CVE-2014-7169
Confirmed PUBLISHEDGNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables,...
Recommended Action
Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.
At a Glance
GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271.
- CVE Published
- Sep 25, 2014
- Exploitation Reported
- Jan 28, 2022
- CVSS
- 9.8 Critical
- EPSS
- —
Affected Versions
| Vendor | Product | Version | Status |
|---|---|---|---|
| n/a |
n/a
|
n/a |
Affected |
CVE References
- HPSBMU03165 marc.info · Vendor Advisory http://marc.info/?l=bugtraq&m=141577137423233&w=2
- HPSBHF03119 marc.info · Vendor Advisory http://marc.info/?l=bugtraq&m=141216668515282&w=2
- HPSBST03131 marc.info · Vendor Advisory http://marc.info/?l=bugtraq&m=141383138121313&w=2
- SSRT101819 marc.info · Vendor Advisory http://marc.info/?l=bugtraq&m=142721162228379&w=2
- HPSBMU03245 marc.info · Vendor Advisory http://marc.info/?l=bugtraq&m=142358026505815&w=2
Show 155 more references
- openSUSE-SU-2014:1229 lists.opensuse.org · Vendor Advisory http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00038...
- openSUSE-SU-2014:1254 lists.opensuse.org · Vendor Advisory http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00044...
- HPSBMU03143 marc.info · Vendor Advisory http://marc.info/?l=bugtraq&m=141383026420882&w=2
- HPSBMU03182 marc.info · Vendor Advisory http://marc.info/?l=bugtraq&m=141585637922673&w=2
- RHSA-2014:1306 rhn.redhat.com · Vendor Advisory http://rhn.redhat.com/errata/RHSA-2014-1306.html
- HPSBST03155 marc.info · Vendor Advisory http://marc.info/?l=bugtraq&m=141576728022234&w=2
- USN-2363-2 ubuntu.com · Vendor Advisory http://www.ubuntu.com/usn/USN-2363-2
- openSUSE-SU-2014:1310 lists.opensuse.org · Vendor Advisory http://lists.opensuse.org/opensuse-updates/2014-10/msg00025.html
- HPSBMU03246 marc.info · Vendor Advisory http://marc.info/?l=bugtraq&m=142358078406056&w=2
- HPSBST03195 marc.info · Vendor Advisory http://marc.info/?l=bugtraq&m=142805027510172&w=2
- SSRT101711 marc.info · Vendor Advisory http://marc.info/?l=bugtraq&m=142113462216480&w=2
- openSUSE-SU-2014:1308 lists.opensuse.org · Vendor Advisory http://lists.opensuse.org/opensuse-updates/2014-10/msg00023.html
- HPSBST03122 marc.info · Vendor Advisory http://marc.info/?l=bugtraq&m=141319209015420&w=2
- HPSBMU03217 marc.info · Vendor Advisory http://marc.info/?l=bugtraq&m=141879528318582&w=2
- RHSA-2014:1312 rhn.redhat.com · Vendor Advisory http://rhn.redhat.com/errata/RHSA-2014-1312.html
- USN-2363-1 ubuntu.com · Vendor Advisory http://www.ubuntu.com/usn/USN-2363-1
- SSRT101868 marc.info · Vendor Advisory http://marc.info/?l=bugtraq&m=142118135300698&w=2
- HPSBST03129 marc.info · Vendor Advisory http://marc.info/?l=bugtraq&m=141383196021590&w=2
- HPSBMU03144 marc.info · Vendor Advisory http://marc.info/?l=bugtraq&m=141383081521087&w=2
- SUSE-SU-2014:1247 lists.opensuse.org · Vendor Advisory http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00042...
- SUSE-SU-2014:1287 lists.opensuse.org · Vendor Advisory http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00004...
- APPLE-SA-2014-10-16-1 archives.neohapsis.com · Vendor Advisory http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html
- MDVSA-2015:164 mandriva.com · Vendor Advisory http://www.mandriva.com/security/advisories?name=MDVSA-2015:164
- HPSBST03157 marc.info · Vendor Advisory http://marc.info/?l=bugtraq&m=141450491804793&w=2
- openSUSE-SU-2014:1242 lists.opensuse.org · Vendor Advisory http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00041...
