CVE-2014-7186
Description
The redirection implementation in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted use of here documents, aka the "redir_stack" issue.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
Exploits
Public proof-of-concept code below. AS-IS, for defenders and authorised testing only.
Exploit-DB
dhclient 4.1 - Bash Environment Variable Command Injection (Shellshock)
GNU bash 4.3.11 - Environment Variable dhclient
OS impact
Debian Fixed 5 releases
| Version | Status | Fixed in |
|---|---|---|
| trixie | Fixed | 4.3-9.2 |
| sid | Fixed | 4.3-9.2 |
| forky | Fixed | 4.3-9.2 |
| bullseye | Fixed | 4.3-9.2 |
| bookworm | Fixed | 4.3-9.2 |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| gnu | bash | 1.14.0 | |
| gnu | bash | 1.14.1 | |
| gnu | bash | 1.14.2 | |
| gnu | bash | 1.14.3 | |
| gnu | bash | 1.14.4 | |
| gnu | bash | 1.14.5 | |
| gnu | bash | 1.14.6 | |
| gnu | bash | 1.14.7 | |
| gnu | bash | 2.0 | |
| gnu | bash | 2.01 | |
| gnu | bash | 2.01.1 | |
| gnu | bash | 2.02 | |
| gnu | bash | 2.02.1 | |
| gnu | bash | 2.03 | |
| gnu | bash | 2.04 | |
| gnu | bash | 2.05 | |
| gnu | bash | 3.0 | |
| gnu | bash | 3.0.16 | |
| gnu | bash | 3.1 | |
| gnu | bash | 3.2 | |
| gnu | bash | 3.2.48 | |
| gnu | bash | 4.0 | |
| gnu | bash | 4.1 | |
| gnu | bash | 4.2 | |
| gnu | bash | 4.3 | |
References
- http://jvn.jp/en/jp/JVN55667175/index.html
- http://jvndb.jvn.jp/jvndb/JVNDB-2014-000126
- http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html
- http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html
- http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00038.html
- http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00041.html
- http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00042.html
- http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00044.html
- http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00048.html
- http://marc.info/?l=bugtraq&m=141330468527613&w=2
- http://marc.info/?l=bugtraq&m=141345648114150&w=2
- http://marc.info/?l=bugtraq&m=141383026420882&w=2
- http://marc.info/?l=bugtraq&m=141383081521087&w=2
- http://marc.info/?l=bugtraq&m=141383138121313&w=2
- http://marc.info/?l=bugtraq&m=141383196021590&w=2
- http://marc.info/?l=bugtraq&m=141383244821813&w=2
- http://marc.info/?l=bugtraq&m=141383304022067&w=2
- http://marc.info/?l=bugtraq&m=141450491804793&w=2
- http://marc.info/?l=bugtraq&m=141576728022234&w=2
- http://marc.info/?l=bugtraq&m=141577137423233&w=2
- http://marc.info/?l=bugtraq&m=141577241923505&w=2
- http://marc.info/?l=bugtraq&m=141577297623641&w=2
- http://marc.info/?l=bugtraq&m=141585637922673&w=2
- http://marc.info/?l=bugtraq&m=141694386919794&w=2
- http://marc.info/?l=bugtraq&m=141879528318582&w=2
CWEs
CWE-119
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.