Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.882031
Category:CentOS Local Security Checks
Title:CentOS Update for bash CESA-2014:1306 centos6
Summary:The remote host is missing an update for the 'bash'; package(s) announced via the referenced advisory.
Description:Summary:
The remote host is missing an update for the 'bash'
package(s) announced via the referenced advisory.

Vulnerability Insight:
The GNU Bourne Again shell (Bash) is a shell and command language
interpreter compatible with the Bourne shell (sh). Bash is the default
shell for Red Hat Enterprise Linux.

It was found that the fix for CVE-2014-6271 was incomplete, and Bash still
allowed certain characters to be injected into other environments via
specially crafted environment variables. An attacker could potentially use
this flaw to override or bypass environment restrictions to execute shell
commands. Certain services and applications allow remote unauthenticated
attackers to provide environment variables, allowing them to exploit this
issue. (CVE-2014-7169)

Applications which directly create bash functions as environment variables
need to be made aware of changes to the way names are handled by this
update. For more information see the Knowledgebase article at the linked references.

Note: Docker users are advised to use 'yum update' within their containers,
and to commit the resulting changes.

For additional information on CVE-2014-6271 and CVE-2014-7169, refer to the
aforementioned Knowledgebase article.

All bash users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue.

Affected Software/OS:
bash on CentOS 6

Solution:
Please install the updated packages.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2014-7169
http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html
Bugtraq: 20141001 NEW VMSA-2014-0010 - VMware product updates address critical Bash security vulnerabilities (Google Search)
http://www.securityfocus.com/archive/1/533593/100/0/threaded
Cert/CC Advisory: TA14-268A
http://www.us-cert.gov/ncas/alerts/TA14-268A
CERT/CC vulnerability note: VU#252743
http://www.kb.cert.org/vuls/id/252743
Cisco Security Advisory: 20140926 GNU Bash Environmental Variable Command Injection Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash
Debian Security Information: DSA-3035 (Google Search)
http://www.debian.org/security/2014/dsa-3035
https://www.exploit-db.com/exploits/34879/
http://seclists.org/fulldisclosure/2014/Oct/0
HPdes Security Advisory: HPSBGN03117
http://marc.info/?l=bugtraq&m=141216207813411&w=2
HPdes Security Advisory: HPSBGN03138
http://marc.info/?l=bugtraq&m=141330468527613&w=2
HPdes Security Advisory: HPSBGN03141
http://marc.info/?l=bugtraq&m=141383304022067&w=2
HPdes Security Advisory: HPSBGN03142
http://marc.info/?l=bugtraq&m=141383244821813&w=2
HPdes Security Advisory: HPSBGN03233
http://marc.info/?l=bugtraq&m=142118135300698&w=2
HPdes Security Advisory: HPSBHF03119
http://marc.info/?l=bugtraq&m=141216668515282&w=2
HPdes Security Advisory: HPSBHF03124
http://marc.info/?l=bugtraq&m=141235957116749&w=2
HPdes Security Advisory: HPSBHF03125
http://marc.info/?l=bugtraq&m=141345648114150&w=2
HPdes Security Advisory: HPSBHF03145
http://marc.info/?l=bugtraq&m=141383465822787&w=2
HPdes Security Advisory: HPSBHF03146
http://marc.info/?l=bugtraq&m=141383353622268&w=2
HPdes Security Advisory: HPSBMU03133
http://marc.info/?l=bugtraq&m=141330425327438&w=2
HPdes Security Advisory: HPSBMU03143
http://marc.info/?l=bugtraq&m=141383026420882&w=2
HPdes Security Advisory: HPSBMU03144
http://marc.info/?l=bugtraq&m=141383081521087&w=2
HPdes Security Advisory: HPSBMU03165
http://marc.info/?l=bugtraq&m=141577137423233&w=2
HPdes Security Advisory: HPSBMU03182