- HPSBST03154 marc.info · Vendor Advisory http://marc.info/?l=bugtraq&m=141577297623641&w=2
- HPSBGN03142 marc.info · Vendor Advisory http://marc.info/?l=bugtraq&m=141383244821813&w=2
- HPSBMU03133 marc.info · Vendor Advisory http://marc.info/?l=bugtraq&m=141330425327438&w=2
- HPSBST03181 marc.info · Vendor Advisory http://marc.info/?l=bugtraq&m=141577241923505&w=2
- RHSA-2014:1354 rhn.redhat.com · Vendor Advisory http://rhn.redhat.com/errata/RHSA-2014-1354.html
- HPSBGN03117 marc.info · Vendor Advisory http://marc.info/?l=bugtraq&m=141216207813411&w=2
- HPSBHF03145 marc.info · Vendor Advisory http://marc.info/?l=bugtraq&m=141383465822787&w=2
- HPSBST03148 marc.info · Vendor Advisory http://marc.info/?l=bugtraq&m=141694386919794&w=2
- HPSBGN03138 marc.info · Vendor Advisory http://marc.info/?l=bugtraq&m=141330468527613&w=2
- HPSBHF03124 marc.info · Vendor Advisory http://marc.info/?l=bugtraq&m=141235957116749&w=2
- HPSBHF03125 marc.info · Vendor Advisory http://marc.info/?l=bugtraq&m=141345648114150&w=2
- HPSBHF03146 marc.info · Vendor Advisory http://marc.info/?l=bugtraq&m=141383353622268&w=2
- HPSBGN03141 marc.info · Vendor Advisory http://marc.info/?l=bugtraq&m=141383304022067&w=2
- RHSA-2014:1311 rhn.redhat.com · Vendor Advisory http://rhn.redhat.com/errata/RHSA-2014-1311.html
- DSA-3035 debian.org · Vendor Advisory http://www.debian.org/security/2014/dsa-3035
- 20140926 GNU Bash Environmental Variable Command Injection Vulnerability tools.cisco.com · Vendor Advisory http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/...
- SUSE-SU-2014:1259 lists.opensuse.org · Vendor Advisory http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00048...
- 61188 secunia.com · Third-Party Advisory http://secunia.com/advisories/61188
- JVN#55667175 jvn.jp · Third-Party Advisory http://jvn.jp/en/jp/JVN55667175/index.html
- 61676 secunia.com · Third-Party Advisory http://secunia.com/advisories/61676
- 60433 secunia.com · Third-Party Advisory http://secunia.com/advisories/60433
- 61715 secunia.com · Third-Party Advisory http://secunia.com/advisories/61715
- 61816 secunia.com · Third-Party Advisory http://secunia.com/advisories/61816
- 61442 secunia.com · Third-Party Advisory http://secunia.com/advisories/61442
- 61283 secunia.com · Third-Party Advisory http://secunia.com/advisories/61283
- 61654 secunia.com · Third-Party Advisory http://secunia.com/advisories/61654
- 62312 secunia.com · Third-Party Advisory http://secunia.com/advisories/62312
- 59272 secunia.com · Third-Party Advisory http://secunia.com/advisories/59272
- 61703 secunia.com · Third-Party Advisory http://secunia.com/advisories/61703
- VU#252743 kb.cert.org · Third-Party Advisory http://www.kb.cert.org/vuls/id/252743
- 61065 secunia.com · Third-Party Advisory http://secunia.com/advisories/61065
- JVNDB-2014-000126 jvndb.jvn.jp · Third-Party Advisory http://jvndb.jvn.jp/jvndb/JVNDB-2014-000126
- TA14-268A us-cert.gov · Third-Party Advisory http://www.us-cert.gov/ncas/alerts/TA14-268A
- 61641 secunia.com · Third-Party Advisory http://secunia.com/advisories/61641
- 61619 secunia.com · Third-Party Advisory http://secunia.com/advisories/61619
- 60325 secunia.com · Third-Party Advisory http://secunia.com/advisories/60325
- 60024 secunia.com · Third-Party Advisory http://secunia.com/advisories/60024
- 61622 secunia.com · Third-Party Advisory http://secunia.com/advisories/61622
- 62343 secunia.com · Third-Party Advisory http://secunia.com/advisories/62343
- 61565 secunia.com · Third-Party Advisory http://secunia.com/advisories/61565
- 61313 secunia.com · Third-Party Advisory http://secunia.com/advisories/61313
- 61873 secunia.com · Third-Party Advisory http://secunia.com/advisories/61873
- 61485 secunia.com · Third-Party Advisory http://secunia.com/advisories/61485
- 61618 secunia.com · Third-Party Advisory http://secunia.com/advisories/61618
- 60947 secunia.com · Third-Party Advisory http://secunia.com/advisories/60947
- 61312 secunia.com · Third-Party Advisory http://secunia.com/advisories/61312
