC: 20141001 FW: NEW VMSA-...
MISC: http://packetstormsecu...
MISC: http://packetstormsecu...
CONFIRM: http://www-01.ibm.com/...
CONFIRM: http://www-01.ibm.com/...
CONFIRM: http://www-01.ibm.com/...
CONFIRM: http://www.novell.com/...
CONFIRM: http://www.oracle.com/...
CONFIRM: http://www.vmware.com/...
SECUNIA: 59907
SECUNIA: 61283
SECUNIA: 61485
SECUNIA: 61503
SECUNIA: 61552
SECUNIA: 61565
SECUNIA: 61603
SECUNIA: 61633
SECUNIA: 61643
SECUNIA: 61654
SECUNIA: 61703
SECUNIA: 61711
SECUNIA: 61715
SUSE: SUSE-SU-2014:1287
CONFIRM: https://support.apple....
CONFIRM: http://www-01.ibm.com/...
APPLE: APPLE-SA-2014-10-16-1
SECUNIA: 60947
SECUNIA: 61188
CONFIRM: http://www-01.ibm.com/...
CONFIRM: http://www-01.ibm.com/...
CONFIRM: http://www-01.ibm.com/...
CONFIRM: http://www-01.ibm.com/...
CONFIRM: http://www-01.ibm.com/...
CONFIRM: http://www-01.ibm.com/...
CONFIRM: http://www-01.ibm.com/...
CONFIRM: http://www-01.ibm.com/...
CONFIRM: http://www-01.ibm.com/...
CONFIRM: http://www-01.ibm.com/...
CONFIRM: http://www-947.ibm.com...
CONFIRM: https://support.citrix...
CONFIRM: https://support.citrix...
CONFIRM: https://support.f5.com...
SECUNIA: 58200
SECUNIA: 60034
SECUNIA: 60055
SECUNIA: 60193
SECUNIA: 60325
SECUNIA: 61065
SECUNIA: 61128
SECUNIA: 61129
SECUNIA: 61287
SECUNIA: 61312
SECUNIA: 61313
SECUNIA: 61328
SECUNIA: 61442
SECUNIA: 61471
SECUNIA: 61550
SECUNIA: 61780
SECUNIA: 61816
SECUNIA: 61855
SECUNIA: 61857
CONFIRM: http://www-01.ibm.com/...
CONFIRM: http://www-01.ibm.com/...
CONFIRM: http://www-01.ibm.com/...
CONFIRM: http://www-01.ibm.com/...
CONFIRM: http://www-01.ibm.com/...
SECUNIA: 60024
SECUNIA: 60063
SECUNIA: 60044
SECUNIA: 60433
SECUNIA: 61291
CONFIRM: http://www.qnap.com/i/...
SUSE: openSUSE-SU-2014:1308
SUSE: openSUSE-SU-2014:1310
JVN: JVN#55667175
JVNDB: JVNDB-2014-000126
CONFIRM: http://www-01.ibm.com/...
REDHAT: RHSA-2014:1354
SECUNIA: 61873
SECUNIA: 62312
SECUNIA: 62343
CONFIRM: http://advisories.mage...
CONFIRM: https://access.redhat....
MANDRIVA: MDVSA-2015:164
SECUNIA: 62228
CONFIRM: https://access.redhat....
SECUNIA: 59272
CONFIRM: https://kb.bluecoat.co...
CONFIRM: https://kb.juniper.net...
CONFIRM: https://supportcenter....
CONFIRM: https://kc.mcafee.com/...
HP: HPSBGN03117
HP: HPSBHF03119
HP: HPSBHF03124
HP: HPSBST03122
HP: HPSBGN03138
HP: HPSBHF03125
HP: HPSBMU03133
HP: HPSBGN03141
HP: HPSBGN03142
HP: HPSBHF03146
HP: HPSBMU03143
HP: HPSBMU03144
HP: HPSBST03129
HP: HPSBST03131
HP: HPSBST03157
HP: HPSBHF03145
HP: HPSBMU03165
HP: HPSBMU03182
HP: HPSBST03154
HP: HPSBST03155
HP: HPSBST03181
HP: HPSBST03148
HP: HPSBMU03217
HP: HPSBMU03245
HP: HPSBMU03246
HP: HPSBOV03228
HP: SSRT101711
HP: SSRT101742
HP: SSRT101827
HP: HPSBGN03233
HP: SSRT101739
HP: SSRT101868
HP: HPSBMU03220
HP: SSRT101819
HP: HPSBST03195
EXPLOIT-DB: 34879
CONFIRM: https://support.hpe.co...
CONFIRM: https://support.hpe.co...
BUGTRAQ: 20141001 NEW VMSA-2014...
CONFIRM: https://help.ecostruxu...
MISC: https://www.arista.com...