CVE-2014-6278
HIGHCVSS 8.8/10Actively ExploitedEPSS 99.62%
Last modified
CVE-2014-6278 is a high-severity vulnerability rated 8.8/10 on the CVSS scale. GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary commands via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271, CVE-2014-7169, and CVE-2014-6277.. CISA has confirmed active exploitation in the wild. EPSS estimates a 99.62% chance of exploitation in the next 30 days.
Description
GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary commands via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271, CVE-2014-7169, and CVE-2014-6277.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Exploitation Status
This vulnerability is listed in CISA’s Known Exploited Vulnerabilities catalog, confirming active exploitation in the wild. Federal agencies must remediate by .
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Gnu | Bash | 1.14.0 |
| Gnu | Bash | 1.14.1 |
| Gnu | Bash | 1.14.2 |
| Gnu | Bash | 1.14.3 |
| Gnu | Bash | 1.14.4 |
| Gnu | Bash | 1.14.5 |
| Gnu | Bash | 1.14.6 |
| Gnu | Bash | 1.14.7 |
| Gnu | Bash | 2.0 |
| Gnu | Bash | 2.01 |
| Gnu | Bash | 2.01.1 |
| Gnu | Bash | 2.02 |
| Gnu | Bash | 2.02.1 |
| Gnu | Bash | 2.03 |
| Gnu | Bash | 2.04 |
| Gnu | Bash | 2.05 |
| Gnu | Bash | 3.0 |
| Gnu | Bash | 3.0.16 |
| Gnu | Bash | 3.1 |
| Gnu | Bash | 3.2 |
| Gnu | Bash | 3.2.48 |
| Gnu | Bash | 4.0 |
| Gnu | Bash | 4.1 |
| Gnu | Bash | 4.2 |
| Gnu | Bash | 4.3 |
References
- http://jvn.jp/en/jp/JVN55667175/index.htmlThird Party Advisory
- http://jvndb.jvn.jp/jvndb/JVNDB-2014-000126Third Party Advisory
- http://lcamtuf.blogspot.com/2014/09/bash-bug-apply-unofficial-patch-now.htmlPatch, Third Party Advisory
- http://lcamtuf.blogspot.com/2014/10/bash-bug-how-we-finally-cracked.htmlThird Party Advisory
- http://linux.oracle.com/errata/ELSA-2014-3093Third Party Advisory
- http://linux.oracle.com/errata/ELSA-2014-3094Third Party Advisory
- http://marc.info/?l=bugtraq&m=141330468527613&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=141345648114150&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=141383026420882&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=141383081521087&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=141383196021590&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=141383244821813&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=141383304022067&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=141383353622268&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=141383465822787&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=141450491804793&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=141576728022234&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=141577137423233&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=141577241923505&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=141577297623641&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=141585637922673&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=141879528318582&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=142118135300698&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=142358026505815&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=142358078406056&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=142721162228379&w=2Third Party Advisory
- http://secunia.com/advisories/58200Broken Link
- http://secunia.com/advisories/59907Broken Link
- http://secunia.com/advisories/59961Broken Link
- http://secunia.com/advisories/60024Broken Link
- http://secunia.com/advisories/60034Broken Link
- http://secunia.com/advisories/60044Broken Link
- http://secunia.com/advisories/60055Broken Link
- http://secunia.com/advisories/60063Broken Link
- http://secunia.com/advisories/60193Broken Link
- http://secunia.com/advisories/60325Broken Link
- http://secunia.com/advisories/60433Broken Link
- http://secunia.com/advisories/61065Broken Link
- http://secunia.com/advisories/61128Broken Link
- http://secunia.com/advisories/61129Broken Link
- http://secunia.com/advisories/61283Broken Link
- http://secunia.com/advisories/61287Broken Link
- http://secunia.com/advisories/61291Broken Link
- http://secunia.com/advisories/61312Broken Link
- http://secunia.com/advisories/61313Broken Link
- http://secunia.com/advisories/61328Broken Link
- http://secunia.com/advisories/61442Broken Link
- http://secunia.com/advisories/61471Broken Link
- http://secunia.com/advisories/61485Broken Link
- http://secunia.com/advisories/61503Broken Link
- http://secunia.com/advisories/61550Broken Link
- http://secunia.com/advisories/61552Broken Link
- http://secunia.com/advisories/61565Broken Link
- http://secunia.com/advisories/61603Broken Link
- http://secunia.com/advisories/61633Broken Link
- http://secunia.com/advisories/61641Broken Link
- http://secunia.com/advisories/61643Broken Link
- http://secunia.com/advisories/61654Broken Link
- http://secunia.com/advisories/61703Broken Link
- http://secunia.com/advisories/61780Broken Link
- http://secunia.com/advisories/61816Broken Link
- http://secunia.com/advisories/61857Broken Link
