Main Vulnerability Database Exploits ID:894 - Exploit for Memory corruption in Bash - CVE-2014-6277

ID:894 - Exploit for Memory corruption in Bash - CVE-2014-6277

Published: March 18, 2020

Vulnerability identifier: #VU5310

Vulnerability risk: Critical

CVE-ID: CVE-2014-6277

CWE-ID: CWE-119

Exploitation vector: Remote access

Vulnerable software:
Bash

Link to public exploit:

https://www.exploit-db.com/exploits/34860/

Vulnerability description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to incorrect parsing of environment variables. A remote attacker can trigger memory corruption and execute arbitrary code on the target system as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. The vulnerability was introduced by incorrect patching of vulnerabilities #1 (CVE-2014-6271) and #2 (CVE-2014-7169).

Successful exploitation results in arbitrary code execution on the vulnerable system.

Note: this vulnerability was being actively exploited in the wild.

Remediation

Update GNU Bash to version 4.3 bash43-027.

ID:894 - Exploit for Memory corruption in Bash - CVE-2014-6277

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human