Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title Bash vulnerabilities
Informations
Name USN-2380-1 First vendor Publication 2014-10-09
Vendor Ubuntu Last vendor Modification 2014-10-09
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.04 LTS - Ubuntu 12.04 LTS - Ubuntu 10.04 LTS

Summary:

Several security issues were fixed in Bash.

Software Description: - bash: GNU Bourne Again SHell

Details:

Michal Zalewski discovered that Bash incorrectly handled parsing certain function definitions. If an attacker were able to create an environment variable containing a function definition with a very specific name, these issues could possibly be used to bypass certain environment restrictions and execute arbitrary code. (CVE-2014-6277, CVE-2014-6278)

Please note that the previous Bash security update, USN-2364-1, includes a hardening measure that prevents these issues from being used in a Shellshock attack.

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 14.04 LTS:
bash 4.3-7ubuntu1.5

Ubuntu 12.04 LTS:
bash 4.2-2ubuntu2.6

Ubuntu 10.04 LTS:
bash 4.1-2ubuntu3.5

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2380-1
CVE-2014-6277, CVE-2014-6278

Package Information:
https://launchpad.net/ubuntu/+source/bash/4.3-7ubuntu1.5
https://launchpad.net/ubuntu/+source/bash/4.2-2ubuntu2.6
https://launchpad.net/ubuntu/+source/bash/4.1-2ubuntu3.5

Original Source

Url : http://www.ubuntu.com/usn/USN-2380-1

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-78 Improper Sanitization of Special Elements used in an OS Command ('OS Command Injection') (CWE/SANS Top 25)

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:26231
 
Oval ID: oval:org.mitre.oval:def:26231
Title: USN-2380-1 -- bash vulnerabilities
Description: Several security issues were fixed in Bash.
Family: unix Class: patch
Reference(s): USN-2380-1
CVE-2014-6277
CVE-2014-6278
Version: 3
Platform(s): Ubuntu 14.04
Ubuntu 12.04
Ubuntu 10.04
Product(s): bash
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27461
 
Oval ID: oval:org.mitre.oval:def:27461
Title: ELSA-2014-3093 -- bash security update (important)
Description: [4.1.2-29.0.1] - Fix segfaults from CVE-2014-6277 and CVE-2014-6278 completely. [orabug 19905294]
Family: unix Class: patch
Reference(s): ELSA-2014-3093
CVE-2014-6277
CVE-2014-6278
Version: 3
Platform(s): Oracle Linux 6
Product(s): bash
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28091
 
Oval ID: oval:org.mitre.oval:def:28091
Title: VMware product updates address critical Bash security vulnerabilities
Description: GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access, and untrusted-pointer read and write operations) via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271 and CVE-2014-7169.
Family: unix Class: vulnerability
Reference(s): CVE-2014-6277
Version: 4
Platform(s): VMWare ESX Server 4.1
VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28195
 
Oval ID: oval:org.mitre.oval:def:28195
Title: VMware product updates address critical Bash security vulnerabilities
Description: GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary commands via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271, CVE-2014-7169, and CVE-2014-6277.
Family: unix Class: vulnerability
Reference(s): CVE-2014-6278
Version: 4
Platform(s): VMWare ESX Server 4.1
VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28237
 
Oval ID: oval:org.mitre.oval:def:28237
Title: ELSA-2014-3092 -- bash security update (important)
Description: [4.2.45-5.4.0.1] - Fix segfaults from CVE-2014-6277 and CVE-2014-6278 completely. [orabug 19905256]
Family: unix Class: patch
Reference(s): ELSA-2014-3092
CVE-2014-6277
CVE-2014-6278
Version: 3
Platform(s): Oracle Linux 7
Product(s): bash
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28263
 
Oval ID: oval:org.mitre.oval:def:28263
Title: ELSA-2014-3094 -- bash security update (important)
Description: [3.2-33.4.0.1] - Fix segfaults from CVE-2014-6277 and CVE-2014-6278 completely. [orabug 19905421]
Family: unix Class: patch
Reference(s): ELSA-2014-3094
CVE-2014-6277
CVE-2014-6278
Version: 3
Platform(s): Oracle Linux 5
Product(s): bash
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 28

SAINT Exploits

Description Link
Bash environment variable command injection in Cisco UCS Manager More info here

ExploitDB Exploits

id Description
2014-10-29 CUPS Filter Bash Environment Variable Code Injection
2014-10-27 Binary File Descriptor Library (libbfd) - Out-of-Bounds Crash
2014-10-02 GNU bash 4.3.11 Environment Variable dhclient Exploit

Information Assurance Vulnerability Management (IAVM)

Date Description
2014-09-25 IAVM : 2014-A-0142 - GNU Bash Shell Code Execution Vulnerability
Severity : Category I - VMSKEY : V0054753

