var-201409-1154
Vulnerability from variot
GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary commands via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271, CVE-2014-7169, and CVE-2014-6277. This vulnerability CVE-2014-6271 , CVE-2014-7169 ,and CVE-2014-6277 Vulnerability due to insufficient fix for.A third party may be able to execute arbitrary commands through a crafted environment. An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.
This vulnerability allows users that have been granted access to a shell script to escalate privilege and execute unrestricted commands at the same security level as the Bash script. Customers who need to upgrade the firmware of their Superdome X or HP Converged System 900 for SAP HANA should contact HP Technical Support to obtain the firmware or plan to schedule an onsite visit with an HP Services field service professional.
NOTE: HP strongly recommends implementing the following security best practices to help reduce both known and future security vulnerability risks:
Isolate the HP Superdome X or HP Converged System 900 for SAP HANA's management network by keeping it separate from the data or production network, and not connecting it directly to the Internet without additional access authentication. Patch and maintain Lightweight Directory Access Protocol (LDAP) and web servers. Use virus scanners, intrusion detection/prevention systems (IDS/IPS), and vulnerability scanners regularly. Apply all recommended HP Firmware updates. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04558068
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c04558068 Version: 1
HPSBMU03246 rev.1 - HP Insight Control for Linux Central Management Server Pre-boot Execution Environment running Bash Shell, Multiple Vulnerabilities
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2015-02-02 Last Updated: 2015-02-02
Potential Security Impact: Multiple vulnerabilities
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP Insight Control for Linux Central Management Server Pre-boot Execution Environment that could be exploited remotely resulting in Denial of Service (DoS), disclosure of information, and other vulnerabilities.
References:
CVE-2014-6271 CVE-2014-6277 CVE-2014-6278 CVE-2014-7169 CVE-2014-7186 CVE-2014-7187 CVE-2014-7196 SSRT101742
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP Insight Control for Linux Central Management Server Pre-boot Execution Environment running Bash Shell
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2014-6271 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2014-6277 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2014-6278 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2014-7169 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2014-7186 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2014-7187 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2014-7196 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided the following instructions to resolve these vulnerabilities.
Follow these steps to update the HP Insight Control for Linux Central Management Server Pre-boot Execution Environment:
NOTE: The following procedure updates the bash shell on the Linux Pre-boot Execution Environment. Please update the Bash shell version on the HP Insight Control for Linux Central Management Server also.
- On the Production RHEL 6.2 OS:
a. Prepare temporary directory for Bash update software:
mkdir -p $HOME/tmp/bash
cd $HOME/tmp/bash
pwd
b. Download the file 'bash-4.1.2-15.el6_4.2.i686.rpm' for Insight Control for Linux Red Hat 6.2 i386 from https://rhn.redhat.com/errata/RHSA-2014-1311.html to the temporary directory '$HOME/tmp/bash'.
c. Extract the Bash update software package.
rpm2cpio bash-4.1.2-15.el6_4.2.i686.rpm| cpio -idmv
d. Verify the version of the Bash update software:
./bin/bash --version
GNU bash, version 4.1.2(1)-release (i686-redhat-linux-gnu)
e. Verify version dependencies:
ldd ./bin/bash
linux-gate.so.1 => (0x008a7000) libtinfo.so.5 => /lib/libtinfo.so.5 (0x00459000) libdl.so.2 => /lib/libdl.so.2 (0x002c0000) libc.so.6 => /lib/libc.so.6 (0x0012e000) /lib/ld-linux.so.2 (0x00108000)
f. Create archive file from '/lib' to copy and install on the Insight Control for Linux Central Management Server Pre-boot Execution Environment system:
mkdir $HOME/tmp/lib
cd /lib
cp * $HOME/tmp/lib
cd $HOME/tmp
pwd
tar cvf bash_lib.tar *
-
Download the new archive file '$HOME/tmp/bash_lib.tar' from the Production RHEL 6.2 OS system to the Insight Control for Linux Central Management Server Pre-boot Execution Environment system.
-
On the HP Insight Control for Linux Central Managment Server Pre-boot Execution Environment system:
a. Create a temporary folder for the toolkit and copy the toolkit there :
mkdir -p $HOME/tmp/temp-toolkit
cp /usr/share/systemimager/boot/i386/standard/toolkit.tar.gz
$HOME/tmp/temp-toolkit
b. Extract the file 'toolkit.tar.gz' into the temporary folder:
cd $HOME/tmp/temp-toolkit
tar zxvf toolkit.tar.gz
mv $HOME/tmp/temp-toolkit/toolkit.tar.gz /tmp
c. Verify the version of the toolkit Bash:
$HOME/tmp/temp-toolkit/bin/bash --version
GNU bash, version 3.2.0(1)-release (i386-pc-linux-gnu) Copyright (C) 2005 Free Software Foundation, Inc.
d. Verify dependencies versions:
ldd $HOME/tmp/temp-toolkit/bin/bash
linux-gate.so.1 => (0xffffe000) libtermcap.so.2 => /lib/libtermcap.so.2 (0xf7f8c000) libdl.so.2 => /lib/libdl.so.2 (0x008bf000) libc.so.6 => /lib/libc.so.6 (0x00777000) /lib/ld-linux.so.2 (0x00755000)
e. Extract the archive 'bash_lib.tar' to directory '$HOME/tmp/bash_lib' . Then copy the bash binary and the library files to their respective locations:
tar xvf $HOME/tmp/bash_lib
cp $HOME/tmp/bash_lib/bash/bash $HOME/tmp/temp-toolkit/bin
cp $HOME/tmp/bash_lib/lib/* $HOME/tmp/temp-toolkit/lib
f. Create the updated toolkit gzipped archive file and place in /usr/share/systemimager/boot/i386/standard
tar czvf toolkit.tar.gz *
cp toolkit.tar.gz /usr/share/systemimager/boot/i386/standard
HISTORY Version:1 (rev.1) - 2 February 2015 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX
Copyright 2015 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux)
iEYEARECAAYFAlTP2EgACgkQ4B86/C0qfVnMkQCg8yH4xRTp9ahC3s4vDiCBmKiV JTwAoPl3SC09DPRWwo1zluDWFF1OfMtA =w7+V -----END PGP SIGNATURE----- .
HP Product Firmware Version
HP StoreEver ESL G3 Tape Libraries with MCB version 2 680H_GS40701
HP StoreEver ESL G3 Tape Libraries with MCB version 1 656H_GS10801
The firmware is customer installable and is available in the Drivers, Software & Firmware section at the following location:
http://www.hp.com/support/eslg3
Notes:
- Updating the library firmware requires a reboot of the library.
- Disable DHCP and only use static IP addressing. No other firmware stream updates are planned beyond the NX-OS 5.x and 6.x versions listed below for the MDS products.
HP has released and posted the Cisco switch software version NX-OS 6.2(9a) on HP Support Center (HPSC). This software versions 6.2(9a) has included the fixes for the vulnerability in HP StoreFabric C-series MDS switches which currently supporting NX-OS 6.X releases. HP has released and posted the Cisco switch software version NX-OS 5.2(8e) on HP Support Center (HPSC). This software version 5.2(8e) has included the fix for the vulnerability in HP C-series MDS switches which currently supporting NX-OS 5.X releases. HP is continuing to actively work on software updates to resolve the vulnerability in HP C-series Nexus 5k switches. This bulletin will be revised when these updates become available.
MITIGATION INFORMATION
If updating to a NX-OS version containing the fix is not currently possible, HP recommends the following steps to reduce the risk of this vulnerability:
The "ssh" or "telnet" features may be disabled by the admin user. All MDS and Nexus 5K switches can function in this configuration. Access is available through the console port.
