Bash.Function.Definitions.Remote.Code.Execution

Description

This indicates an attack attempt to exploit a Remote Code Execution vulnerability in Bash.
The vulnerability is due to insufficient sanitizing of user supplied inputs in the application. A remote attacker may be able exploit this to execute arbitrary code within the context of the application.

Affected Products

Bash

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Upgrade to the latest version available from the website.
http://ftp.gnu.org/pub/gnu/bash/bash-3.0-patches/bash30-017
http://ftp.gnu.org/pub/gnu/bash/bash-3.1-patches/bash31-018
http://ftp.gnu.org/pub/gnu/bash/bash-3.2-patches/bash32-052
http://ftp.gnu.org/pub/gnu/bash/bash-4.0-patches/bash40-039
http://ftp.gnu.org/pub/gnu/bash/bash-4.1-patches/bash41-012
http://ftp.gnu.org/pub/gnu/bash/bash-4.2-patches/bash42-048
http://ftp.gnu.org/pub/gnu/bash/bash-4.3-patches/bash43-025
Based on our analysis and attempts to leverage CVE-2014-7169 for remote code execution, we do not believe that it is remotely exploitable universally. However due to the nature of CVE-2014-7169 we believe the signature for CVE-2014-6271 can cover CVE-2014-7169 as well.
For CVE-2014-7186 and CVE-2014-7187, we believe the risk of it is low based on our analysis. To exploit it remotely, an attacker will probably have to leverage CVE-2014-6271 or CVE-2014-6278, both of which are covered by the signature in this report.

References

49499 49436 http://www.exploit-db.com/exploits/34896/ https://ics-cert.us-cert.gov/advisories/ICSA-14-269-01 https://www.us-cert.gov/ncas/current-activity/2014/09/24/Bourne-Again-Shell-Bash-Remote-Code-Execution-Vulnerability