一、 漏洞 CVE-2014-6271 基础信息
漏洞信息
                                        # N/A

## 漏洞概述
GNU Bash 在处理环境变量值中函数定义后的尾随字符串时存在漏洞,允许远程攻击者通过精心构造的环境变量执行任意代码。

## 影响版本
- GNU Bash 4.3 及以下版本

## 细节
- **环境变量中的函数定义**:GNU Bash 在处理环境变量值中的函数定义时会解析尾随的字符串。
- **利用场景**:该漏洞可以通过多个途径被利用,包括 OpenSSH 的 ForceCommand 特性、Apache HTTP Server 的 mod_cgi 和 mod_cgid 模块、未指明的 DHCP 客户端脚本执行以及在设置环境跨越特权边界从 Bash 执行的情况。
- **漏洞名称**:该漏洞被称为 "ShellShock"。

## 影响
- **代码执行**:允许攻击者执行任意代码,具有严重的安全风险。
- **额外注意**:原始的修复方案是不正确的,后续又出现了一个新的漏洞 CVE-2014-7169,其影响仍然存在。
提示
尽管我们采用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。
神龙会尽力确保数据准确,但也请结合实际情况进行甄别与判断。
神龙祝您一切顺利!
漏洞标题
N/A
来源:美国国家漏洞数据库 NVD
漏洞描述信息
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.
来源:美国国家漏洞数据库 NVD
CVSS信息
N/A
来源:美国国家漏洞数据库 NVD
漏洞类别
N/A
来源:美国国家漏洞数据库 NVD
漏洞标题
GNU Bash 远程代码执行漏洞
来源:中国国家信息安全漏洞库 CNNVD
漏洞描述信息
GNU Bash是美国软件开发者布莱恩-福克斯(Brian J. Fox)为GNU计划而编写的一个Shell(命令语言解释器),它运行于类Unix操作系统中(Linux系统的默认Shell),并能够从标准输入设备或文件中读取、执行命令,同时也结合了一部分ksh和csh的特点。 GNU Bash 4.3及之前版本中存在安全漏洞,该漏洞源于程序没有正确处理环境变量值内的函数定义。远程攻击者可借助特制的环境变量利用该漏洞执行任意代码。以下产品和模块可能会被利用:OpenSSH sshd中的ForceComman
来源:中国国家信息安全漏洞库 CNNVD
CVSS信息
N/A
来源:中国国家信息安全漏洞库 CNNVD
漏洞类别
授权问题
来源:中国国家信息安全漏洞库 CNNVD
二、漏洞 CVE-2014-6271 的公开POC
# POC 描述 源链接 神龙链接
1 Collected fixes for bash CVE-2014-6271 https://github.com/dlitz/bash-cve-2014-6271-fixes POC详情
2 Patch for CVE-2014-6271 https://github.com/npm/ansible-bashpocalypse POC详情
3 patched-bash-4.3 for CVE-2014-6271 https://github.com/ryancnelson/patched-bash-4.3 POC详情
4 Chef cookbook that will fail if bash vulnerability found per CVE-2014-6271 https://github.com/jblaine/cookbook-bash-CVE-2014-6271 POC详情
5 None https://github.com/rrreeeyyy/cve-2014-6271-spec POC详情
6 Python Scanner for "ShellShock" (CVE-2014-6271) https://github.com/scottjpack/shellshock_scanner POC详情
7 Written fro CVE-2014-6271 https://github.com/Anklebiter87/Cgi-bin_bash_Reverse POC详情
8 a auto script to fix CVE-2014-6271 bash vulnerability https://github.com/justzx2011/bash-up POC详情
9 None https://github.com/mattclegg/CVE-2014-6271 POC详情
10 Quick and dirty nessus .audit file to check is bash is vulnerable to CVE-2014-6271 https://github.com/ilismal/Nessus_CVE-2014-6271_check POC详情
11 CVE-2014-6271 RCE tool https://github.com/RainMak3r/Rainstorm POC详情
12 Simple script to check for CVE-2014-6271 https://github.com/gabemarshall/shocknaww POC详情
13 None https://github.com/woltage/CVE-2014-6271 POC详情
14 CVE-2014-6271の検証用Vagrantfileです https://github.com/ariarijp/vagrant-shellshock POC详情
15 scripts associate with bourne shell EVN function parsing vulnerability CVE-2014-6271 https://github.com/themson/shellshock POC详情
16 CVE-2014-6271 (ShellShock) RCE PoC tool https://github.com/securusglobal/BadBash POC详情
17 scaner for cve-2014-6271 https://github.com/villadora/CVE-2014-6271 POC详情
18 Salt recipe for shellshock (CVE-2014-6271) https://github.com/APSL/salt-shellshock POC详情
19 Ansible role to check the CVE-2014-6271 vulnerability https://github.com/teedeedubya/bash-fix-exploit POC详情
20 Debian Lenny Bash packages with cve-2014-6271 patches (i386 and amd64) https://github.com/internero/debian-lenny-bash_3.2.52-cve-2014-6271 POC详情
21 None https://github.com/u20024804/bash-3.2-fixed-CVE-2014-6271 POC详情
22 None https://github.com/u20024804/bash-4.2-fixed-CVE-2014-6271 POC详情
23 None https://github.com/u20024804/bash-4.3-fixed-CVE-2014-6271 POC详情
24 A python script to enumerate CGI scripts vulnerable to CVE-2014-6271 on one specific server https://github.com/francisck/shellshock-cgi POC详情
25 A script, in C, to check if CGI scripts are vulnerable to CVE-2014-6271 (The Bash Bug) https://github.com/proclnas/ShellShock-CGI-Scan POC详情