Note: HP and the switch vendor recommend running an active version of Fabric OS (FOS) listed on the HP Single Point of Connectivity Knowledge (SPOCK) website ( http://h20272.www2.hp.com/ ) and applying the work-around information provided in the MITIGATION INFORMATION section below to protect HP StoreFabric B-series switches from this vulnerability.
Fabric OS (FOS) v7.3.0b (This version will be available soon and this bulletin will revised at that time)
The following focused fix FOS versions are available for the previously released versions and have been renamed to include an additional hexadecimal character appended to the FOS version on which it is based:
FOS v7.2.1c1
FOS v7.2.0d6
FOS v7.1.2b1
FOS v7.1.1c1
FOS v7.1.0cb
FOS v7.0.2e1
FOS v7.0.0d1
FOS v6.4.3f3
FOS v6.4.2a3
FOS v6.2.2f9
MITIGATION INFORMATION
HP recommends the following steps to reduce the risk of this vulnerability:
- Place the HP StoreFabric SAN switch and other data center critical
infrastructure behind a firewall to disallow access from the Internet. - Change all HP StoreFabric switch default account passwords, including the root passwords, from the default factory passwords. - Examine the list of accounts, including ones on the switch and those existing on remote authentication servers such as RADIUS, LDAP, and TACAS+, to ensure only necessary personnel can gain access to HP StoreFabric FOS switches. Delete guest accounts and temporary accounts created for one-time usage needs. - Utilize FOS password policy management to strengthen the complexity, age, and history requirements of switch account passwords
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201409-1154",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "bash",
"scope": "eq",
"trust": 1.6,
"vendor": "gnu",
"version": "1.14.7"
},
{
"model": "bash",
"scope": "eq",
"trust": 1.6,
"vendor": "gnu",
"version": "2.01"
},
{
"model": "bash",
"scope": "eq",
"trust": 1.6,
"vendor": "gnu",
"version": "2.0"
},
{
"model": "bash",
"scope": "eq",
"trust": 1.6,
"vendor": "gnu",
"version": "1.14.4"
},
{
"model": "bash",
"scope": "eq",
"trust": 1.6,
"vendor": "gnu",
"version": "1.14.1"
},
{
"model": "bash",
"scope": "eq",
"trust": 1.6,
"vendor": "gnu",
"version": "1.14.0"
},
{
"model": "bash",
"scope": "eq",
"trust": 1.6,
"vendor": "gnu",
"version": "1.14.6"
},
{
"model": "bash",
"scope": "eq",
"trust": 1.6,
"vendor": "gnu",
"version": "1.14.3"
},
{
"model": "bash",
"scope": "eq",
"trust": 1.6,
"vendor": "gnu",
"version": "1.14.2"
},
{
"model": "bash",
"scope": "eq",
"trust": 1.6,
"vendor": "gnu",
"version": "1.14.5"
},
{
"model": "bash",
"scope": "eq",
"trust": 1.3,
"vendor": "gnu",
"version": "4.2"
},
{
"model": "bash",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "3.0.16"
},
{
"model": "bash",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "2.03"
},
{
"model": "bash",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "3.2.48"
},
{
"model": "bash",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "2.01.1"
},
{
"model": "bash",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "2.02.1"
},
{
"model": "bash",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "2.02"
},
{
"model": "bash",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "3.0"
},
{
"model": "bash",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "3.2"
},
{
"model": "bash",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "4.0"
},
{
"model": "bash",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "3.1"
},
{
"model": "bash",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "4.1"
},
{
"model": "bash",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "2.04"
},
{
"model": "bash",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "4.3"
},
{
"model": "bash",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "2.05"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "apple",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "avaya",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "barracuda",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "blue coat",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "centos",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "check point",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "cygwin",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "debian gnu linux",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "dell computer",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "extreme",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "f5",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "fireeye",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "fortinet",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "gnu bash",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "gentoo linux",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "hewlett packard",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "juniper",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "mageia",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "mcafee",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "monroe",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "nec",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "niksun",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "novell",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "oracle",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "palo alto",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "qnap security",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "red hat",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "suse linux",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "slackware linux",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "sophos",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "trend micro",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ubuntu",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "vmware",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "xirrus",
"version": null
},
{
"model": "bash",
"scope": "lte",
"trust": 0.8,
"vendor": "gnu",
"version": "4.3 bash43-026"
},
{
"model": "workcentre",
"scope": "eq",
"trust": 0.3,
"vendor": "xerox",
"version": "7245"
},
{
"model": "workcentre",
"scope": "eq",
"trust": 0.3,
"vendor": "xerox",
"version": "7242"
},
{
"model": "workcentre",
"scope": "eq",
"trust": 0.3,
"vendor": "xerox",
"version": "7238"
},
{
"model": "workcentre",
"scope": "eq",
"trust": 0.3,
"vendor": "xerox",
"version": "7235"
},
{
"model": "workcentre",
"scope": "eq",
"trust": 0.3,
"vendor": "xerox",
"version": "7232"
},
{
"model": "workcentre",
"scope": "eq",
"trust": 0.3,
"vendor": "xerox",
"version": "7228"
},
{
"model": "phaser",
"scope": "eq",
"trust": 0.3,
"vendor": "xerox",
"version": "78000"
},
{
"model": "phaser",
"scope": "eq",
"trust": 0.3,
"vendor": "xerox",
"version": "67000"
},
{
"model": "colorqube",
"scope": "eq",
"trust": 0.3,
"vendor": "xerox",
"version": "9393"
},
{
"model": "colorqube",
"scope": "eq",
"trust": 0.3,
"vendor": "xerox",
"version": "9303"
},
{
"model": "colorqube",
"scope": "eq",
"trust": 0.3,
"vendor": "xerox",
"version": "9302"
},
{
"model": "colorqube",
"scope": "eq",
"trust": 0.3,
"vendor": "xerox",
"version": "9301"
},
{
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "11"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.2"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5"
},
{
"model": "email gateway patch",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "7.01"
},
{
"model": "email gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "7.0"
},
{
"model": "email gateway hotfix",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "6.7.22"
},
{
"model": "email gateway hotfix",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "6.7.21"
},
{
"model": "ds8000",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1"
},
{
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1"
},
{
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.3"
},
{
"model": "insight control",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"model": "wide area application services",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "unified ip phone",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "unified contact center express",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "network analysis module",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "mds",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "gss 4492r global site selector",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "emergency responder",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1.1"
