中危 GNU Bash不完整修复远程代码执行漏洞(CNVD-2014-06699)

CVE编号

CVE-2014-6278

利用情况

EXP 已公开

补丁情况

官方补丁

披露时间

2014-09-30
该漏洞EXP已公开传播,漏洞利用成本极低,建议您立即关注并修复。
漏洞描述
Bash,Unix shell的一种,在1987年由布莱恩·福克斯为了GNU计划而编写。

GNU Bash 4.3 bash43-026及之前版本未能正确解析环境变量值中的函数定义这可使远程攻击者利用此漏洞通过构造的环境执行任意代码。
解决建议
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
http://www.gnu.org/software/bash
参考链接
http://jvn.jp/en/jp/JVN55667175/index.html
http://jvndb.jvn.jp/jvndb/JVNDB-2014-000126
http://lcamtuf.blogspot.com/2014/09/bash-bug-apply-unofficial-patch-now.html
http://lcamtuf.blogspot.com/2014/10/bash-bug-how-we-finally-cracked.html
http://linux.oracle.com/errata/ELSA-2014-3093
http://linux.oracle.com/errata/ELSA-2014-3094
http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00004.html
http://lists.opensuse.org/opensuse-updates/2014-10/msg00025.html
http://marc.info/?l=bugtraq&m=141330468527613&w=2
http://marc.info/?l=bugtraq&m=141345648114150&w=2
http://marc.info/?l=bugtraq&m=141383026420882&w=2
http://marc.info/?l=bugtraq&m=141383081521087&w=2
http://marc.info/?l=bugtraq&m=141383196021590&w=2
http://marc.info/?l=bugtraq&m=141383244821813&w=2
http://marc.info/?l=bugtraq&m=141383304022067&w=2
http://marc.info/?l=bugtraq&m=141383353622268&w=2
http://marc.info/?l=bugtraq&m=141383465822787&w=2
http://marc.info/?l=bugtraq&m=141450491804793&w=2
http://marc.info/?l=bugtraq&m=141576728022234&w=2
http://marc.info/?l=bugtraq&m=141577137423233&w=2
http://marc.info/?l=bugtraq&m=141577241923505&w=2
http://marc.info/?l=bugtraq&m=141577297623641&w=2
http://marc.info/?l=bugtraq&m=141585637922673&w=2
http://marc.info/?l=bugtraq&m=141879528318582&w=2
http://marc.info/?l=bugtraq&m=142118135300698&w=2
http://marc.info/?l=bugtraq&m=142358026505815&w=2
http://marc.info/?l=bugtraq&m=142358078406056&w=2
http://marc.info/?l=bugtraq&m=142721162228379&w=2
http://packetstormsecurity.com/files/128567/CA-Technologies-GNU-Bash-Shellshock.html
http://packetstormsecurity.com/files/137344/Sun-Secure-Global-Desktop-Oracle-...
http://secunia.com/advisories/58200
http://secunia.com/advisories/59907
http://secunia.com/advisories/59961
http://secunia.com/advisories/60024
http://secunia.com/advisories/60034
http://secunia.com/advisories/60044
http://secunia.com/advisories/60055
http://secunia.com/advisories/60063
http://secunia.com/advisories/60193
http://secunia.com/advisories/60325
http://secunia.com/advisories/60433
http://secunia.com/advisories/61065
http://secunia.com/advisories/61128
http://secunia.com/advisories/61129
http://secunia.com/advisories/61283
http://secunia.com/advisories/61287
http://secunia.com/advisories/61291
http://secunia.com/advisories/61312
http://secunia.com/advisories/61313
http://secunia.com/advisories/61328
http://secunia.com/advisories/61442
http://secunia.com/advisories/61471
http://secunia.com/advisories/61485
http://secunia.com/advisories/61503
http://secunia.com/advisories/61550
http://secunia.com/advisories/61552
http://secunia.com/advisories/61565
http://secunia.com/advisories/61603
http://secunia.com/advisories/61633
http://secunia.com/advisories/61641
http://secunia.com/advisories/61643
http://secunia.com/advisories/61654
http://secunia.com/advisories/61703
http://secunia.com/advisories/61780
http://secunia.com/advisories/61816
http://secunia.com/advisories/61857
http://secunia.com/advisories/62312
http://secunia.com/advisories/62343
http://support.novell.com/security/cve/CVE-2014-6278.html
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa...
http://www-01.ibm.com/support/docview.wss?uid=isg3T1021272
http://www-01.ibm.com/support/docview.wss?uid=isg3T1021279
http://www-01.ibm.com/support/docview.wss?uid=isg3T1021361
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004879
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004897
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004898
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004915