26 CVE-2014-6271 Remote Interactive Shell - PoC Exploit https://github.com/sch3m4/RIS POC详情
27 None https://github.com/ryeyao/CVE-2014-6271_Test POC详情
28 shellshock CVE-2014-6271 CGI Exploit, Use like Openssh via CGI https://github.com/cj1324/CGIShell POC详情
29 This module determine the vulnerability of a bash binary to the shellshock exploits (CVE-2014-6271 or CVE-2014-7169) and then patch that where possible https://github.com/renanvicente/puppet-shellshock POC详情
30 Android app to scan for bash Vulnerability - CVE-2014-6271 also known as Shellshock https://github.com/indiandragon/Shellshock-Vulnerability-Scan POC详情
31 :scream: Python library and utility for CVE-2014-6271 (aka. "shellshock") https://github.com/ramnes/pyshellshock POC详情
32 This is a Python Application that helps you detect if your machine that run bash is vulnerable by CVE-2014-6271 https://github.com/akiraaisha/shellshocker-python POC详情
33 Using google to scan sites for "ShellShock" (CVE-2014-6271) https://github.com/352926/shellshock_crawler POC详情
34 system reading course https://github.com/kelleykong/cve-2014-6271-mengjia-kong POC详情
35 reading course https://github.com/huanlu/cve-2014-6271-huan-lu POC详情
36 This is an Android Application that helps you detect if your machine that run bash is vulnerable by CVE-2014-6271 https://github.com/sunnyjiang/shellshocker-android POC详情
37 A script, in C, to check if CGI scripts are vulnerable to CVE-2014-6271 (The Bash Bug). https://github.com/P0cL4bs/ShellShock-CGI-Scan POC详情
38 Vulnerability as a service: showcasing CVS-2014-6271, a.k.a. Shellshock https://github.com/hmlio/vaas-cve-2014-6271 POC详情
39 Shellshock exploit + vulnerable environment https://github.com/opsxcq/exploit-CVE-2014-6271 POC详情
40 None https://github.com/Pilou-Pilou/docker_CVE-2014-6271. POC详情
41 Shellshock POC | CVE-2014-6271 | cgi-bin reverse shell https://github.com/zalalov/CVE-2014-6271 POC详情
42 A simple python shell-like exploit for the Shellschok CVE-2014-6271 bug. https://github.com/heikipikker/shellshock-shell POC详情
43 Shellshock exploitation script that is able to upload and RCE using any vector due to its versatility. https://github.com/0x00-0x00/CVE-2014-6271 POC详情
44 CS4238 Computer Security Practices https://github.com/kowshik-sundararajan/CVE-2014-6271 POC详情
45 Shellshock vulnerability attacker https://github.com/w4fz5uck5/ShockZaum-CVE-2014-6271 POC详情
46 None https://github.com/Aruthw/CVE-2014-6271 POC详情
47 cve-2014-6271 https://github.com/cved-sources/cve-2014-6271 POC详情
48 None https://github.com/shawntns/exploit-CVE-2014-6271 POC详情
49 None https://github.com/Sindadziy/cve-2014-6271 POC详情
50 cve-2014-6271 https://github.com/wenyu1999/bash-shellshock POC详情
51 None https://github.com/Sindayifu/CVE-2019-14287-CVE-2014-6271 POC详情
52 None https://github.com/Any3ite/CVE-2014-6271 POC详情
53 *CVE-2014-6271* Unix Arbitrary Code Execution Exploit commonly know as Shell Shock. Examples, Docs, Incident Response and Vulnerability/Risk Assessment, and Additional Resources may be dumped here. Enjoy :) --- somhmxxghoul --- https://github.com/somhm-solutions/Shell-Shock POC详情
54 This is an individual assignment for secure network programming https://github.com/rashmikadileeshara/CVE-2014-6271-Shellshock- POC详情
55 None https://github.com/Dilith006/CVE-2014-6271 POC详情
56 None https://github.com/cyberharsh/Shellbash-CVE-2014-6271 POC详情
57 None https://github.com/MuirlandOracle/CVE-2014-6271-IPFire POC详情
58 This Repo is PoC environment of CVE-2014-6271(https://nvd.nist.gov/vuln/detail/cve-2014-6271). https://github.com/mochizuki875/CVE-2014-6271-Apache-Debian POC详情
