OS Command Injection Affecting bash package, versions <0:4.2.45-5.el7_0.2
Snyk CVSS
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-CENTOS7-BASH-2037156
- published 26 Jul 2021
- disclosed 24 Sep 2014
Introduced: 24 Sep 2014
CVE-2014-6271 Open this link in a new tabHow to fix?
Upgrade Centos:7
bash
to version 0:4.2.45-5.el7_0.2 or higher.
NVD Description
Note: Versions mentioned in the description apply only to the upstream bash
package and not the bash
package as distributed by Centos
.
See How to fix?
for Centos:7
relevant fixed versions and status.
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.
References
- APPLE
- BID
- BUGTRAQ
- CERT
- CERT-VN
- CISCO
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CVE-2014-6271
- DEBIAN
- EXPLOIT-DB
- EXPLOIT-DB
- EXPLOIT-DB
- EXPLOIT-DB
- EXPLOIT-DB
- EXPLOIT-DB
- EXPLOIT-DB
- FULLDISC
- HP
- HP
- HP
- HP
- HP
- HP
- HP
- HP
- HP
- HP
- HP
- HP
- HP
- HP
- HP
- HP
- HP
- HP
- HP
- HP
- HP
- HP
- HP
- HP
- HP
- HP
- HP
- HP
- HP
- HP
- HP
- JVN
- JVNDB
- MANDRIVA
- MISC
- MISC
- MISC
- MISC
- MISC
- MISC
- REDHAT
- REDHAT
- REDHAT
- REDHAT
- RHSA-2014:1293
- SECUNIA
- SECUNIA
- SECUNIA
- SECUNIA
- SECUNIA
- SECUNIA
- SECUNIA
- SECUNIA
- SECUNIA
- SECUNIA
- SECUNIA
- SECUNIA
- SECUNIA
- SECUNIA
- SECUNIA
- SECUNIA
- SECUNIA
- SECUNIA
- SECUNIA
- SECUNIA
- SECUNIA
- SECUNIA
- SECUNIA
- SECUNIA
- SECUNIA
- SECUNIA
- SECUNIA
- SECUNIA
- SECUNIA
- SECUNIA
- SECUNIA
- SECUNIA
- SECUNIA
- SECUNIA
- SECUNIA
- SECUNIA
- SECUNIA
- SECUNIA
- SECUNIA
- SECUNIA
- SECUNIA
- SECUNIA
- SECUNIA
- SECUNIA
- SECUNIA
- SECUNIA
- SECUNIA
- SECUNIA
- SECUNIA
- SECUNIA
- SUSE
- SUSE
- SUSE
- SUSE
- SUSE
- SUSE
- SUSE
- SUSE
- SUSE
- SUSE
- UBUNTU
- security@debian.org
- Exploit DB
- CISA - Known Exploited Vulnerabilities
- Nuclei Templates