},
{
"model": "digital media manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.0"
},
{
"model": "digital media manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "show and share",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5(2)"
},
{
"model": "ip deskphone",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "96x16.2"
},
{
"model": "ip deskphone",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "96x16"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#252743"
},
{
"db": "BID",
"id": "70166"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004476"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-1110"
},
{
"db": "NVD",
"id": "CVE-2014-6278"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:gnu:bash",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-004476"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "HP",
"sources": [
{
"db": "PACKETSTORM",
"id": "128764"
},
{
"db": "PACKETSTORM",
"id": "130336"
},
{
"db": "PACKETSTORM",
"id": "129069"
},
{
"db": "PACKETSTORM",
"id": "129070"
},
{
"db": "PACKETSTORM",
"id": "128864"
},
{
"db": "PACKETSTORM",
"id": "129438"
},
{
"db": "PACKETSTORM",
"id": "128760"
}
],
"trust": 0.7
},
"cve": "CVE-2014-6278",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2014-6278",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-6278",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2014-6278",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201409-1110",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2014-6278",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2014-6278"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004476"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-1110"
},
{
"db": "NVD",
"id": "CVE-2014-6278"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary commands via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271, CVE-2014-7169, and CVE-2014-6277. This vulnerability CVE-2014-6271 , CVE-2014-7169 ,and CVE-2014-6277 Vulnerability due to insufficient fix for.A third party may be able to execute arbitrary commands through a crafted environment. \nAn attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. \n\nThis vulnerability allows users that have been granted access to a shell\nscript to escalate privilege and execute unrestricted commands at the same\nsecurity level as the Bash script. Customers who\nneed to upgrade the firmware of their Superdome X or HP Converged System 900\nfor SAP HANA should contact HP Technical Support to obtain the firmware or\nplan to schedule an onsite visit with an HP Services field service\nprofessional. \n\nNOTE: HP strongly recommends implementing the following security best\npractices to help reduce both known and future security vulnerability risks:\n\nIsolate the HP Superdome X or HP Converged System 900 for SAP HANA\u0027s\nmanagement network by keeping it separate from the data or production\nnetwork, and not connecting it directly to the Internet without additional\naccess authentication. \nPatch and maintain Lightweight Directory Access Protocol (LDAP) and web\nservers. \nUse virus scanners, intrusion detection/prevention systems (IDS/IPS), and\nvulnerability scanners regularly. \nApply all recommended HP Firmware updates. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c04558068\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c04558068\nVersion: 1\n\nHPSBMU03246 rev.1 - HP Insight Control for Linux Central Management Server\nPre-boot Execution Environment running Bash Shell, Multiple Vulnerabilities\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2015-02-02\nLast Updated: 2015-02-02\n\nPotential Security Impact: Multiple vulnerabilities\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP Insight\nControl for Linux Central Management Server Pre-boot Execution Environment\nthat could be exploited remotely resulting in Denial of Service (DoS),\ndisclosure of information, and other vulnerabilities. \n\nReferences:\n\nCVE-2014-6271\nCVE-2014-6277\nCVE-2014-6278\nCVE-2014-7169\nCVE-2014-7186\nCVE-2014-7187\nCVE-2014-7196\nSSRT101742\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP Insight Control for Linux Central Management Server Pre-boot Execution\nEnvironment running Bash Shell\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2014-6271 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2014-6277 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2014-6278 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2014-7169 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2014-7186 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2014-7187 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2014-7196 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has provided the following instructions to resolve these vulnerabilities. \n\nFollow these steps to update the HP Insight Control for Linux Central\nManagement Server Pre-boot Execution Environment:\n\nNOTE: The following procedure updates the bash shell on the Linux Pre-boot\nExecution Environment. Please update the Bash shell version on the HP Insight\nControl for Linux Central Management Server also. \n\n1. On the Production RHEL 6.2 OS:\n\na. Prepare temporary directory for Bash update software:\n\n# mkdir -p $HOME/tmp/bash\n# cd $HOME/tmp/bash\n# pwd\n\u003chome directory\u003e/tmp/bash\n\nb. Download the file \u0027bash-4.1.2-15.el6_4.2.i686.rpm\u0027 for Insight Control for\nLinux Red Hat 6.2 i386 from https://rhn.redhat.com/errata/RHSA-2014-1311.html\nto the temporary directory \u0027$HOME/tmp/bash\u0027. \n\nc. Extract the Bash update software package. \n\n# rpm2cpio bash-4.1.2-15.el6_4.2.i686.rpm| cpio -idmv\n\nd. Verify the version of the Bash update software:\n\n# ./bin/bash --version\nGNU bash, version 4.1.2(1)-release (i686-redhat-linux-gnu)\n\ne. Verify version dependencies:\n\n# ldd ./bin/bash\n\nlinux-gate.so.1 =\u003e (0x008a7000)\nlibtinfo.so.5 =\u003e /lib/libtinfo.so.5 (0x00459000)\nlibdl.so.2 =\u003e /lib/libdl.so.2 (0x002c0000)\nlibc.so.6 =\u003e /lib/libc.so.6 (0x0012e000)\n/lib/ld-linux.so.2 (0x00108000)\n\nf. Create archive file from \u0027/lib\u0027 to copy and install on the Insight Control\nfor Linux Central Management Server Pre-boot Execution Environment system:\n\n# mkdir $HOME/tmp/lib\n# cd /lib\n# cp * $HOME/tmp/lib\n# cd $HOME/tmp\n# pwd\n\u003chome directory\u003e/tmp\n# tar cvf bash_lib.tar *\n\n2. Download the new archive file \u0027$HOME/tmp/bash_lib.tar\u0027 from the Production\nRHEL 6.2 OS system to the Insight Control for Linux Central Management Server\nPre-boot Execution Environment system. \n\n3. On the HP Insight Control for Linux Central Managment Server Pre-boot\nExecution Environment system:\n\na. Create a temporary folder for the toolkit and copy the toolkit there :\n\n# mkdir -p $HOME/tmp/temp-toolkit\n# cp /usr/share/systemimager/boot/i386/standard/toolkit.tar.gz\n$HOME/tmp/temp-toolkit\n\nb. Extract the file \u0027toolkit.tar.gz\u0027 into the temporary folder:\n\n# cd $HOME/tmp/temp-toolkit\n# tar zxvf toolkit.tar.gz\n# mv $HOME/tmp/temp-toolkit/toolkit.tar.gz /tmp\n\nc. Verify the version of the toolkit Bash:\n\n# $HOME/tmp/temp-toolkit/bin/bash --version\nGNU bash, version 3.2.0(1)-release (i386-pc-linux-gnu) Copyright (C) 2005\nFree Software Foundation, Inc. \n\nd. Verify dependencies versions:\n\n# ldd $HOME/tmp/temp-toolkit/bin/bash\n\nlinux-gate.so.1 =\u003e (0xffffe000)\nlibtermcap.so.2 =\u003e /lib/libtermcap.so.2 (0xf7f8c000)\nlibdl.so.2 =\u003e /lib/libdl.so.2 (0x008bf000)\nlibc.so.6 =\u003e /lib/libc.so.6 (0x00777000)\n/lib/ld-linux.so.2 (0x00755000)\n\ne. Extract the archive \u0027bash_lib.tar\u0027 to directory \u0027$HOME/tmp/bash_lib\u0027 . \nThen copy the bash binary and the library files to their respective\nlocations:\n\n# tar xvf $HOME/tmp/bash_lib\n# cp $HOME/tmp/bash_lib/bash/bash $HOME/tmp/temp-toolkit/bin\n# cp $HOME/tmp/bash_lib/lib/* $HOME/tmp/temp-toolkit/lib\n\nf. Create the updated toolkit gzipped archive file and place in\n/usr/share/systemimager/boot/i386/standard\n\n# tar czvf toolkit.tar.gz *\n# cp toolkit.tar.gz /usr/share/systemimager/boot/i386/standard\n\nHISTORY\nVersion:1 (rev.1) - 2 February 2015 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2015 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.13 (GNU/Linux)\n\niEYEARECAAYFAlTP2EgACgkQ4B86/C0qfVnMkQCg8yH4xRTp9ahC3s4vDiCBmKiV\nJTwAoPl3SC09DPRWwo1zluDWFF1OfMtA\n=w7+V\n-----END PGP SIGNATURE-----\n. \n\n HP Product\n Firmware Version\n\n HP StoreEver ESL G3 Tape Libraries with MCB version 2\n 680H_GS40701\n\n HP StoreEver ESL G3 Tape