严重 Bash Shellshock 命令执行漏洞
CVE编号
CVE-2014-6271利用情况
EXP 已公开补丁情况
官方补丁披露时间
2014-09-25漏洞描述
GNU Bash(Bourne again shell)是一个命令语言解释器,能够从标准输入设备或文件读取、执行命令,结合部分ksh 和csh特点,同时也执行IEEE POSIX Shell(IEEE Working Group 1003.2)规范。 GNU Bash 4.3及之前版本存在安全漏洞,可能导致cgi程序在服务器上发送恶意的http请求,允许攻击者利用漏洞执行任意代码。该漏洞产生的原因是bash在完成函数定义后并未退出,而是继续解析并执行shell命令,导致漏洞产生严重后果。解决建议
请广大用户关注厂商官网及时下载升级程序:http://www.gnu.org/software/bash/受影响软件情况
| # | 类型 | 厂商 | 产品 | 版本 | 影响面 | ||||
| 1 | |||||||||
|---|---|---|---|---|---|---|---|---|---|
| 运行在以下环境 | |||||||||
| 应用 | gnu | bash | 1.14.0 | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | gnu | bash | 1.14.1 | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | gnu | bash | 1.14.2 | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | gnu | bash | 1.14.3 | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | gnu | bash | 1.14.4 | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | gnu | bash | 1.14.5 | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | gnu | bash | 1.14.6 | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | gnu | bash | 1.14.7 | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | gnu | bash | 2.0 | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | gnu | bash | 2.01 | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | gnu | bash | 2.01.1 | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | gnu | bash | 2.02 | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | gnu | bash | 2.02.1 | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | gnu | bash | 2.03 | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | gnu | bash | 2.04 | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | gnu | bash | 2.05 | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | gnu | bash | 3.0 | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | gnu | bash | 3.0.16 | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | gnu | bash | 3.1 | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | gnu | bash | 3.2 | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | gnu | bash | 3.2.48 | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | gnu | bash | 4.0 | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | gnu | bash | 4.1 | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | gnu | bash | 4.2 | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | gnu | bash | 4.3 | - | |||||
| 运行在以下环境 | |||||||||
| 系统 | debian | DPKG | * | Up to (excluding) 4.3-9.1 | |||||
| 运行在以下环境 | |||||||||
| 系统 | redhat_7 | bash | * | Up to (excluding) 0:4.1.2-15.el6_5.1 | |||||
| 运行在以下环境 | |||||||||
| 系统 | suse_12 | bash-lang | * | Up to (excluding) 4.2-75 | |||||
| 运行在以下环境 | |||||||||
| 系统 | ubuntu_12.04.5_lts | bash | * | Up to (excluding) 4.2-2ubuntu2.2 | |||||
| 运行在以下环境 | |||||||||
| 系统 | ubuntu_14.04.6_lts | bash | * | Up to (excluding) 4.3-7ubuntu1.1 | |||||
- 攻击路径 远程
- 攻击复杂度 容易
- 权限要求 无需权限
- 影响范围 全局影响
- EXP成熟度 EXP 已公开
- 补丁情况 官方补丁
- 数据保密性 数据泄露
- 数据完整性 传输被破坏
- 服务器危害 服务器失陷
- 全网数量 N/A
| CWE-ID | 漏洞类型 |
| CWE-78 | OS命令中使用的特殊元素转义处理不恰当(OS命令注入) |
Exp相关链接
- https://github.com//opsxcq/exploit-CVE-2014-6271
- https://github.com/0x00-0x00/CVE-2014-6271
- https://github.com/akiraaisha/shellshocker-python
- https://github.com/Anklebiter87/Cgi-bin_bash_Reverse
- https://github.com/Any3ite/CVE-2014-6271
- https://github.com/APSL/salt-shellshock
- https://github.com/ariarijp/vagrant-shellshock
- https://github.com/Aruthw/CVE-2014-6271
- https://github.com/cj1324/CGIShell
- https://github.com/cved-sources/cve-2014-6271
- https://github.com/cyberharsh/Shellbash-CVE-2014-6271
- https://github.com/Dilith006/CVE-2014-6271
- https://github.com/dlitz/bash-cve-2014-6271-fixes
- https://github.com/francisck/shellshock-cgi
- https://github.com/gabemarshall/shocknaww
- https://github.com/hmlio/vaas-cve-2014-6271
- https://github.com/huanlu/cve-2014-6271-huan-lu
- https://github.com/ilismal/Nessus_CVE-2014-6271_check
- https://github.com/indiandragon/Shellshock-Vulnerability-Scan
- https://github.com/internero/debian-lenny-bash_3.2.52-cve-2014-6271
- https://github.com/jblaine/cookbook-bash-CVE-2014-6271
- https://github.com/justzx2011/bash-up