- 60193 secunia.com · Third-Party Advisory http://secunia.com/advisories/60193
- 61479 secunia.com · Third-Party Advisory http://secunia.com/advisories/61479
- 60063 secunia.com · Third-Party Advisory http://secunia.com/advisories/60063
- 60034 secunia.com · Third-Party Advisory http://secunia.com/advisories/60034
- 59907 secunia.com · Third-Party Advisory http://secunia.com/advisories/59907
- 58200 secunia.com · Third-Party Advisory http://secunia.com/advisories/58200
- 61643 secunia.com · Third-Party Advisory http://secunia.com/advisories/61643
- 61503 secunia.com · Third-Party Advisory http://secunia.com/advisories/61503
- 61552 secunia.com · Third-Party Advisory http://secunia.com/advisories/61552
- 61780 secunia.com · Third-Party Advisory http://secunia.com/advisories/61780
- 62228 secunia.com · Third-Party Advisory http://secunia.com/advisories/62228
- 61855 secunia.com · Third-Party Advisory http://secunia.com/advisories/61855
- 60044 secunia.com · Third-Party Advisory http://secunia.com/advisories/60044
- 61291 secunia.com · Third-Party Advisory http://secunia.com/advisories/61291
- 59737 secunia.com · Third-Party Advisory http://secunia.com/advisories/59737
- 61287 secunia.com · Third-Party Advisory http://secunia.com/advisories/61287
- 61711 secunia.com · Third-Party Advisory http://secunia.com/advisories/61711
- 61128 secunia.com · Third-Party Advisory http://secunia.com/advisories/61128
- 61471 secunia.com · Third-Party Advisory http://secunia.com/advisories/61471
- 60055 secunia.com · Third-Party Advisory http://secunia.com/advisories/60055
- 61550 secunia.com · Third-Party Advisory http://secunia.com/advisories/61550
- 61633 secunia.com · Third-Party Advisory http://secunia.com/advisories/61633
- 61328 secunia.com · Third-Party Advisory http://secunia.com/advisories/61328
- 61129 secunia.com · Third-Party Advisory http://secunia.com/advisories/61129
- 61700 secunia.com · Third-Party Advisory http://secunia.com/advisories/61700
- 61626 secunia.com · Third-Party Advisory http://secunia.com/advisories/61626
- 61603 secunia.com · Third-Party Advisory http://secunia.com/advisories/61603
- 61857 secunia.com · Third-Party Advisory http://secunia.com/advisories/61857
- 34879 exploit-db.com · Exploit https://www.exploit-db.com/exploits/34879/
- [oss-security] 20140924 Re: CVE-2014-6271: remote code execution through bash openwall.com · Mailing List http://www.openwall.com/lists/oss-security/2014/09/24/32
- 20141001 NEW VMSA-2014-0010 - VMware product updates address critical Bash security vulnerabilities securityfocus.com · Mailing List http://www.securityfocus.com/archive/1/533593/100/0/threaded
- 20141001 FW: NEW VMSA-2014-0010 - VMware product updates address critical Bash security vulnerabilities seclists.org · Mailing List http://seclists.org/fulldisclosure/2014/Oct/0
- packetstormsecurity.com/files/128517/VMware-Security-Advisory-2014-0... packetstormsecurity.com · CVE Record http://packetstormsecurity.com/files/128517/VMware-Security-Advisory-...
- www-01.ibm.com/support/docview.wss www-01.ibm.com · CVE Record http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004897
- www-01.ibm.com/support/docview.wss www-01.ibm.com · CVE Record http://www-01.ibm.com/support/docview.wss?uid=swg21685749
- supportcenter.checkpoint.com/supportcenter/portal supportcenter.checkpoint.com · CVE Record https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit...
- www-01.ibm.com/support/docview.wss www-01.ibm.com · CVE Record http://www-01.ibm.com/support/docview.wss?uid=swg21686084
- www-01.ibm.com/support/docview.wss www-01.ibm.com · CVE Record http://www-01.ibm.com/support/docview.wss?uid=swg21686479
- www-01.ibm.com/support/docview.wss www-01.ibm.com · CVE Record http://www-01.ibm.com/support/docview.wss?uid=swg21685541
- oracle.com/technetwork/topics/security/bashcve-2014-716... oracle.com · CVE Record http://www.oracle.com/technetwork/topics/security/bashcve-2014-7169-2...