Snort® IPS/IDS

Date Description
2014-10-30 Bash environment variable injection attempt
RuleID : 32366-community - Revision : 2 - Type : OS-OTHER
2014-12-02 Bash environment variable injection attempt
RuleID : 32366 - Revision : 2 - Type : OS-OTHER
2014-10-24 Bash CGI environment variable injection attempt
RuleID : 32336-community - Revision : 2 - Type : OS-OTHER
2014-11-25 Bash CGI environment variable injection attempt
RuleID : 32336 - Revision : 2 - Type : OS-OTHER
2014-10-24 Bash CGI environment variable injection attempt
RuleID : 32335-community - Revision : 2 - Type : OS-OTHER
2014-11-25 Bash CGI environment variable injection attempt
RuleID : 32335 - Revision : 2 - Type : OS-OTHER
2014-10-03 Bash environment variable injection attempt
RuleID : 32069-community - Revision : 3 - Type : OS-OTHER
2014-11-16 Bash environment variable injection attempt
RuleID : 32069 - Revision : 3 - Type : OS-OTHER
2014-10-01 Bash environment variable injection attempt
RuleID : 32043-community - Revision : 3 - Type : OS-OTHER
2014-11-16 Bash environment variable injection attempt
RuleID : 32043 - Revision : 3 - Type : OS-OTHER
2014-10-01 Bash environment variable injection attempt
RuleID : 32042-community - Revision : 4 - Type : OS-OTHER
2014-11-16 Bash environment variable injection attempt
RuleID : 32042 - Revision : 4 - Type : OS-OTHER
2014-10-01 Bash environment variable injection attempt
RuleID : 32041-community - Revision : 4 - Type : OS-OTHER
2014-11-16 Bash environment variable injection attempt
RuleID : 32041 - Revision : 4 - Type : OS-OTHER
2014-10-01 Bash environment variable injection attempt
RuleID : 32039-community - Revision : 3 - Type : OS-OTHER
2014-11-16 Bash environment variable injection attempt
RuleID : 32039 - Revision : 3 - Type : OS-OTHER
2014-10-01 Bash environment variable injection attempt
RuleID : 32038-community - Revision : 3 - Type : OS-OTHER
2014-11-16 Bash environment variable injection attempt
RuleID : 32038 - Revision : 3 - Type : OS-OTHER
2014-09-25 Malicious DHCP server bash environment variable injection attempt
RuleID : 31985-community - Revision : 6 - Type : OS-OTHER
2014-11-16 Malicious DHCP server bash environment variable injection attempt
RuleID : 31985 - Revision : 6 - Type : OS-OTHER
2014-09-25 Bash CGI environment variable injection attempt
RuleID : 31978-community - Revision : 5 - Type : OS-OTHER
2014-11-16 Bash CGI environment variable injection attempt
RuleID : 31978 - Revision : 5 - Type : OS-OTHER
2014-09-25 Bash CGI environment variable injection attempt
RuleID : 31977-community - Revision : 5 - Type : OS-OTHER
2014-11-16 Bash CGI environment variable injection attempt
RuleID : 31977 - Revision : 5 - Type : OS-OTHER
2014-09-25 Bash CGI environment variable injection attempt
RuleID : 31976-community - Revision : 5 - Type : OS-OTHER
2014-11-16 Bash CGI environment variable injection attempt
RuleID : 31976 - Revision : 5 - Type : OS-OTHER
2014-09-25 Bash CGI environment variable injection attempt
RuleID : 31975-community - Revision : 6 - Type : OS-OTHER
2014-11-16 Bash CGI environment variable injection attempt
RuleID : 31975 - Revision : 6 - Type : OS-OTHER