- https://github.com/kelleykong/cve-2014-6271-mengjia-kong
- https://github.com/kowshik-sundararajan/CVE-2014-6271
- https://github.com/mattclegg/CVE-2014-6271
- https://github.com/MuirlandOracle/CVE-2014-6271
- https://github.com/MuirlandOracle/CVE-2014-6271-IPFire
- https://github.com/npm/ansible-bashpocalypse
- https://github.com/opsxcq/exploit-CVE-2014-6271
- https://github.com/P0cL4bs/ShellShock-CGI-Scan
- https://github.com/Pilou-Pilou/docker_CVE-2014-6271
- https://github.com/proclnas/ShellShock-CGI-Scan
- https://github.com/pwnGuy/shellshock-shell
- https://github.com/RainMak3r/Rainstorm
- https://github.com/ramnes/pyshellshock
- https://github.com/rashmikadileeshara/CVE-2014-6271-Shellshock-
- https://github.com/renanvicente/puppet-shellshock
- https://github.com/rrreeeyyy/cve-2014-6271-spec
- https://github.com/ryancnelson/patched-bash-4.3
- https://github.com/ryeyao/CVE-2014-6271_Test
- https://github.com/sch3m4/RIS
- https://github.com/scottjpack/shellshock_scanner
- https://github.com/securusglobal/BadBash
- https://github.com/shawntns/exploit-CVE-2014-6271
- https://github.com/Sindadziy/cve-2014-6271
- https://github.com/Sindayifu/CVE-2019-14287-CVE-2014-6271
- https://github.com/somhm-solutions/Shell-Shock
- https://github.com/sunnyjiang/shellshocker-android
- https://github.com/teedeedubya/bash-fix-exploit
- https://github.com/themson/shellshock
- https://github.com/u20024804/bash-3.2-fixed-CVE-2014-6271
- https://github.com/u20024804/bash-4.2-fixed-CVE-2014-6271
- https://github.com/u20024804/bash-4.3-fixed-CVE-2014-6271
- https://github.com/villadora/CVE-2014-6271
- https://github.com/vonnyfly/shellshock_crawler
- https://github.com/vulhub/vulhub/tree/master/bash/shellshock
- https://github.com/w4fz5uck5/ShockZaum-CVE-2014-6271
- https://github.com/wenyu1999/bash-shellshock
- https://github.com/woltage/CVE-2014-6271
- https://github.com/zalalov/CVE-2014-6271
- https://gitlab.com/glicOne/exploit-CVE-2014-6271
- https://pentesterlab.com/exercises/cve-2014-6271/course
- https://raw.githubusercontent.com/projectdiscovery/nuclei-templates/master/cves/CVE-2014-6271.yaml
- https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/auxiliary/scanner/http/apache_mod_cgi_bash_env.rb
- https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/auxiliary/server/dhclient_bash_env.rb
- https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/advantech_switch_bash_env_exec.rb
- https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/ipfire_bashbug_exec.rb
- https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/ftp/pureftpd_bash_env_exec.rb
- https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/http/apache_mod_cgi_bash_env_exec.rb
- https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/http/cups_bash_env_exec.rb
- https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/osx/local/vmware_bash_function_root.rb
- https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/dhcp/bash_environment.rb
- https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/smtp/qmail_bash_env_exec.rb
- https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/
- https://www.exploit-db.com/exploits/34765
- https://www.exploit-db.com/exploits/34766
- https://www.exploit-db.com/exploits/34777
- https://www.exploit-db.com/exploits/34839
- https://www.exploit-db.com/exploits/34860
- https://www.exploit-db.com/exploits/34862
- https://www.exploit-db.com/exploits/34879
- https://www.exploit-db.com/exploits/34895
- https://www.exploit-db.com/exploits/34896
- https://www.exploit-db.com/exploits/34900
- https://www.exploit-db.com/exploits/35115
- https://www.exploit-db.com/exploits/35146
- https://www.exploit-db.com/exploits/36503
- https://www.exploit-db.com/exploits/36504
- https://www.exploit-db.com/exploits/36609
- https://www.exploit-db.com/exploits/37816
- https://www.exploit-db.com/exploits/38849
- https://www.exploit-db.com/exploits/39918
- https://www.exploit-db.com/exploits/40619
- https://www.exploit-db.com/exploits/40938
- https://www.exploit-db.com/exploits/42938
版权声明
本站原创文章转载请注明文章出处及链接,谢谢合作!
评论