- kc.mcafee.com/corporate/index kc.mcafee.com · CVE Record https://kc.mcafee.com/corporate/index?page=content&id=SB10085
- novell.com/support/kb/doc.php novell.com · CVE Record http://www.novell.com/support/kb/doc.php?id=7015701
- www-947.ibm.com/support/entry/portal/docdisplay www-947.ibm.com · CVE Record http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5...
- support.f5.com/kb/en-us/solutions/public/15000/600/sol15629... support.f5.com · CVE Record https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15629.html
- www-01.ibm.com/support/docview.wss www-01.ibm.com · CVE Record http://www-01.ibm.com/support/docview.wss?uid=swg21685604
- support.apple.com/kb/HT6495 support.apple.com · CVE Record http://support.apple.com/kb/HT6495
- linux.oracle.com/errata/ELSA-2014-3075.html linux.oracle.com · CVE Record http://linux.oracle.com/errata/ELSA-2014-3075.html
- www-01.ibm.com/support/docview.wss www-01.ibm.com · CVE Record http://www-01.ibm.com/support/docview.wss?uid=swg21686445
- support.novell.com/security/cve/CVE-2014-7169.html support.novell.com · CVE Record http://support.novell.com/security/cve/CVE-2014-7169.html
- www-01.ibm.com/support/docview.wss www-01.ibm.com · CVE Record http://www-01.ibm.com/support/docview.wss?uid=swg21686131
- kb.juniper.net/InfoCenter/index kb.juniper.net · CVE Record https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10648
- access.redhat.com/node/1200223 access.redhat.com · CVE Record https://access.redhat.com/node/1200223
- www-01.ibm.com/support/docview.wss www-01.ibm.com · CVE Record http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004898
- www-01.ibm.com/support/docview.wss www-01.ibm.com · CVE Record http://www-01.ibm.com/support/docview.wss?uid=swg21685914
- linux.oracle.com/errata/ELSA-2014-3078.html linux.oracle.com · CVE Record http://linux.oracle.com/errata/ELSA-2014-3078.html
- support.hpe.com/hpsc/doc/public/display support.hpe.com · CVE Record https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId...
- help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Cen... help.ecostruxureit.com · CVE Record https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Da...
- packetstormsecurity.com/files/128567/CA-Technologies-GNU-Bash-Shells... packetstormsecurity.com · CVE Record http://packetstormsecurity.com/files/128567/CA-Technologies-GNU-Bash-...
- access.redhat.com/articles/1200223 access.redhat.com · CVE Record https://access.redhat.com/articles/1200223
- advisories.mageia.org/MGASA-2014-0393.html advisories.mageia.org · CVE Record http://advisories.mageia.org/MGASA-2014-0393.html
- suse.com/support/shellshock suse.com · CVE Record https://www.suse.com/support/shellshock/
- support.hpe.com/hpsc/doc/public/display support.hpe.com · CVE Record https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId...
- support.apple.com/kb/HT6535 support.apple.com · CVE Record https://support.apple.com/kb/HT6535
- www-01.ibm.com/support/docview.wss www-01.ibm.com · CVE Record http://www-01.ibm.com/support/docview.wss?uid=isg3T1021272
- vmware.com/security/advisories/VMSA-2014-0010.html vmware.com · CVE Record http://www.vmware.com/security/advisories/VMSA-2014-0010.html
- lcamtuf.blogspot.com/2014/09/quick-notes-about-bash-bug-its-impac... lcamtuf.blogspot.com · CVE Record http://lcamtuf.blogspot.com/2014/09/quick-notes-about-bash-bug-its-im...
