OS Command Injection Affecting bash package, versions <4.3-9.2
Snyk CVSS
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-DEBIAN10-BASH-351589
- published 25 Sep 2014
- disclosed 25 Sep 2014
Introduced: 25 Sep 2014
CVE-2014-7169 Open this link in a new tabHow to fix?
Upgrade Debian:10
bash
to version 4.3-9.2 or higher.
NVD Description
Note: Versions mentioned in the description apply only to the upstream bash
package and not the bash
package as distributed by Debian
.
See How to fix?
for Debian:10
relevant fixed versions and status.
GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271.
References
- ADVISORY
- APPLE
- Apple Security Advisory
- Apple Security Advisory
- BUGTRAQ
- CERT
- Cert Vulnerability Note
- CISCO
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- Debian Security Advisory
- Exploit DB
- HP Security Bulletin
- HP Security Bulletin
- HP Security Bulletin
- HP Security Bulletin
- HP Security Bulletin
- HP Security Bulletin
- HP Security Bulletin
- HP Security Bulletin
- HP Security Bulletin
- HP Security Bulletin
- HP Security Bulletin
- HP Security Bulletin
- HP Security Bulletin
- HP Security Bulletin
- HP Security Bulletin
- HP Security Bulletin
- HP Security Bulletin
- HP Security Bulletin
- HP Security Bulletin
- HP Security Bulletin
- HP Security Bulletin
- HP Security Bulletin
- HP Security Bulletin
- HP Security Bulletin
- HP Security Bulletin
- HP Security Bulletin
- HP Security Bulletin
- HP Security Bulletin
- HP Security Bulletin
- IBM Security Bulletin
- IBM Security Bulletin
- IBM Security Bulletin
- IBM Security Bulletin
- IBM Security Bulletin
- IBM Security Bulletin
- IBM Security Bulletin
- IBM Security Bulletin
- IBM Security Bulletin
- IBM Security Bulletin
- IBM Security Bulletin
- IBM Security Bulletin
- IBM Security Bulletin
- IBM Security Bulletin
- IBM Security Bulletin
- IBM Security Bulletin
- IBM Security Bulletin
- IBM Security Bulletin
- IBM Security Bulletin
- IBM Security Bulletin
- JVN
- JVNDB
- MISC
- MISC
- MISC
- MISC
- OpenSuse Security Announcement
- OpenSuse Security Announcement
- OpenSuse Security Announcement
- OpenSuse Security Announcement
- OpenSuse Security Announcement
- OpenSuse Security Announcement
- OpenSuse Security Update
- OpenSuse Security Update
- Oracle Security Bulletin
- OSS security Advisory
- RedHat Security Advisory
- RedHat Security Advisory
- RedHat Security Advisory
- RedHat Security Advisory
- Seclists Full Disclosure
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Ubuntu CVE Tracker
- Ubuntu Security Advisory
- Ubuntu Security Advisory
- VMware Security Advisory
- cve@mitre.org
- CISA - Known Exploited Vulnerabilities