GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

References
Link Providers
http://advisories.mageia.org/MGASA-2014-0388.html cve-icon cve-icon
http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html cve-icon cve-icon
http://jvn.jp/en/jp/JVN55667175/index.html cve-icon cve-icon
http://jvndb.jvn.jp/jvndb/JVNDB-2014-000126 cve-icon cve-icon
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10673 cve-icon cve-icon
http://lcamtuf.blogspot.com/2014/09/quick-notes-about-bash-bug-its-impact.html cve-icon cve-icon
http://linux.oracle.com/errata/ELSA-2014-1293.html cve-icon cve-icon
http://linux.oracle.com/errata/ELSA-2014-1294.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00028.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00029.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00034.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00037.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00040.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00044.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00049.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00004.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-updates/2014-10/msg00023.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-updates/2014-10/msg00025.html cve-icon cve-icon
http://marc.info/?l=bugtraq&m=141216207813411&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=141216668515282&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=141235957116749&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=141319209015420&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=141330425327438&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=141330468527613&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=141345648114150&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=141383026420882&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=141383081521087&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=141383138121313&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=141383196021590&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=141383244821813&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=141383304022067&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=141383353622268&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=141383465822787&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=141450491804793&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=141576728022234&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=141577137423233&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=141577241923505&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=141577297623641&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=141585637922673&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=141694386919794&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=141879528318582&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=142113462216480&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=142118135300698&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=142358026505815&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=142358078406056&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=142546741516006&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=142719845423222&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=142721162228379&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=142805027510172&w=2 cve-icon cve-icon
http://packetstormsecurity.com/files/128517/VMware-Security-Advisory-2014-0010.html cve-icon cve-icon
http://packetstormsecurity.com/files/128567/CA-Technologies-GNU-Bash-Shellshock.html cve-icon cve-icon
http://packetstormsecurity.com/files/128573/Apache-mod_cgi-Remote-Command-Execution.html cve-icon cve-icon
http://packetstormsecurity.com/files/137376/IPFire-Bash-Environment-Variable-Injection-Shellshock.html cve-icon cve-icon
http://packetstormsecurity.com/files/161107/SonicWall-SSL-VPN-Shellshock-Remote-Code-Execution.html cve-icon cve-icon
http://rhn.redhat.com/errata/RHSA-2014-1293.html cve-icon cve-icon
http://rhn.redhat.com/errata/RHSA-2014-1294.html cve-icon cve-icon