http://www-01.ibm.com/support/docview.wss?uid=swg21685541
http://www-01.ibm.com/support/docview.wss?uid=swg21685604
http://www-01.ibm.com/support/docview.wss?uid=swg21685733
http://www-01.ibm.com/support/docview.wss?uid=swg21685749
http://www-01.ibm.com/support/docview.wss?uid=swg21685914
http://www-01.ibm.com/support/docview.wss?uid=swg21686131
http://www-01.ibm.com/support/docview.wss?uid=swg21686246
http://www-01.ibm.com/support/docview.wss?uid=swg21686445
http://www-01.ibm.com/support/docview.wss?uid=swg21686479
http://www-01.ibm.com/support/docview.wss?uid=swg21686494
http://www-01.ibm.com/support/docview.wss?uid=swg21687079
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096315
http://www.mandriva.com/security/advisories?name=MDVSA-2015:164
http://www.novell.com/support/kb/doc.php?id=7015721
http://www.oracle.com/technetwork/topics/security/bashcve-2014-7169-2317675.html
http://www.qnap.com/i/en/support/con_show.php?cid=61
http://www.ubuntu.com/usn/USN-2380-1
http://www.vmware.com/security/advisories/VMSA-2014-0010.html
https://bugzilla.redhat.com/show_bug.cgi?id=1147414
https://kb.bluecoat.com/index?page=content&id=SA82
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10648
https://kc.mcafee.com/corporate/index?page=content&id=SB10085
https://security-tracker.debian.org/tracker/CVE-2014-6278
https://support.citrix.com/article/CTX200217
https://support.citrix.com/article/CTX200223
https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15629.html
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-...
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-...
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGovie...
https://www.arista.com/en/support/advisories-notices/security-advisories/1008...
https://www.exploit-db.com/exploits/39568/
https://www.exploit-db.com/exploits/39887/
https://www.suse.com/support/shellshock/
受影响软件情况
# 类型 厂商 产品 版本 影响面
1
运行在以下环境
应用 gnu bash 1.14.0 -
运行在以下环境
应用 gnu bash 1.14.1 -
运行在以下环境
应用 gnu bash 1.14.2 -
运行在以下环境
应用 gnu bash 1.14.3 -
运行在以下环境
应用 gnu bash 1.14.4 -
运行在以下环境
应用 gnu bash 1.14.5 -
运行在以下环境
应用 gnu bash 1.14.6 -
运行在以下环境
应用 gnu bash 1.14.7 -
运行在以下环境
应用 gnu bash 2.0 -
运行在以下环境
应用 gnu bash 2.01 -
运行在以下环境
应用 gnu bash 2.01.1 -
运行在以下环境
应用 gnu bash 2.02 -
运行在以下环境
应用 gnu bash 2.02.1 -
运行在以下环境
应用 gnu bash 2.03 -
运行在以下环境
应用 gnu bash 2.04 -
运行在以下环境
应用 gnu bash 2.05 -
运行在以下环境
应用 gnu bash 3.0 -
运行在以下环境
应用 gnu bash 3.0.16 -
运行在以下环境
应用 gnu bash 3.1 -
运行在以下环境
应用 gnu bash 3.2 -
运行在以下环境
应用 gnu bash 3.2.48 -
运行在以下环境
应用 gnu bash 4.0 -
运行在以下环境
应用 gnu bash 4.1 -
运行在以下环境
应用 gnu bash 4.2 -
运行在以下环境
应用 gnu bash 4.3 -
运行在以下环境
系统 debian DPKG * Up to
(excluding)
4.3-9.2
运行在以下环境
系统 debian_10 bash * Up to
(excluding)
4.3-9.2
运行在以下环境
系统 debian_11 bash * Up to
(excluding)
4.3-9.2
运行在以下环境
系统 debian_12 bash * Up to
(excluding)
4.3-9.2
运行在以下环境
系统 debian_6 bash * Up to
(excluding)
4.1-3+deb6u2
运行在以下环境
系统 debian_7 bash * Up to
(excluding)
4.2+dfsg-0.1+deb7u3
运行在以下环境
系统 debian_sid bash * Up to
(excluding)
4.3-9.2
运行在以下环境
系统 opensuse_Leap_42.1 bash-doc * Up to
(excluding)
4.2-81.1
运行在以下环境
系统 oracle_5 oraclelinux-release * Up to
(excluding)
3.2-33.el5_11.4.0.1
运行在以下环境
系统 oracle_6 oraclelinux-release * Up to
(excluding)
4.1.2-29.el6.0.1
运行在以下环境
系统 oracle_7 oraclelinux-release * Up to
(excluding)
4.2.45-5.el7_0.4.0.1
运行在以下环境
系统 suse_12 bash-lang * Up to
(excluding)
4.3-78
运行在以下环境
系统 suse_12_SP1 readline-doc * Up to
(excluding)
4.2-82.1
运行在以下环境
系统 ubuntu_12.04.5_lts bash * Up to
(excluding)
4.2-2ubuntu2.6
运行在以下环境
系统 ubuntu_14.04 bash * Up to
(excluding)
4.3-7ubuntu1.5
运行在以下环境
系统 ubuntu_14.04.6_lts bash * Up to
(excluding)
4.3-7ubuntu1.5
阿里云评分
4.8
  • 攻击路径
    远程
  • 攻击复杂度
    容易
  • 权限要求
    无需权限
  • 影响范围
    有限影响
  • EXP成熟度
    EXP 已公开
  • 补丁情况
    官方补丁
  • 数据保密性
    数据泄露
  • 数据完整性
    传输被破坏
  • 服务器危害
    无影响
  • 全网数量
    N/A
CWE-ID 漏洞类型
CWE-78 OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
阿里云安全产品覆盖情况