http://marc.info/?l=bugtraq&m=141585637922673&w=2
HPdes Security Advisory: HPSBMU03217
http://marc.info/?l=bugtraq&m=141879528318582&w=2
HPdes Security Advisory: HPSBMU03220
http://marc.info/?l=bugtraq&m=142721162228379&w=2
HPdes Security Advisory: HPSBMU03245
http://marc.info/?l=bugtraq&m=142358026505815&w=2
HPdes Security Advisory: HPSBMU03246
http://marc.info/?l=bugtraq&m=142358078406056&w=2
HPdes Security Advisory: HPSBOV03228
http://marc.info/?l=bugtraq&m=142113462216480&w=2
HPdes Security Advisory: HPSBST03122
http://marc.info/?l=bugtraq&m=141319209015420&w=2
HPdes Security Advisory: HPSBST03129
http://marc.info/?l=bugtraq&m=141383196021590&w=2
HPdes Security Advisory: HPSBST03131
http://marc.info/?l=bugtraq&m=141383138121313&w=2
HPdes Security Advisory: HPSBST03148
http://marc.info/?l=bugtraq&m=141694386919794&w=2
HPdes Security Advisory: HPSBST03154
http://marc.info/?l=bugtraq&m=141577297623641&w=2
HPdes Security Advisory: HPSBST03155
http://marc.info/?l=bugtraq&m=141576728022234&w=2
HPdes Security Advisory: HPSBST03157
http://marc.info/?l=bugtraq&m=141450491804793&w=2
HPdes Security Advisory: HPSBST03181
http://marc.info/?l=bugtraq&m=141577241923505&w=2
HPdes Security Advisory: HPSBST03195
http://marc.info/?l=bugtraq&m=142805027510172&w=2
HPdes Security Advisory: SSRT101711
HPdes Security Advisory: SSRT101739
HPdes Security Advisory: SSRT101742
HPdes Security Advisory: SSRT101819
HPdes Security Advisory: SSRT101827
HPdes Security Advisory: SSRT101868
http://jvn.jp/en/jp/JVN55667175/index.html
http://jvndb.jvn.jp/jvndb/JVNDB-2014-000126
http://www.mandriva.com/security/advisories?name=MDVSA-2015:164
http://lcamtuf.blogspot.com/2014/09/quick-notes-about-bash-bug-its-impact.html
http://packetstormsecurity.com/files/128517/VMware-Security-Advisory-2014-0010.html
http://packetstormsecurity.com/files/128567/CA-Technologies-GNU-Bash-Shellshock.html
http://twitter.com/taviso/statuses/514887394294652929
http://www.openwall.com/lists/oss-security/2014/09/24/32
RedHat Security Advisories: RHSA-2014:1306
http://rhn.redhat.com/errata/RHSA-2014-1306.html
RedHat Security Advisories: RHSA-2014:1311
http://rhn.redhat.com/errata/RHSA-2014-1311.html
RedHat Security Advisories: RHSA-2014:1312
http://rhn.redhat.com/errata/RHSA-2014-1312.html
RedHat Security Advisories: RHSA-2014:1354
http://rhn.redhat.com/errata/RHSA-2014-1354.html
http://secunia.com/advisories/58200
http://secunia.com/advisories/59272
http://secunia.com/advisories/59737
http://secunia.com/advisories/59907
http://secunia.com/advisories/60024
http://secunia.com/advisories/60034
http://secunia.com/advisories/60044
http://secunia.com/advisories/60055
http://secunia.com/advisories/60063
http://secunia.com/advisories/60193
http://secunia.com/advisories/60325
http://secunia.com/advisories/60433
http://secunia.com/advisories/60947
http://secunia.com/advisories/61065
http://secunia.com/advisories/61128
http://secunia.com/advisories/61129
http://secunia.com/advisories/61188
http://secunia.com/advisories/61283
http://secunia.com/advisories/61287
http://secunia.com/advisories/61291
http://secunia.com/advisories/61312
http://secunia.com/advisories/61313
http://secunia.com/advisories/61328
http://secunia.com/advisories/61442
http://secunia.com/advisories/61471
http://secunia.com/advisories/61479
http://secunia.com/advisories/61485
http://secunia.com/advisories/61503
http://secunia.com/advisories/61550
http://secunia.com/advisories/61552
http://secunia.com/advisories/61565
http://secunia.com/advisories/61603
http://secunia.com/advisories/61618
http://secunia.com/advisories/61619
http://secunia.com/advisories/61622
http://secunia.com/advisories/61626
http://secunia.com/advisories/61633