http://rhn.redhat.com/errata/RHSA-2014-1295.html cve-icon cve-icon
http://rhn.redhat.com/errata/RHSA-2014-1354.html cve-icon cve-icon
http://seclists.org/fulldisclosure/2014/Oct/0 cve-icon cve-icon
http://secunia.com/advisories/58200 cve-icon cve-icon
http://secunia.com/advisories/59272 cve-icon cve-icon
http://secunia.com/advisories/59737 cve-icon cve-icon
http://secunia.com/advisories/59907 cve-icon cve-icon
http://secunia.com/advisories/60024 cve-icon cve-icon
http://secunia.com/advisories/60034 cve-icon cve-icon
http://secunia.com/advisories/60044 cve-icon cve-icon
http://secunia.com/advisories/60055 cve-icon cve-icon
http://secunia.com/advisories/60063 cve-icon cve-icon
http://secunia.com/advisories/60193 cve-icon cve-icon
http://secunia.com/advisories/60325 cve-icon cve-icon
http://secunia.com/advisories/60433 cve-icon cve-icon
http://secunia.com/advisories/60947 cve-icon cve-icon
http://secunia.com/advisories/61065 cve-icon cve-icon
http://secunia.com/advisories/61128 cve-icon cve-icon
http://secunia.com/advisories/61129 cve-icon cve-icon
http://secunia.com/advisories/61188 cve-icon cve-icon
http://secunia.com/advisories/61283 cve-icon cve-icon
http://secunia.com/advisories/61287 cve-icon cve-icon
http://secunia.com/advisories/61291 cve-icon cve-icon
http://secunia.com/advisories/61312 cve-icon cve-icon
http://secunia.com/advisories/61313 cve-icon cve-icon
http://secunia.com/advisories/61328 cve-icon cve-icon
http://secunia.com/advisories/61442 cve-icon cve-icon
http://secunia.com/advisories/61471 cve-icon cve-icon
http://secunia.com/advisories/61485 cve-icon cve-icon
http://secunia.com/advisories/61503 cve-icon cve-icon
http://secunia.com/advisories/61542 cve-icon cve-icon
http://secunia.com/advisories/61547 cve-icon cve-icon
http://secunia.com/advisories/61550 cve-icon cve-icon
http://secunia.com/advisories/61552 cve-icon cve-icon
http://secunia.com/advisories/61565 cve-icon cve-icon
http://secunia.com/advisories/61603 cve-icon cve-icon
http://secunia.com/advisories/61633 cve-icon cve-icon
http://secunia.com/advisories/61641 cve-icon cve-icon
http://secunia.com/advisories/61643 cve-icon cve-icon
http://secunia.com/advisories/61654 cve-icon cve-icon
http://secunia.com/advisories/61676 cve-icon cve-icon
http://secunia.com/advisories/61700 cve-icon cve-icon
http://secunia.com/advisories/61703 cve-icon cve-icon
http://secunia.com/advisories/61711 cve-icon cve-icon
http://secunia.com/advisories/61715 cve-icon cve-icon
http://secunia.com/advisories/61780 cve-icon cve-icon
http://secunia.com/advisories/61816 cve-icon cve-icon
http://secunia.com/advisories/61855 cve-icon cve-icon
http://secunia.com/advisories/61857 cve-icon cve-icon
http://secunia.com/advisories/61873 cve-icon cve-icon
http://secunia.com/advisories/62228 cve-icon cve-icon
http://secunia.com/advisories/62312 cve-icon cve-icon
http://secunia.com/advisories/62343 cve-icon cve-icon
http://support.apple.com/kb/HT6495 cve-icon cve-icon
http://support.novell.com/security/cve/CVE-2014-6271.html cve-icon cve-icon
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash cve-icon cve-icon
http://www-01.ibm.com/support/docview.wss?uid=isg3T1021272 cve-icon cve-icon
http://www-01.ibm.com/support/docview.wss?uid=isg3T1021279 cve-icon cve-icon
http://www-01.ibm.com/support/docview.wss?uid=isg3T1021361 cve-icon cve-icon
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004879 cve-icon cve-icon
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004897 cve-icon cve-icon
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004898 cve-icon cve-icon
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004915 cve-icon cve-icon
http://www-01.ibm.com/support/docview.wss?uid=swg21685541 cve-icon cve-icon
http://www-01.ibm.com/support/docview.wss?uid=swg21685604 cve-icon cve-icon
http://www-01.ibm.com/support/docview.wss?uid=swg21685733 cve-icon cve-icon
http://www-01.ibm.com/support/docview.wss?uid=swg21685749 cve-icon cve-icon
http://www-01.ibm.com/support/docview.wss?uid=swg21685914 cve-icon cve-icon
http://www-01.ibm.com/support/docview.wss?uid=swg21686084 cve-icon cve-icon
http://www-01.ibm.com/support/docview.wss?uid=swg21686131 cve-icon cve-icon