Libraries with MCB version 1\n 656H_GS10801\n\n The firmware is customer installable and is available in the Drivers,\nSoftware \u0026 Firmware section at the following location:\n\n http://www.hp.com/support/eslg3\n\n Notes:\n\n - Updating the library firmware requires a reboot of the library. \n\n - Disable DHCP and only use static IP addressing. No other firmware\nstream updates are planned beyond the NX-OS 5.x and 6.x versions listed below\nfor the MDS products. \n\nHP has released and posted the Cisco switch software version NX-OS 6.2(9a) on\nHP Support Center (HPSC). This software versions 6.2(9a) has included the\nfixes for the vulnerability in HP StoreFabric C-series MDS switches which\ncurrently supporting NX-OS 6.X releases. \nHP has released and posted the Cisco switch software version NX-OS 5.2(8e) on\nHP Support Center (HPSC). This software version 5.2(8e) has included the fix\nfor the vulnerability in HP C-series MDS switches which currently supporting\nNX-OS 5.X releases. \nHP is continuing to actively work on software updates to resolve the\nvulnerability in HP C-series Nexus 5k switches. This bulletin will be revised\nwhen these updates become available. \n\nMITIGATION INFORMATION\n\nIf updating to a NX-OS version containing the fix is not currently possible,\nHP recommends the following steps to reduce the risk of this vulnerability:\n\nThe \"ssh\" or \"telnet\" features may be disabled by the admin user. All MDS and\nNexus 5K switches can function in this configuration. Access is available\nthrough the console port. \n\n Note: HP and the switch vendor recommend running an active version of\nFabric OS (FOS) listed on the HP Single Point of Connectivity Knowledge\n(SPOCK) website ( http://h20272.www2.hp.com/ ) and applying the work-around\ninformation provided in the MITIGATION INFORMATION section below to protect\nHP StoreFabric B-series switches from this vulnerability. \n\n Fabric OS (FOS) v7.3.0b (This version will be available soon and this\nbulletin will revised at that time)\n\n The following focused fix FOS versions are available for the previously\nreleased versions and have been renamed to include an additional hexadecimal\ncharacter appended to the FOS version on which it is based:\n\n FOS v7.2.1c1\n FOS v7.2.0d6\n FOS v7.1.2b1\n FOS v7.1.1c1\n FOS v7.1.0cb\n FOS v7.0.2e1\n FOS v7.0.0d1\n FOS v6.4.3f3\n FOS v6.4.2a3\n FOS v6.2.2f9\n\nMITIGATION INFORMATION\n\n HP recommends the following steps to reduce the risk of this vulnerability:\n\n - Place the HP StoreFabric SAN switch and other data center critical\ninfrastructure behind a firewall to disallow access from the Internet. \n - Change all HP StoreFabric switch default account passwords, including\nthe root passwords, from the default factory passwords. \n - Examine the list of accounts, including ones on the switch and those\nexisting on remote authentication servers such as RADIUS, LDAP, and TACAS+,\nto ensure only necessary personnel can gain access to HP StoreFabric FOS\nswitches. Delete guest accounts and temporary accounts created for one-time\nusage needs. \n - Utilize FOS password policy management to strengthen the complexity,\nage, and history requirements of switch account passwords",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-6278"
},
{
"db": "CERT/CC",
"id": "VU#252743"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004476"
},
{
"db": "BID",
"id": "70166"
},
{
"db": "VULMON",
"id": "CVE-2014-6278"
},
{
"db": "PACKETSTORM",
"id": "128764"
},
{
"db": "PACKETSTORM",
"id": "130336"
},
{
"db": "PACKETSTORM",
"id": "129069"
},
{
"db": "PACKETSTORM",
"id": "129070"
},
{
"db": "PACKETSTORM",
"id": "128864"
},
{
"db": "PACKETSTORM",
"id": "129438"
},
{
"db": "PACKETSTORM",
"id": "128760"
}
],
"trust": 3.33
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=39568",
"trust": 0.5,
"type": "exploit"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2014-6278"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-6278",
"trust": 3.5
},
{
"db": "JVN",
"id": "JVN55667175",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2014-000126",
"trust": 2.5
},
{
"db": "MCAFEE",
"id": "SB10085",
"trust": 2.0
},
{
"db": "JUNIPER",
"id": "JSA10648",
"trust": 2.0
},
{
"db": "CERT/CC",
"id": "VU#252743",
"trust": 1.9
},
{
"db": "SECUNIA",
"id": "61641",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "61603",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "61287",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "60055",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "61654",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "61313",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "60044",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "58200",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "61550",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "61780",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "61552",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "61565",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "61312",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "60193",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "61129",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "61703",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "60433",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "61128",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "60063",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "61816",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "61633",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "60034",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "61643",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "61485",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "61503",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "62343",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "60325",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "61291",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "61328",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "61283",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "60024",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "61442",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "59961",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "61471",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "61857",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "61065",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "59907",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "62312",
"trust": 1.7
},
{
"db": "PACKETSTORM",
"id": "128567",
"trust": 1.7
},
{
"db": "PACKETSTORM",
"id": "137344",
"trust": 1.7
},
{
"db": "EXPLOIT-DB",
"id": "39568",
"trust": 1.6
},
{
"db": "EXPLOIT-DB",
"id": "39887",
"trust": 1.6
},
{
"db": "JVN",
"id": "JVNVU97219505",
"trust": 0.8
},
{
"db": "USCERT",
"id": "TA14-268A",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004476",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201409-1110",
"trust": 0.6
},
{
"db": "BID",
"id": "70166",
"trust": 0.4
},
{
"db": "JUNIPER",
"id": "JSA10661",
"trust": 0.3
},
{
"db": "ICS CERT",
"id": "ICSA-14-269-01",
"trust": 0.3
},
{
"db": "EXPLOITDB",
"id": "39568",
"trust": 0.1
},
{
"db": "EXPLOITDB",
"id": "39887",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2014-6278",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "128764",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "130336",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "129069",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "129070",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "128864",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "129438",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "128760",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#252743"
},
{
"db": "VULMON",
"id": "CVE-2014-6278"
},
{
"db": "BID",
"id": "70166"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004476"
},
{
"db": "PACKETSTORM",
"id": "128764"
},
{
"db": "PACKETSTORM",
"id": "130336"
},
{
"db": "PACKETSTORM",
"id": "129069"
},
{
"db": "PACKETSTORM",
"id": "129070"
},
{
"db": "PACKETSTORM",
"id": "128864"
},
{
"db": "PACKETSTORM",
"id": "129438"
},
{
"db": "PACKETSTORM",
"id": "128760"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-1110"
},
{
"db": "NVD",
"id": "CVE-2014-6278"
}
]
},
"id": "VAR-201409-1154",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.3212341
},
"last_update_date": "2024-09-18T21:54:53.310000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "bash-3.2-33.AXS3.4",
"trust": 0.8,