http://secunia.com/advisories/61641
http://secunia.com/advisories/61643
http://secunia.com/advisories/61654
http://secunia.com/advisories/61676
http://secunia.com/advisories/61700
http://secunia.com/advisories/61703
http://secunia.com/advisories/61711
http://secunia.com/advisories/61715
http://secunia.com/advisories/61780
http://secunia.com/advisories/61816
http://secunia.com/advisories/61855
http://secunia.com/advisories/61857
http://secunia.com/advisories/61873
http://secunia.com/advisories/62228
http://secunia.com/advisories/62312
http://secunia.com/advisories/62343
SuSE Security Announcement: SUSE-SU-2014:1247 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00042.html
SuSE Security Announcement: SUSE-SU-2014:1259 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00048.html
SuSE Security Announcement: SUSE-SU-2014:1287 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00004.html
SuSE Security Announcement: openSUSE-SU-2014:1229 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00038.html
SuSE Security Announcement: openSUSE-SU-2014:1242 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00041.html
SuSE Security Announcement: openSUSE-SU-2014:1254 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00044.html
SuSE Security Announcement: openSUSE-SU-2014:1308 (Google Search)
http://lists.opensuse.org/opensuse-updates/2014-10/msg00023.html
SuSE Security Announcement: openSUSE-SU-2014:1310 (Google Search)
http://lists.opensuse.org/opensuse-updates/2014-10/msg00025.html
http://www.ubuntu.com/usn/USN-2363-1
http://www.ubuntu.com/usn/USN-2363-2
Common Vulnerability Exposure (CVE) ID: CVE-2014-6271
BugTraq ID: 70103
http://www.securityfocus.com/bid/70103
Debian Security Information: DSA-3032 (Google Search)
http://www.debian.org/security/2014/dsa-3032
https://www.exploit-db.com/exploits/37816/
https://www.exploit-db.com/exploits/38849/
https://www.exploit-db.com/exploits/39918/
https://www.exploit-db.com/exploits/40619/
https://www.exploit-db.com/exploits/40938/
https://www.exploit-db.com/exploits/42938/
HPdes Security Advisory: HPSBST03196
http://marc.info/?l=bugtraq&m=142719845423222&w=2
HPdes Security Advisory: HPSBST03265
http://marc.info/?l=bugtraq&m=142546741516006&w=2
HPdes Security Advisory: SSRT101816
http://packetstormsecurity.com/files/128573/Apache-mod_cgi-Remote-Command-Execution.html
http://packetstormsecurity.com/files/137376/IPFire-Bash-Environment-Variable-Injection-Shellshock.html
http://packetstormsecurity.com/files/161107/SonicWall-SSL-VPN-Shellshock-Remote-Code-Execution.html
RedHat Security Advisories: RHSA-2014:1293
http://rhn.redhat.com/errata/RHSA-2014-1293.html
RedHat Security Advisories: RHSA-2014:1294
http://rhn.redhat.com/errata/RHSA-2014-1294.html
RedHat Security Advisories: RHSA-2014:1295
http://rhn.redhat.com/errata/RHSA-2014-1295.html
http://secunia.com/advisories/61542
http://secunia.com/advisories/61547
SuSE Security Announcement: SUSE-SU-2014:1212 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00028.html
SuSE Security Announcement: SUSE-SU-2014:1213 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00029.html
SuSE Security Announcement: SUSE-SU-2014:1223 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00034.html
SuSE Security Announcement: SUSE-SU-2014:1260 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00049.html
SuSE Security Announcement: openSUSE-SU-2014:1226 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00037.html
SuSE Security Announcement: openSUSE-SU-2014:1238 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00040.html
http://www.ubuntu.com/usn/USN-2362-1
CopyrightCopyright (C) 2014 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.