CVE-2014-6271 GNU Bash through 4.3 任意代碼執行漏洞

From PwnWiki
Revision as of 16:10, 7 April 2021 by Pwnwiki (talk | contribs) (Created page with "==INFO== GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

INFO

GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.

EXP

https://github.com/JustYoomoon/Exploit/blob/main/cve-2014-6271.zip

Retrieved from "https://pwnwiki.com/index.php?title=CVE-2014-6271_GNU_Bash_through_4.3_任意代碼執行漏洞&oldid=1102"