Nessus® Vulnerability Scanner

Date Description
2016-12-05 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2016-1374.nasl - Type : ACT_GATHER_INFO
2016-11-23 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2016-2872-1.nasl - Type : ACT_GATHER_INFO
2016-02-02 Name : The remote Solaris system is missing a security patch for third-party software.
File : solaris11_bash_20141031_2.nasl - Type : ACT_GATHER_INFO
2015-12-30 Name : The remote VMware ESX host is missing a security-related patch.
File : vmware_VMSA-2014-0010_remote.nasl - Type : ACT_GATHER_INFO
2015-10-05 Name : The remote host is missing a Mac OS X update that fixes multiple security vul...
File : macosx_10_11.nasl - Type : ACT_GATHER_INFO
2015-08-25 Name : The remote IBM Storwize V7000 Unified device is affected by multiple vulnerab...
File : ibm_storwize_1_5_0_4.nasl - Type : ACT_GATHER_INFO
2015-04-06 Name : The remote web server is affected by a remote code execution vulnerability.
File : bash_cve_2014_6278.nasl - Type : ACT_ATTACK
2015-03-30 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2015-164.nasl - Type : ACT_GATHER_INFO
2015-01-29 Name : The remote host is missing a Mac OS X update that fixes multiple vulnerabilit...
File : macosx_10_10_2.nasl - Type : ACT_GATHER_INFO
2015-01-19 Name : The remote Solaris system is missing a security patch for third-party software.
File : solaris11_bash_20141031.nasl - Type : ACT_GATHER_INFO
2014-12-22 Name : The remote device is affected by multiple vulnerabilities.
File : juniper_space_jsa10648.nasl - Type : ACT_GATHER_INFO
2014-11-26 Name : The remote Cisco TelePresence Conductor device is affected by a command injec...
File : cisco_telepresence_conductor_CSCur02103.nasl - Type : ACT_GATHER_INFO
2014-11-21 Name : The remote Oracle Linux host is missing a security update.
File : oraclelinux_ELSA-2014-3094.nasl - Type : ACT_GATHER_INFO
2014-11-21 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-3093.nasl - Type : ACT_GATHER_INFO
2014-11-21 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-3092.nasl - Type : ACT_GATHER_INFO
2014-11-13 Name : The remote host is affected by a code injection vulnerability known as Shells...
File : mcafee_ngfw_SB10085.nasl - Type : ACT_GATHER_INFO
2014-11-12 Name : The remote host has an application installed that is affected by multiple vul...
File : vmware_vcenter_converter_2014-0010.nasl - Type : ACT_GATHER_INFO
2014-11-12 Name : The remote host is affected by a code injection vulnerability known as Shells...
File : mcafee_web_gateway_sb10085.nasl - Type : ACT_GATHER_INFO
2014-11-11 Name : The remote host is missing a vendor-supplied security patch.
File : cisco_cups_CSCur05454.nasl - Type : ACT_GATHER_INFO
2014-11-11 Name : The remote host is affected by a code injection vulnerability known as Shells...
File : mcafee_email_gateway_SB10085.nasl - Type : ACT_GATHER_INFO
2014-11-06 Name : The remote host has a virtualization appliance installed that is affected by ...
File : vcenter_operations_manager_vmsa_2014-0010.nasl - Type : ACT_GATHER_INFO
2014-11-04 Name : The remote host has a device management application installed that is affecte...
File : vmware_workspace_portal_vmsa2014-0010.nasl - Type : ACT_GATHER_INFO
2014-11-03 Name : The remote host is affected by a command injection vulnerability.
File : vmware_nsx_vmsa_2014_0010.nasl - Type : ACT_GATHER_INFO
2014-11-03 Name : The management application installed on the remote host is affected by a comm...
File : cisco-sa-CSCur01959-prsm.nasl - Type : ACT_GATHER_INFO
2014-11-03 Name : The remote security device is missing a vendor-supplied security patch.
File : cisco-sa-CSCur01959-asa-cx.nasl - Type : ACT_GATHER_INFO
2014-10-31 Name : The remote host has a virtualization appliance installed that is affected by ...
File : vmware_vsphere_replication_vmsa_2014_0010.nasl - Type : ACT_GATHER_INFO
2014-10-31 Name : The remote host is running a vulnerable version of Bash.
File : cisco_ucs_director_CSCur02877.nasl - Type : ACT_GATHER_INFO
2014-10-27 Name : The remote device is running a version of NX-OS that is affected by Shellshock.
File : cisco-sa-20140926-bash-nxos.nasl - Type : ACT_GATHER_INFO
2014-10-21 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2014-595.nasl - Type : ACT_GATHER_INFO
2014-10-21 Name : The version of Cisco TelePresence Video Communication Server installed on the...
File : cisco_telepresence_vcs_CSCur01461.nasl - Type : ACT_GATHER_INFO
2014-10-16 Name : The remote host has a virtualization appliance installed that is affected by ...
File : vmware_vcenter_server_appliance_vmsa-2014-0010.nasl - Type : ACT_GATHER_INFO
2014-10-13 Name : The remote Solaris system is missing a security patch for third party software.
File : solaris11_bash_2014_10_07.nasl - Type : ACT_GATHER_INFO
2014-10-11 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2380-1.nasl - Type : ACT_GATHER_INFO
2014-10-10 Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL15629.nasl - Type : ACT_GATHER_INFO
2014-10-06 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201410-01.nasl - Type : ACT_GATHER_INFO
2014-10-06 Name : A system shell on the remote host is vulnerable to command injection.
File : bash_remote_code_execution2.nasl - Type : ACT_DESTRUCTIVE_ATTACK
2014-10-03 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_81e2b3084a6c11e4b7116805ca0b3d42.nasl - Type : ACT_GATHER_INFO
2014-10-02 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_512d130149b911e4ae2cc80aa9043978.nasl - Type : ACT_GATHER_INFO
2014-10-02 Name : The remote VMware ESX host is missing a security-related patch.
File : vmware_VMSA-2014-0010.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
Date Informations
2014-10-12 13:27:35
  • Multiple Updates
2014-10-09 17:21:43
  • First insertion