"url": "https://tsn.miraclelinux.com/tsn_local/index.php?m=errata\u0026a=detail\u0026eid=3918"
},
{
"title": "bash-4.1.2-15.AXS4.2",
"trust": 0.8,
"url": "https://tsn.miraclelinux.com/tsn_local/index.php?m=errata\u0026a=detail\u0026eid=3919"
},
{
"title": "cisco-sa-20140926-bash",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash"
},
{
"title": "CTX200223",
"trust": 0.8,
"url": "https://support.citrix.com/article/CTX200223"
},
{
"title": "CTX200217",
"trust": 0.8,
"url": "https://support.citrix.com/article/CTX200217"
},
{
"title": "GNU Bash",
"trust": 0.8,
"url": "http://www.gnu.org/software/bash/"
},
{
"title": "HPSBST03157 SSRT101718",
"trust": 0.8,
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c04488200"
},
{
"title": "HPSBST03122 SSRT101717",
"trust": 0.8,
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c04471532"
},
{
"title": "HPSBMU03217 SSRT101827",
"trust": 0.8,
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c04512907"
},
{
"title": "HPSBST03129 SSRT101760",
"trust": 0.8,
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c04478866"
},
{
"title": "HPSBMU03182 SSRT101787",
"trust": 0.8,
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c04497042"
},
{
"title": "HPSBHF03125 SSRT101724",
"trust": 0.8,
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c04471538"
},
{
"title": "HPSBGN03233",
"trust": 0.8,
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c04540692"
},
{
"title": "HPSBGN03141 SSRT101763",
"trust": 0.8,
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c04479398"
},
{
"title": "HPSBST03154 SSRT101747",
"trust": 0.8,
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c04487558"
},
{
"title": "HPSBGN03138 SSRT101755",
"trust": 0.8,
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c04475942"
},
{
"title": "HPSBMU03236 SSRT101830",
"trust": 0.8,
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c04552143"
},
{
"title": "HPSBGN03142 SSRT101764",
"trust": 0.8,
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c04479402"
},
{
"title": "HPSBST03181 SSRT101811",
"trust": 0.8,
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c04496383"
},
{
"title": "HPSBMU03245 SSRT101742",
"trust": 0.8,
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c04556845"
},
{
"title": "HPSBMU03144 SSRT101762",
"trust": 0.8,
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c04479492"
},
{
"title": "HPSBMU03165 SSRT101783",
"trust": 0.8,
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c04497075"
},
{
"title": "HPSBHF03145 SSRT101765",
"trust": 0.8,
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c04479505"
},
{
"title": "HPSBMU03143 SSRT101761",
"trust": 0.8,
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c04479536"
},
{
"title": "HPSBST03155 SSRT101747",
"trust": 0.8,
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c04487573"
},
{
"title": "HPSBHF03146 SSRT101765",
"trust": 0.8,
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c04479601"
},
{
"title": "MIGR-5096315",
"trust": 0.8,
"url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096315"
},
{
"title": "T1021279",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021279"
},
{
"title": "S1004897",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004897"
},
{
"title": "S1004898",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004898"
},
{
"title": "1686479",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686479"
},
{
"title": "1685433",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685433"
},
{
"title": "1685541",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685541"
},
{
"title": "1685604",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685604"
},
{
"title": "1685522",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685522"
},
{
"title": "S1004915",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004915"
},
{
"title": "1685914",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685914"
},
{
"title": "1686493",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686493"
},
{
"title": "T1021272",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021272"
},
{
"title": "1685733",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685733"
},
{
"title": "S1004879",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004879"
},
{
"title": "1686131",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686131"
},
{
"title": "1685749",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685749"
},
{
"title": "1685798",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685798"
},
{
"title": "1686299",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686299"
},
{
"title": "1686635",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686635"
},
{
"title": "\u30a2\u30e9\u30a4\u30c9\u30c6\u30ec\u30b7\u30b9\u682a\u5f0f\u4f1a\u793e\u304b\u3089\u306e\u60c5\u5831",
"trust": 0.8,
"url": "http://jvn.jp/vu/JVNVU97219505/522154/index.html"
},
{
"title": "OES11 SP2, OES11SP1, OES2 SP3 vulnerability with GNU Bash Remote Code Execution (aka ShellShock) and Mozilla NSS vulnerabilities",
"trust": 0.8,
"url": "https://www.novell.com/support/kb/doc.php?id=7015701"
},
{
"title": "ZENworks Configuration Management vulnerability with GNU Bash Remote Code Execution (aka ShellShock)",
"trust": 0.8,
"url": "https://www.novell.com/support/kb/doc.php?id=7015721"
},
{
"title": "AV14-003",
"trust": 0.8,
"url": "http://jpn.nec.com/security-info/av14-003.html"
},
{
"title": "ShellShock 101 - What you need to know and do, to ensure your systems are secure",
"trust": 0.8,
"url": "https://www.suse.com/support/shellshock/"
},
{
"title": "ELSA-2014-3094",
"trust": 0.8,
"url": "http://linux.oracle.com/errata/ELSA-2014-3094"
},
{
"title": "ELSA-2014-3093",
"trust": 0.8,
"url": "http://linux.oracle.com/errata/ELSA-2014-3093"
},
{
"title": "Bash \"Shellshock\" Vulnerabilities - CVE-2014-7169",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/bashcve-2014-7169-2317675.html"
},
{
"title": "NAS-201410-05",
"trust": 0.8,
"url": "http://www.qnap.com/i/en/support/con_show.php?cid=61"
},
{
"title": "Bug 1147414",
"trust": 0.8,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1147414"
},
{
"title": "Resolution for Bash Code Injection Vulnerability via Specially Crafted Environment Variables (CVE-2014-6271, CVE-2014-7169) in Red Hat Enterprise Linux",
"trust": 0.8,
"url": "https://access.redhat.com/solutions/1207723"
},
{
"title": "Bash specially-crafted environment variables code injection attack",
"trust": 0.8,
"url": "https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/"
},
{
"title": "GNU Bash \u300cOS \u30b3\u30de\u30f3\u30c9\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u300d\u306e\u8106\u5f31\u6027\u306b\u3064\u3044\u3066",
"trust": 0.8,
"url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/VU252743.html"
},
{
"title": "SA82",
"trust": 0.8,
"url": "https://bto.bluecoat.com/security-advisory/sa82"
},
{
"title": "SOL15629",
"trust": 0.8,
"url": "https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15629.html"
},
{
"title": "Multiple vulnerabilities in Bash",
"trust": 0.8,
"url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_bash"
},
{
"title": "CVE-2014-6278",
"trust": 0.8,
"url": "https://security-tracker.debian.org/tracker/CVE-2014-6278"
},
{
"title": "JSA10648",
"trust": 0.8,
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10648"
},
{
"title": "VMSA-2014-0010",
"trust": 0.8,
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0010.html"
},
{
"title": "GNU bash \u306e\u8106\u5f31\u6027\u306b\u95a2\u3059\u308b\u5f0a\u793e\u8abf\u67fb\u30fb\u5bfe\u5fdc\u72b6\u6cc1\u306b\u3064\u3044\u3066",
"trust": 0.8,
"url": "http://www.iodata.jp/support/information/2014/bash/"
},
{
"title": "bash\u306e\u8106\u5f31\u6027(CVE-2014-6271,CVE-2014-7169 \u4ed6)\u306b\u3088\u308bHA8500\u3078\u306e\u5f71\u97ff\u306b\u3064\u3044\u3066",
"trust": 0.8,
"url": "http://www.hitachi.co.jp/products/it/server/security/info/vulnerable/bash_ha8500.html"
},
{
"title": "\u30b5\u30fc\u30d0\u30fb\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u88fd\u54c1 bash\u306e\u8106\u5f31\u6027(CVE-2014-6271,CVE-2014-7169\u4ed6)\u306b\u3088\u308b\u5f71\u97ff\u306b\u3064\u3044\u3066",
"trust": 0.8,
"url": "http://www.hitachi.co.jp/products/it/server/security/info/vulnerable/bash_cve20146271.html"
},
{
"title": "cisco-sa-20140926-bash",
"trust": 0.8,
"url": "http://www.cisco.com/cisco/web/support/JP/112/1126/1126247_cisco-sa-20140926-bash-j.html"
},
{
"title": "TLSA-2014-10",
"trust": 0.8,
"url": "http://www.turbolinux.co.jp/security/2014/TLSA-2014-10j.html"
},
{
