HomePentest-Tools.com Logo

GNU Bash Environment Variable Handling RCE Vulnerability (Shellshock, HTTP, CVE-2014-6271/CVE-2014-6278) - Active Check

Severity
Not available
CVSSv3 Score
Not available
Vulnerability description

GNU Bash is prone to a remote command execution (RCE) vulnerability dubbed Shellshock.

Risk description

GNU bash contains a flaw that is triggered when evaluating environment variables passed from another environment. After processing a function definition, bash continues to process trailing strings. Successful exploitation will allow remote or local attackers to inject shell commands, allowing local privilege escalation or remote command execution depending on the application vector.

Recommendation

Update to patch version bash43-025 of Bash 4.3 or later.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Sep 24, 2014
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available