- twitter.com/taviso/statuses/514887394294652929 twitter.com · CVE Record http://twitter.com/taviso/statuses/514887394294652929
- novell.com/support/kb/doc.php novell.com · CVE Record http://www.novell.com/support/kb/doc.php?id=7015721
- www-01.ibm.com/support/docview.wss www-01.ibm.com · CVE Record http://www-01.ibm.com/support/docview.wss?uid=swg21687079
- www-01.ibm.com/support/docview.wss www-01.ibm.com · CVE Record http://www-01.ibm.com/support/docview.wss?uid=swg21686246
- www-01.ibm.com/support/docview.wss www-01.ibm.com · CVE Record http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004915
- qnap.com/i/en/support/con_show.php qnap.com · CVE Record http://www.qnap.com/i/en/support/con_show.php?cid=61
- www-01.ibm.com/support/docview.wss www-01.ibm.com · CVE Record http://www-01.ibm.com/support/docview.wss?uid=isg3T1021279
- support.citrix.com/article/CTX200223 support.citrix.com · CVE Record https://support.citrix.com/article/CTX200223
- linux.oracle.com/errata/ELSA-2014-3077.html linux.oracle.com · CVE Record http://linux.oracle.com/errata/ELSA-2014-3077.html
- www-01.ibm.com/support/docview.wss www-01.ibm.com · CVE Record http://www-01.ibm.com/support/docview.wss?uid=swg21686447
- www-01.ibm.com/support/docview.wss www-01.ibm.com · CVE Record http://www-01.ibm.com/support/docview.wss?uid=isg3T1021361
- support.citrix.com/article/CTX200217 support.citrix.com · CVE Record https://support.citrix.com/article/CTX200217
- www-01.ibm.com/support/docview.wss www-01.ibm.com · CVE Record http://www-01.ibm.com/support/docview.wss?uid=swg21686494
- linux.oracle.com/errata/ELSA-2014-1306.html linux.oracle.com · CVE Record http://linux.oracle.com/errata/ELSA-2014-1306.html
- kb.bluecoat.com/index kb.bluecoat.com · CVE Record https://kb.bluecoat.com/index?page=content&id=SA82
- www-01.ibm.com/support/docview.wss www-01.ibm.com · CVE Record http://www-01.ibm.com/support/docview.wss?uid=swg21685733
- www-01.ibm.com/support/docview.wss www-01.ibm.com · CVE Record http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004879
- arista.com/en/support/advisories-notices/security-advis... arista.com · CVE Record https://www.arista.com/en/support/advisories-notices/security-advisor...
Recommended Actions
- Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.
- Use the Pro API to automate enrichment, telemetry, and workflow delivery for VM, SOC, and CTI pipelines.
Known Exploited Vulnerability Sources
Catalogues that list this CVE as a known exploited vulnerability.
Per-source evidence links for KEV attestations are available through the KEVIntel Pro API.
Learn about Pro API access| Source | Added |
|---|---|
| CISA First | 2022-01-28 00:00 UTC |
No detection artifacts or sensor request patterns are available for this CVE yet.
Check back as sensor telemetry and scanner integrations are updated.
Virtual Patch
Compensating WAF rules to help reduce exposure to this CVE. Rule content and deployable vendor exports are available with KEVIntel Enterprise.
KEVIntel does not currently have a virtual patch for this CVE. When available, KEVIntel virtual patches ship as deployable ModSecurity, Cloudflare, and AWS WAF rules.
Enterprise feature. Virtual patch rule content and deployable vendor exports (ModSecurity, Cloudflare, AWS WAF) are available to KEVIntel Enterprise users.
CVSS Scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AV:N/AC:L/Au:N/C:C/I:C/A:C
Exploitation Status
Exploited in the wild
Recorded 2022-01-28 00:00:00 UTC · CISA
Weaknesses (CWE)
-
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Timeline
Key exploitation, disclosure, scanner coverage, and KEV attestation events for this CVE.
-
00:00 UTC over 4 years ago00:00 UTC · over 4 years ago
Added to CISA KEV
Listed in the CISA Known Exploited Vulnerabilities catalog
-
01:00 UTC almost 12 years ago01:00 UTC · almost 12 years ago
CVE published
Vulnerability disclosed publicly
-
00:00 UTC almost 12 years ago00:00 UTC · almost 12 years ago
CVE ID reserved
Identifier reserved by the CNA
Automate This Intelligence with the Pro API
Confidence scoring, exploit status, sensor telemetry, PoCs, scanner integrations, mentions, and tags are available programmatically for VM, SOC, and CTI workflows.
Pro API Example
GET /api/v2/pro/kevs/CVE-2014-7169
{
"cve_id": "CVE-2014-7169",
"title": "GNU Bash through 4.3 bash43-025 processes trailing strings after certain malf...",
"affected_vendor": "GNU",
"affected_product": "Bash",
"affected_versions": [
{ "vendor": "...", "product": "...", "status": "affected", "display_label": "..." }
],
"confidence": "Confirmed",
"cvss_score": 9.8,
"epss_score": null,
"exploit_status": {
"exploited_in_the_wild": true,
"active_exploitation_observed": false
},
"sensor_telemetry": { "...": "Pro API fields" },
"proof_of_concepts": [ "..." ],
"scanner_integrations": [ "..." ]
}