"title": "GNU Bash\u306b\u304a\u3051\u308bOS\u30b3\u30de\u30f3\u30c9\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u306e\u8106\u5f31\u6027",
"trust": 0.8,
"url": "http://buffalo.jp/support_s/s20141002.html"
},
{
"title": "GNU Bash \u306b OS \u30b3\u30de\u30f3\u30c9\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u306e\u8106\u5f31\u6027",
"trust": 0.8,
"url": "http://software.fujitsu.com/jp/security/vulnerabilities/jvn-97219505.html"
},
{
"title": "GNU Bash Fixes for operating system command injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=168880"
},
{
"title": "Ubuntu Security Notice: bash vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-2380-1"
},
{
"title": "VMware Security Advisories: VMware product updates address critical Bash security vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=vmware_security_advisories\u0026qid=86cb6b3955e100fdc9667a7ca916c772"
},
{
"title": "Symantec Security Advisories: SA82 : GNU Bash Shellshock Command Injection Vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=2b57ceaadfde2a8b03482273e1fd21ea"
},
{
"title": "Citrix Security Bulletins: Citrix XenServer Shellshock Security Update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins\u0026qid=64ae0aae8269062686789e3a3fa1d2bf"
},
{
"title": "Tenable Security Advisories: [R7] Tenable Appliance Affected by GNU bash \u0027Shellshock\u0027 Vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=TNS-2014-07"
},
{
"title": "Citrix Security Bulletins: Citrix Security Advisory for GNU Bash Shellshock Vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins\u0026qid=73443a6db89dc66fc6bcb49f85bfd1ab"
},
{
"title": "CiscoUCS-Shellshock",
"trust": 0.1,
"url": "https://github.com/thatchriseckert/CiscoUCS-Shellshock "
},
{
"title": "0day-WriteUp-TryHackme-CTF-Medium",
"trust": 0.1,
"url": "https://github.com/elc4br4/0day-WriteUp-TryHackme-CTF-Medium "
},
{
"title": "ShellScan",
"trust": 0.1,
"url": "https://github.com/0xICF/ShellScan "
},
{
"title": "cvesploit",
"trust": 0.1,
"url": "https://github.com/swapravo/cvesploit "
},
{
"title": "fabric-shellshock",
"trust": 0.1,
"url": "https://github.com/ericlake/fabric-shellshock "
},
{
"title": "w-test",
"trust": 0.1,
"url": "https://github.com/inspirion87/w-test "
},
{
"title": "Xpl-SHELLSHOCK-Ch3ck",
"trust": 0.1,
"url": "https://github.com/googleinurl/Xpl-SHELLSHOCK-Ch3ck "
},
{
"title": "bashcheck",
"trust": 0.1,
"url": "https://github.com/hannob/bashcheck "
},
{
"title": "shellshockFixOSX",
"trust": 0.1,
"url": "https://github.com/opragel/shellshockFixOSX "
},
{
"title": "shocktrooper",
"trust": 0.1,
"url": "https://github.com/EvanK/shocktrooper "
},
{
"title": "ShellShockHunter",
"trust": 0.1,
"url": "https://github.com/MrCl0wnLab/ShellShockHunter "
},
{
"title": "shellshocker-pocs",
"trust": 0.1,
"url": "https://github.com/mubix/shellshocker-pocs "
},
{
"title": "ActiveScanPlusPlus",
"trust": 0.1,
"url": "https://github.com/albinowax/ActiveScanPlusPlus "
},
{
"title": "afl-cve",
"trust": 0.1,
"url": "https://github.com/mrash/afl-cve "
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/researcher-takes-wraps-off-two-undisclosed-shellshock-vulnerabilities-in-bash/108674/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2014-6278"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004476"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-1110"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-004476"
},
{
"db": "NVD",
"id": "CVE-2014-6278"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20140926-bash"
},
{
"trust": 2.8,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10085"
},
{
"trust": 2.5,
"url": "http://lcamtuf.blogspot.com/2014/09/bash-bug-apply-unofficial-patch-now.html"
},
{
"trust": 2.5,
"url": "https://kb.bluecoat.com/index?page=content\u0026id=sa82"
},
{
"trust": 2.5,
"url": "https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15629.html"
},
{
"trust": 2.5,
"url": "http://jvndb.jvn.jp/jvndb/jvndb-2014-000126"
},
{
"trust": 2.0,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685749"
},
{
"trust": 2.0,
"url": "http://www.vmware.com/security/advisories/vmsa-2014-0010.html"
},
{
"trust": 2.0,
"url": "https://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10648"
},
{
"trust": 2.0,
"url": "http://www.oracle.com/technetwork/topics/security/bashcve-2014-7169-2317675.html"
},
{
"trust": 2.0,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685914"
},
{
"trust": 2.0,
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1021272"
},
{
"trust": 2.0,
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004898"
},
{
"trust": 2.0,
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1021279"
},
{
"trust": 2.0,
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004897"
},
{
"trust": 2.0,
"url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5096315"
},
{
"trust": 2.0,
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004915"
},
{
"trust": 2.0,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685604"
},
{
"trust": 2.0,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686131"
},
{
"trust": 2.0,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686246"
},
{
"trust": 2.0,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21687079"
},
{
"trust": 1.8,
"url": "https://www.exploit-db.com/exploits/39568/"
},
{
"trust": 1.7,
"url": "https://security-tracker.debian.org/tracker/cve-2014-6278"
},
{
"trust": 1.7,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1147414"
},
{
"trust": 1.7,
"url": "https://www.suse.com/support/shellshock/"
},
{
"trust": 1.7,
"url": "http://support.novell.com/security/cve/cve-2014-6278.html"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/61641"
},
{
"trust": 1.7,
"url": "http://lcamtuf.blogspot.com/2014/10/bash-bug-how-we-finally-cracked.html"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/61485"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/59907"
},
{
"trust": 1.7,
"url": "http://www.ubuntu.com/usn/usn-2380-1"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/61654"
},
{
"trust": 1.7,
"url": "http://packetstormsecurity.com/files/128567/ca-technologies-gnu-bash-shellshock.html"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/61565"
},
{
"trust": 1.7,
"url": "http://www.novell.com/support/kb/doc.php?id=7015721"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/61643"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/61503"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/61633"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/61552"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/61703"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/61283"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/61603"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00004.html"
},
{
"trust": 1.7,
"url": "http://marc.info/?l=bugtraq\u0026m=141330468527613\u0026w=2"
},
{
"trust": 1.7,
"url": "http://marc.info/?l=bugtraq\u0026m=141345648114150\u0026w=2"
},
{
"trust": 1.7,
"url": "https://support.citrix.com/article/ctx200217"
},
{
"trust": 1.7,
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004879"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/60034"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/61816"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/61128"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/61313"
},
{
"trust": 1.7,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685733"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/61442"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/61287"
},
{
"trust": 1.7,
"url": "https://support.citrix.com/article/ctx200223"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/60055"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/61129"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/61780"
},
{
"trust": 1.7,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686479"
},
{
"trust": 1.7,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685541"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/61471"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/58200"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/61328"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/61857"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/60193"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/61065"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/61550"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/60325"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/61312"
},
{
"trust": 1.7,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686494"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/60063"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/61291"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/60044"