http://www-01.ibm.com/support/docview.wss?uid=swg21686246 cve-icon cve-icon
http://www-01.ibm.com/support/docview.wss?uid=swg21686445 cve-icon cve-icon
http://www-01.ibm.com/support/docview.wss?uid=swg21686447 cve-icon cve-icon
http://www-01.ibm.com/support/docview.wss?uid=swg21686479 cve-icon cve-icon
http://www-01.ibm.com/support/docview.wss?uid=swg21686494 cve-icon cve-icon
http://www-01.ibm.com/support/docview.wss?uid=swg21687079 cve-icon cve-icon
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096315 cve-icon cve-icon
http://www.debian.org/security/2014/dsa-3032 cve-icon cve-icon
http://www.kb.cert.org/vuls/id/252743 cve-icon cve-icon
http://www.mandriva.com/security/advisories?name=MDVSA-2015:164 cve-icon cve-icon
http://www.novell.com/support/kb/doc.php?id=7015701 cve-icon cve-icon
http://www.novell.com/support/kb/doc.php?id=7015721 cve-icon cve-icon
http://www.oracle.com/technetwork/topics/security/bashcve-2014-7169-2317675.html cve-icon cve-icon
http://www.qnap.com/i/en/support/con_show.php?cid=61 cve-icon cve-icon
http://www.securityfocus.com/archive/1/533593/100/0/threaded cve-icon cve-icon
http://www.securityfocus.com/bid/70103 cve-icon cve-icon
http://www.ubuntu.com/usn/USN-2362-1 cve-icon cve-icon
http://www.us-cert.gov/ncas/alerts/TA14-268A cve-icon cve-icon
http://www.vmware.com/security/advisories/VMSA-2014-0010.html cve-icon cve-icon
http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0 cve-icon cve-icon
https://access.redhat.com/articles/1200223 cve-icon cve-icon cve-icon
https://access.redhat.com/node/1200223 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=1141597 cve-icon cve-icon
https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes cve-icon cve-icon
https://kb.bluecoat.com/index?page=content&id=SA82 cve-icon cve-icon
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10648 cve-icon cve-icon
https://kc.mcafee.com/corporate/index?page=content&id=SB10085 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2014-6271 cve-icon
https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack cve-icon
https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/ cve-icon cve-icon
https://support.apple.com/kb/HT6535 cve-icon cve-icon
https://support.citrix.com/article/CTX200217 cve-icon cve-icon
https://support.citrix.com/article/CTX200223 cve-icon cve-icon
https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15629.html cve-icon cve-icon
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04497075 cve-icon cve-icon
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04518183 cve-icon cve-icon
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk102673&src=securityAlerts cve-icon cve-icon
https://www.arista.com/en/support/advisories-notices/security-advisories/1008-security-advisory-0006 cve-icon cve-icon
https://www.cisa.gov/known-exploited-vulnerabilities-catalog cve-icon
https://www.cve.org/CVERecord?id=CVE-2014-6271 cve-icon
https://www.exploit-db.com/exploits/34879/ cve-icon cve-icon
https://www.exploit-db.com/exploits/37816/ cve-icon cve-icon
https://www.exploit-db.com/exploits/38849/ cve-icon cve-icon
https://www.exploit-db.com/exploits/39918/ cve-icon cve-icon
https://www.exploit-db.com/exploits/40619/ cve-icon cve-icon
https://www.exploit-db.com/exploits/40938/ cve-icon cve-icon
https://www.exploit-db.com/exploits/42938/ cve-icon cve-icon
https://www.suse.com/support/shellshock/ cve-icon cve-icon
History

Fri, 07 Feb 2025 14:15:00 +0000

Type Values Removed Values Added
Metrics kev

{'dateAdded': '2022-01-28'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 13 Aug 2024 23:45:00 +0000

Type Values Removed Values Added
References

cve-icon MITRE

Status: PUBLISHED

Assigner: debian

Published:

Updated: 2025-07-30T01:46:49.578Z

Reserved: 2014-09-09T00:00:00.000Z

Link: CVE-2014-6271

cve-icon Vulnrichment

Updated: 2024-08-06T12:10:13.276Z

cve-icon NVD

Status : Deferred

Published: 2014-09-24T18:48:04.477

Modified: 2025-04-12T10:46:40.837

Link: CVE-2014-6271

cve-icon Redhat

Severity : Critical

Publid Date: 2014-09-24T00:00:00Z

Links: CVE-2014-6271 - Bugzilla

cve-icon OpenCVE Enrichment

No data.