- http://secunia.com/advisories/62312Broken Link
- http://secunia.com/advisories/62343Third Party Advisory
- http://support.novell.com/security/cve/CVE-2014-6278.htmlThird Party Advisory
- http://www-01.ibm.com/support/docview.wss?uid=isg3T1021272Third Party Advisory
- http://www-01.ibm.com/support/docview.wss?uid=isg3T1021279Third Party Advisory
- http://www-01.ibm.com/support/docview.wss?uid=isg3T1021361Third Party Advisory
- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004879Third Party Advisory
- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004897Third Party Advisory
- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004898Third Party Advisory
- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004915Third Party Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21685541Third Party Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21685604Third Party Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21685733Third Party Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21685749Third Party Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21685914Third Party Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21686131Third Party Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21686246Third Party Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21686445Third Party Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21686479Third Party Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21686494Third Party Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21687079Third Party Advisory
- http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096315Third Party Advisory
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:164Third Party Advisory
- http://www.novell.com/support/kb/doc.php?id=7015721Third Party Advisory
- http://www.oracle.com/technetwork/topics/security/bashcve-2014-7169-2317675.htmlThird Party Advisory
- http://www.qnap.com/i/en/support/con_show.php?cid=61Third Party Advisory
- http://www.ubuntu.com/usn/USN-2380-1Third Party Advisory
- http://www.vmware.com/security/advisories/VMSA-2014-0010.htmlThird Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1147414Third Party Advisory
- https://kb.bluecoat.com/index?page=content&id=SA82Third Party Advisory
- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10648Third Party Advisory
- https://kc.mcafee.com/corporate/index?page=content&id=SB10085Third Party Advisory
- https://security-tracker.debian.org/tracker/CVE-2014-6278Third Party Advisory
- https://support.citrix.com/article/CTX200217Third Party Advisory
- https://support.citrix.com/article/CTX200223Third Party Advisory
- https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15629.htmlThird Party Advisory
- https://www.exploit-db.com/exploits/39568/Third Party Advisory
- https://www.exploit-db.com/exploits/39887/Third Party Advisory
- https://www.suse.com/support/shellshock/Vendor Advisory
- http://jvn.jp/en/jp/JVN55667175/index.htmlThird Party Advisory
- http://jvndb.jvn.jp/jvndb/JVNDB-2014-000126Third Party Advisory
- http://lcamtuf.blogspot.com/2014/09/bash-bug-apply-unofficial-patch-now.htmlPatch, Third Party Advisory
- http://lcamtuf.blogspot.com/2014/10/bash-bug-how-we-finally-cracked.htmlThird Party Advisory
- http://linux.oracle.com/errata/ELSA-2014-3093Third Party Advisory
- http://linux.oracle.com/errata/ELSA-2014-3094Third Party Advisory
- http://marc.info/?l=bugtraq&m=141330468527613&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=141345648114150&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=141383026420882&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=141383081521087&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=141383196021590&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=141383244821813&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=141383304022067&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=141383353622268&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=141383465822787&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=141450491804793&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=141576728022234&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=141577137423233&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=141577241923505&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=141577297623641&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=141585637922673&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=141879528318582&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=142118135300698&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=142358026505815&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=142358078406056&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=142721162228379&w=2Third Party Advisory
- http://secunia.com/advisories/58200Broken Link
- http://secunia.com/advisories/59907Broken Link
- http://secunia.com/advisories/59961Broken Link
- http://secunia.com/advisories/60024Broken Link
- http://secunia.com/advisories/60034Broken Link
- http://secunia.com/advisories/60044Broken Link