},
{
"trust": 1.7,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686445"
},
{
"trust": 1.7,
"url": "https://supportcenter.checkpoint.com/supportcenter/portal?eventsubmit_dogoviewsolutiondetails=\u0026solutionid=sk102673\u0026src=securityalerts"
},
{
"trust": 1.7,
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1021361"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/60433"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/60024"
},
{
"trust": 1.7,
"url": "http://marc.info/?l=bugtraq\u0026m=141383353622268\u0026w=2"
},
{
"trust": 1.7,
"url": "http://marc.info/?l=bugtraq\u0026m=141383304022067\u0026w=2"
},
{
"trust": 1.7,
"url": "http://marc.info/?l=bugtraq\u0026m=141383244821813\u0026w=2"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-updates/2014-10/msg00025.html"
},
{
"trust": 1.7,
"url": "http://marc.info/?l=bugtraq\u0026m=141450491804793\u0026w=2"
},
{
"trust": 1.7,
"url": "http://jvn.jp/en/jp/jvn55667175/index.html"
},
{
"trust": 1.7,
"url": "http://marc.info/?l=bugtraq\u0026m=141383081521087\u0026w=2"
},
{
"trust": 1.7,
"url": "http://www.qnap.com/i/en/support/con_show.php?cid=61"
},
{
"trust": 1.7,
"url": "http://marc.info/?l=bugtraq\u0026m=141383026420882\u0026w=2"
},
{
"trust": 1.7,
"url": "http://marc.info/?l=bugtraq\u0026m=141383196021590\u0026w=2"
},
{
"trust": 1.7,
"url": "http://marc.info/?l=bugtraq\u0026m=141383465822787\u0026w=2"
},
{
"trust": 1.7,
"url": "http://marc.info/?l=bugtraq\u0026m=141577137423233\u0026w=2"
},
{
"trust": 1.7,
"url": "http://marc.info/?l=bugtraq\u0026m=141577241923505\u0026w=2"
},
{
"trust": 1.7,
"url": "http://marc.info/?l=bugtraq\u0026m=141576728022234\u0026w=2"
},
{
"trust": 1.7,
"url": "http://marc.info/?l=bugtraq\u0026m=141577297623641\u0026w=2"
},
{
"trust": 1.7,
"url": "http://marc.info/?l=bugtraq\u0026m=141585637922673\u0026w=2"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/62312"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/59961"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/62343"
},
{
"trust": 1.7,
"url": "http://linux.oracle.com/errata/elsa-2014-3093"
},
{
"trust": 1.7,
"url": "http://linux.oracle.com/errata/elsa-2014-3094"
},
{
"trust": 1.7,
"url": "http://marc.info/?l=bugtraq\u0026m=142358026505815\u0026w=2"
},
{
"trust": 1.7,
"url": "http://marc.info/?l=bugtraq\u0026m=142358078406056\u0026w=2"
},
{
"trust": 1.7,
"url": "http://marc.info/?l=bugtraq\u0026m=141879528318582\u0026w=2"
},
{
"trust": 1.7,
"url": "http://marc.info/?l=bugtraq\u0026m=142118135300698\u0026w=2"
},
{
"trust": 1.7,
"url": "http://marc.info/?l=bugtraq\u0026m=142721162228379\u0026w=2"
},
{
"trust": 1.7,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:164"
},
{
"trust": 1.7,
"url": "http://packetstormsecurity.com/files/137344/sun-secure-global-desktop-oracle-global-desktop-shellshock.html"
},
{
"trust": 1.7,
"url": "https://www.exploit-db.com/exploits/39887/"
},
{
"trust": 1.7,
"url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-c04518183"
},
{
"trust": 1.7,
"url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-c04497075"
},
{
"trust": 1.7,
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1008-security-advisory-0006"
},
{
"trust": 1.6,
"url": "https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/"
},
{
"trust": 1.1,
"url": "http://www.fortiguard.com/advisory/fg-ir-14-030/"
},
{
"trust": 0.8,
"url": "http://seclists.org/oss-sec/2014/q3/650"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/articles/1200223"
},
{
"trust": 0.8,
"url": "http://seclists.org/oss-sec/2014/q3/688"
},
{
"trust": 0.8,
"url": "http://seclists.org/oss-sec/2014/q3/685"
},
{
"trust": 0.8,
"url": "http://lcamtuf.blogspot.com/2014/09/quick-notes-about-bash-bug-its-impact.html"
},
{
"trust": 0.8,
"url": "https://gist.github.com/anonymous/929d622f3b36b00c0be1"
},
{
"trust": 0.8,
"url": "https://www.dfranke.us/posts/2014-09-27-shell-shock-exploitation-vectors.html"
},
{
"trust": 0.8,
"url": "https://shellshocker.net/#"
},
{
"trust": 0.8,
"url": "http://support.apple.com/kb/ht6495"
},
{
"trust": 0.8,
"url": "https://www.barracuda.com/support/techalerts"
},
{
"trust": 0.8,
"url": "http://www.checkpoint.com/blog/protecting-shellshock/index.html"
},
{
"trust": 0.8,
"url": "http://securityadvisories.dlink.com/security/publication.aspx?name=sap10044"
},
{
"trust": 0.8,
"url": "https://www.debian.org/security/2014/dsa-3032"
},
{
"trust": 0.8,
"url": "http://learn.extremenetworks.com/rs/extreme/images/vn-2014-001-%20gnu%20bash%20threats%20-cve-2014-7169%20rev01.pdf"
},
{
"trust": 0.8,
"url": "http://fedoramagazine.org/shellshock-update-bash-packages-that-resolve-cve-2014-6271-and-cve-2014-7169-available/"
},
{
"trust": 0.8,
"url": "http://www.gentoo.org/security/en/glsa/glsa-201409-09.xml"
},
{
"trust": 0.8,
"url": "http://alerts.hp.com/r?2.1.3kt.2zr.15ee22.l8mgqe..n.ghvs.8f9a.bw89mq%5f%5fdbosfqk0"
},
{
"trust": 0.8,
"url": "http://kb.juniper.net/jsa10648"
},
{
"trust": 0.8,
"url": "http://jpn.nec.com/security-info/av14-003.html"
},
{
"trust": 0.8,
"url": "http://support.novell.com/security/cve/cve-2014-6271.html"
},
{
"trust": 0.8,
"url": "https://www.suse.com/support/kb/doc.php?id=7015702"
},
{
"trust": 0.8,
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2014\u0026m=slackware-security.522193"
},
{
"trust": 0.8,
"url": "http://www.ubuntu.com/usn/usn-2362-1/"
},
{
"trust": 0.8,
"url": "http://kb.vmware.com/selfservice/microsites/search.do?language=en_us\u0026cmd=displaykc\u0026externalid=2090740"
},
{
"trust": 0.8,
"url": "http://pkgsrc.se/files.php?messageid=20140925202832.9ad9c98@cvs.netbsd.org"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-6278"
},
{
"trust": 0.8,
"url": "http://www.ipa.go.jp/security/ciadr/vul/20140926-bash.html"
},
{
"trust": 0.8,
"url": "https://www.jpcert.or.jp/at/2014/at140037.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/jp/jvn55667175/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu97219505/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-6278"
},
{
"trust": 0.8,
"url": "https://www.us-cert.gov/ncas/alerts/ta14-268a"
},
{
"trust": 0.8,
"url": "http://www.kb.cert.org/vuls/id/252743"
},
{
"trust": 0.8,
"url": "http://lcamtuf.blogspot.jp/2014/09/bash-bug-apply-unofficial-patch-now.html"
},
{
"trust": 0.8,
"url": "http://www.aratana.jp/security/detail.php?id=10"
},
{
"trust": 0.7,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/"
},
{
"trust": 0.7,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
},
{
"trust": 0.7,
"url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-7169"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-6271"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-6277"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-6278"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-7186"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-7187"
},
{
"trust": 0.3,
"url": "http://lcamtuf.blogspot.de/2014/09/bash-bug-apply-unofficial-patch-now.html"
},
{
"trust": 0.3,
"url": "http://www.gnu.org/software/bash/"
},
{
"trust": 0.3,
"url": "https://lists.gnu.org/archive/html/bug-bash/2014-10/msg00040.html"
},
{
"trust": 0.3,
"url": "https://supportcenter.checkpoint.com/supportcenter/portal?eventsubmit_dogoviewsolutiondetails=\u0026solutionid=sk102673"
},
{
"trust": 0.3,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=kb83017"
},
{
"trust": 0.3,
"url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_bash"
},
{
"trust": 0.3,
"url": "http://lcamtuf.blogspot.in/2014/09/quick-notes-about-bash-bug-its-impact.html"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/connections/blogs/psirt/entry/security_bulletin_vulnerabilities_in_bash_affect_certain_qlogic_products_that_ibm_resells_for_bladecenter_and_flex_system_products_cve_2014_6271_c"
},
{
"trust": 0.3,
"url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-notices/archive/hw-372538.htm"
},
{
"trust": 0.3,
"url": "http://support.f5.com/kb/en-us/solutions/public/15000/600/sol15629.html?ref=rss"
},
{
"trust": 0.3,
"url": "http://www.ibm.com/support/docview.wss?uid=ssg1s1004932"
},
{
"trust": 0.3,
"url": "http://www.ibm.com/support/docview.wss?uid=swg21686433"
},
{
"trust": 0.3,
"url": "http://www.ibm.com/support/docview.wss?uid=isg3t1021361"
},
{
"trust": 0.3,
"url": "http://www.ibm.com/support/docview.wss?uid=swg21686494"
},
{
"trust": 0.3,
"url": "http://www.ibm.com/support/docview.wss?uid=swg21686445"
},
{
"trust": 0.3,
"url": "http://www.ibm.com/support/docview.wss?uid=ssg1s1004903"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004928"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004911"