59 Shellshock exploit aka CVE-2014-6271 https://github.com/b4keSn4ke/CVE-2014-6271 POC详情
60 CVE-2014-6271 Shellshock https://github.com/hadrian3689/shellshock POC详情
61 ShellShock interactive-shell exploit https://github.com/akr3ch/CVE-2014-6271 POC详情
62 None https://github.com/0xConstant/CVE-2014-6271 POC详情
63 [Python/Shell] - Tested in HackTheBox - Shocker (Easy) CVE-2014-6271 https://github.com/Gurguii/cgi-bin-shellshock POC详情
64 A docker container vulnerable to Shellshock - CVE-2014-6271 https://github.com/anujbhan/shellshock-victim-host POC详情
65 [CVE-2014-6271] Apache Shellshock Remote Command Injection tool for quick reverse shell and file browsing https://github.com/FilipStudeny/-CVE-2014-6271-Shellshock-Remote-Command-Injection- POC详情
66 None https://github.com/mritunjay-k/CVE-2014-6271 POC详情
67 None https://github.com/Brandaoo/CVE-2014-6271 POC详情
68 Exploitation of "Shellshock" Vulnerability. Remote code execution in Apache with mod_cgi https://github.com/Jsmoreira02/CVE-2014-6271 POC详情
69 None https://github.com/hanmin0512/CVE-2014-6271_pwnable POC详情
70 Shellshock vulnerability reverse shell https://github.com/0xTabun/CVE-2014-6271 POC详情
71 EXPLOIT FOR CVE-2014-6271 https://github.com/0xN7y/CVE-2014-6271 POC详情
72 The Shellshock Exploit is a tool designed to efficiently exploit the Shellshock vulnerability (CVE-2014-6271) in susceptible CGI servers, enabling a precise takeover of the target server. Shellshock is a critical security vulnerability that affects the Bash shell, allowing attackers to execute arbitrary commands on the targeted system https://github.com/MY7H404/CVE-2014-6271-Shellshock POC详情
73 Shellshock exploit (CVE-2014-6271) https://github.com/AlissoftCodes/Shellshock POC详情
74 Python3 Shellshock (CVE-2014-6271) Scanner https://github.com/hackintoanetwork/shellshock POC详情
75 Shellshock exploit (CVE-2014-6271) https://github.com/AlissonFaoli/Shellshock POC详情
76 Shelly is a lightweight and efficient vulnerability scanner designed to identify and mitigate Shellshock (CVE-2014-6271 & CVE-2014-7169) vulnerabilities in Bash environments. https://github.com/ajansha/shellshock POC详情
77 A PoC exploit for CVE-2014-6271 - Shellshock https://github.com/K3ysTr0K3R/CVE-2014-6271-EXPLOIT POC详情
78 Exploit para abusar de la vulnerabilidad Shellshock (CVE-2014-6271). https://github.com/TheRealCiscoo/Shellshock-Exploit POC详情
79 None https://github.com/RadYio/CVE-2014-6271 POC详情
80 None https://github.com/banomaly/CVE-2014-6271 POC详情
81 Vulnerability Exploitation https://github.com/YunchoHang/CVE-2014-6271-SHELLSHOCK POC详情
82 GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka ShellShock. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2014/CVE-2014-6271.yaml POC详情
83 None https://github.com/Threekiii/Awesome-POC/blob/master/%E6%93%8D%E4%BD%9C%E7%B3%BB%E7%BB%9F%E6%BC%8F%E6%B4%9E/Shellshock%20%E7%A0%B4%E5%A3%B3%E6%BC%8F%E6%B4%9E%20CVE-2014-6271.md POC详情
84 None https://github.com/chaitin/xray-plugins/blob/main/poc/manual/bash-cve-2014-6271.yml POC详情
85 https://github.com/vulhub/vulhub/blob/master/bash/CVE-2014-6271/README.md POC详情
86 None https://github.com/Isidoro4-kor/bash-CVE-2014-6271 POC详情
87 Shellshock Vulnerability Scanner https://github.com/moften/CVE-2014-6271 POC详情
88 CVE-2014-6271(RCE) poc Exploit https://github.com/knightc0de/Shellshock_vuln_Exploit POC详情
89 This is my implementation of shellshock exploit https://github.com/rsherstnev/CVE-2014-6271 POC详情
三、漏洞 CVE-2014-6271 的情报信息
四、漏洞 CVE-2014-6271 的评论

暂无评论

发表评论