Main Vulnerability Database Exploits ID:2373 - Exploit for Memory corruption in Bash - CVE-2014-7186

ID:2373 - Exploit for Memory corruption in Bash - CVE-2014-7186

Published: April 7, 2020

Vulnerability identifier: #VU5327

Vulnerability risk: Critical

CVE-ID: CVE-2014-7186

CWE-ID: CWE-119

Exploitation vector: Remote access

Vulnerable software:
Bash

Link to public exploit:

https://github.com/opsxcq/exploit-CVE-2014-6271

Vulnerability description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to out-of-bounds memory access while handling multiple "<<EOF" declarations. A remote attacker can trigger memory corruption and execute arbitrary code.

Exploitation example:

bash -c 'true <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF' ||  echo "CVE-2014-7186 vulnerable, redir_stack"

Successful exploitation results in arbitrary code execution on the vulnerable system.

Note: this vulnerability was being actively exploited.

Remediation

Update GNU Bash to version 4.3 bash43-027.

ID:2373 - Exploit for Memory corruption in Bash - CVE-2014-7186

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human