},
{
"trust": 0.3,
"url": "http://www.ibm.com/support/docview.wss?uid=swg21686479"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04497075"
},
{
"trust": 0.3,
"url": "http://seclists.org/fulldisclosure/2014/oct/25"
},
{
"trust": 0.3,
"url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10661\u0026cat=sirt_1\u0026actp=list"
},
{
"trust": 0.3,
"url": "https://downloads.avaya.com/css/p8/documents/100183172"
},
{
"trust": 0.3,
"url": "https://ics-cert.us-cert.gov/advisories/supplement-icsa-14-269-01"
},
{
"trust": 0.3,
"url": "http://www.kb.cert.org/vuls/id/bluu-9paps5"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04479398"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04479402"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04479601"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04479505"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04479492"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04475942"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04471532"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04488200"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04478866"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04479536"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04540692"
},
{
"trust": 0.3,
"url": "http://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04561445"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04471546"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04471538"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04497042"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04512907 "
},
{
"trust": 0.3,
"url": "http://seclists.org/bugtraq/2015/feb/76"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04558068"
},
{
"trust": 0.3,
"url": "http://seclists.org/bugtraq/2015/feb/77"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04487558"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04487573"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04496383"
},
{
"trust": 0.3,
"url": "http://www.kb.cert.org/vuls/id/bluu-9paptm"
},
{
"trust": 0.3,
"url": "http://www.kb.cert.org/vuls/id/bluu-9paptz"
},
{
"trust": 0.3,
"url": "https://www.xerox.com/download/security/security-bulletin/1a2e5-5116a33c2fb27/cert_security_mini-_bulletin_xrx15k_for_77xx_r15-03_v1.0.pdf"
},
{
"trust": 0.3,
"url": "https://www.xerox.com/download/security/security-bulletin/2b8d8-513128526dd97/cert_security_mini-_bulletin_xrx15m_for_wc75xx_v1_1.pdf"
},
{
"trust": 0.3,
"url": "https://www.xerox.com/download/security/security-bulletin/2eeef-51056e459c6d8/cert_security_mini-_bulletin_xrx15h_for_p7800_v1_0.pdf"
},
{
"trust": 0.3,
"url": "https://www.xerox.com/download/security/security-bulletin/2a20e-5105457a515cc/cert_security_mini-_bulletin_xrx15e_for_wc57xx_v1_0.pdf"
},
{
"trust": 0.3,
"url": "https://www.xerox.com/download/security/security-bulletin/2a901-510567b876a35/cert_security_mini-_bulletin_xrx15g_for_p6700_v1_0.pdf"
},
{
"trust": 0.3,
"url": "https://www.xerox.com/download/security/security-bulletin/29a7e-50e49f9c009f9/cert_security_mini_bulletin_xrx14g_for_77xx_v1.1.pdf"
},
{
"trust": 0.3,
"url": "https://www.xerox.com/download/security/security-bulletin/1a7a1-50f12e334b734/cert_security_mini-_bulletin_xrx14h_for_wc59xx_v1.pdf"
},
{
"trust": 0.3,
"url": "https://www.xerox.com/download/security/security-bulletin/2df3c-51055b159fd50/cert_security_mini_bulletin_xrx15f_for_connectkey_1.5_v1-01.pdf"
},
{
"trust": 0.3,
"url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-377648.htm"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=ssg1s1004982"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=ssg1s1004879"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685873"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21686132"
},
{
"trust": 0.3,
"url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5096533"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21686024"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686037"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21685733"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686171"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21686098"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685875"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=nas8n1020272"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21685541"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=ssg1s1004905"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685673"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21685837"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21687971"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685691"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004933"
},
{
"trust": 0.3,
"url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5096503"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004945"
},
{
"trust": 0.3,
"url": "https://downloads.avaya.com/css/p8/documents/100183088"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/78.html"
},
{
"trust": 0.1,
"url": "https://www.securityfocus.com/bid/70166"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=35880"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/2380-1/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0224"
},
{
"trust": 0.1,
"url": "https://rhn.redhat.com/errata/rhsa-2014-1311.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-7196"
},
{
"trust": 0.1,
"url": "http://www.hp.com/support/eslg3"
},
{
"trust": 0.1,
"url": "http://h20272.www2.hp.com/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#252743"
},
{
"db": "VULMON",
"id": "CVE-2014-6278"
},
{
"db": "BID",
"id": "70166"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004476"
},
{
"db": "PACKETSTORM",
"id": "128764"
},
{
"db": "PACKETSTORM",
"id": "130336"
},
{
"db": "PACKETSTORM",
"id": "129069"
},
{
"db": "PACKETSTORM",
"id": "129070"
},
{
"db": "PACKETSTORM",
"id": "128864"
},
{
"db": "PACKETSTORM",
"id": "129438"
},
{
"db": "PACKETSTORM",
"id": "128760"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-1110"
},
{
"db": "NVD",
"id": "CVE-2014-6278"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#252743"
},
{
"db": "VULMON",
"id": "CVE-2014-6278"
},
{
"db": "BID",
"id": "70166"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004476"
},
{
"db": "PACKETSTORM",
"id": "128764"
},
{
"db": "PACKETSTORM",
"id": "130336"
},
{
"db": "PACKETSTORM",
"id": "129069"
},
{
"db": "PACKETSTORM",
"id": "129070"
},
{
"db": "PACKETSTORM",
"id": "128864"
},
{
"db": "PACKETSTORM",
"id": "129438"
},
{
"db": "PACKETSTORM",
"id": "128760"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-1110"
},
{
"db": "NVD",
"id": "CVE-2014-6278"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-09-25T00:00:00",
"db": "CERT/CC",
"id": "VU#252743"
},
{
"date": "2014-09-30T00:00:00",
"db": "VULMON",
"id": "CVE-2014-6278"
},
{
"date": "2014-09-27T00:00:00",
"db": "BID",
"id": "70166"
},
{
"date": "2014-10-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-004476"
},
{
"date": "2014-10-20T17:57:00",
"db": "PACKETSTORM",
"id": "128764"
},
{
"date": "2015-02-10T17:43:27",
"db": "PACKETSTORM",
"id": "130336"
},
{
"date": "2014-11-12T18:13:47",
"db": "PACKETSTORM",
"id": "129069"
},
{
"date": "2014-11-12T18:13:53",
"db": "PACKETSTORM",
"id": "129070"
},
{
"date": "2014-10-27T23:44:00",
"db": "PACKETSTORM",
"id": "128864"
},
{
"date": "2014-12-09T23:15:30",
"db": "PACKETSTORM",
"id": "129438"
},
{
"date": "2014-10-20T17:03:00",
"db": "PACKETSTORM",
"id": "128760"
},
{
"date": "2014-09-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201409-1110"
},
{
"date": "2014-09-30T10:55:04.723000",
"db": "NVD",
"id": "CVE-2014-6278"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-04-14T00:00:00",
"db": "CERT/CC",
"id": "VU#252743"
},
{
"date": "2021-11-17T00:00:00",
"db": "VULMON",
"id": "CVE-2014-6278"
},
{
"date": "2016-07-05T21:53:00",
"db": "BID",
"id": "70166"
},
{
"date": "2015-12-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-004476"
},
{
"date": "2021-11-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201409-1110"
},
{
"date": "2021-11-17T22:15:36.700000",
"db": "NVD",
"id": "CVE-2014-6278"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201409-1110"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GNU Bash shell executes commands in exported functions in environment variables",
"sources": [
{
"db": "CERT/CC",
"id": "VU#252743"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201409-1110"
}
],
"trust": 0.6
}
}
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.