- http://secunia.com/advisories/60055Broken Link
- http://secunia.com/advisories/60063Broken Link
- http://secunia.com/advisories/60193Broken Link
- http://secunia.com/advisories/60325Broken Link
- http://secunia.com/advisories/60433Broken Link
- http://secunia.com/advisories/61065Broken Link
- http://secunia.com/advisories/61128Broken Link
- http://secunia.com/advisories/61129Broken Link
- http://secunia.com/advisories/61283Broken Link
- http://secunia.com/advisories/61287Broken Link
- http://secunia.com/advisories/61291Broken Link
- http://secunia.com/advisories/61312Broken Link
- http://secunia.com/advisories/61313Broken Link
- http://secunia.com/advisories/61328Broken Link
- http://secunia.com/advisories/61442Broken Link
- http://secunia.com/advisories/61471Broken Link
- http://secunia.com/advisories/61485Broken Link
- http://secunia.com/advisories/61503Broken Link
- http://secunia.com/advisories/61550Broken Link
- http://secunia.com/advisories/61552Broken Link
- http://secunia.com/advisories/61565Broken Link
- http://secunia.com/advisories/61603Broken Link
- http://secunia.com/advisories/61633Broken Link
- http://secunia.com/advisories/61641Broken Link
- http://secunia.com/advisories/61643Broken Link
- http://secunia.com/advisories/61654Broken Link
- http://secunia.com/advisories/61703Broken Link
- http://secunia.com/advisories/61780Broken Link
- http://secunia.com/advisories/61816Broken Link
- http://secunia.com/advisories/61857Broken Link
- http://secunia.com/advisories/62312Broken Link
- http://secunia.com/advisories/62343Third Party Advisory
- http://support.novell.com/security/cve/CVE-2014-6278.htmlThird Party Advisory
- http://www-01.ibm.com/support/docview.wss?uid=isg3T1021272Third Party Advisory
- http://www-01.ibm.com/support/docview.wss?uid=isg3T1021279Third Party Advisory
- http://www-01.ibm.com/support/docview.wss?uid=isg3T1021361Third Party Advisory
- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004879Third Party Advisory
- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004897Third Party Advisory
- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004898Third Party Advisory
- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004915Third Party Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21685541Third Party Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21685604Third Party Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21685733Third Party Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21685749Third Party Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21685914Third Party Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21686131Third Party Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21686246Third Party Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21686445Third Party Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21686479Third Party Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21686494Third Party Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21687079Third Party Advisory
- http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096315Third Party Advisory
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:164Third Party Advisory
- http://www.novell.com/support/kb/doc.php?id=7015721Third Party Advisory
- http://www.oracle.com/technetwork/topics/security/bashcve-2014-7169-2317675.htmlThird Party Advisory
- http://www.qnap.com/i/en/support/con_show.php?cid=61Third Party Advisory
- http://www.ubuntu.com/usn/USN-2380-1Third Party Advisory
- http://www.vmware.com/security/advisories/VMSA-2014-0010.htmlThird Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1147414Third Party Advisory
- https://kb.bluecoat.com/index?page=content&id=SA82Third Party Advisory
- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10648Third Party Advisory
- https://kc.mcafee.com/corporate/index?page=content&id=SB10085Third Party Advisory
- https://security-tracker.debian.org/tracker/CVE-2014-6278Third Party Advisory
- https://support.citrix.com/article/CTX200217Third Party Advisory
- https://support.citrix.com/article/CTX200223Third Party Advisory
- https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15629.htmlThird Party Advisory
- https://www.exploit-db.com/exploits/39568/Third Party Advisory
- https://www.exploit-db.com/exploits/39887/Third Party Advisory
- https://www.suse.com/support/shellshock/Vendor Advisory
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-6278US Government Resource
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2014-6278?
GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary commands via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271, CVE-2014-7169, and CVE-2014-6277.
How severe is CVE-2014-6278?
CVE-2014-6278 has a CVSS score of 8.8/10 (HIGH severity). The EPSS model estimates a 99.62% probability of exploitation in the next 30 days. This vulnerability is listed in CISA's Known Exploited Vulnerabilities catalog.
How do I fix CVE-2014-6278?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2014-6278?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST