1. Home
  2. Mapping Frameworks
  3. Known Exploited Vulnerabilities Home
  4. GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability

Known Exploited Vulnerabilities CVE-2014-6271

GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name Notes
CVE-2014-6271 GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability exploitation_technique T1190 Exploit Public-Facing Application
Comments
CVE-2014-6271 allows environment variables set from service/HTTP requests on a serve (e.g. HTTP_COOKIE) in Bash shell that allows for spawning a child shell with the authority/privilege level of the parent shell to perform RCE of code provided by the adversary in the request.
References
  1. https://lcamtuf.blogspot.com/2014/09/quick-notes-about-bash-bug-its-impact.html
CVE-2014-6271 GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability exploitation_technique T1133 External Remote Services
Comments
CVE-2014-6271 allows environment variables set from service/HTTP requests on a serve (e.g. HTTP_COOKIE) in Bash shell that allows for spawning a child shell with the authority/privilege level of the parent shell to perform RCE of code provided by the adversary in the request.
References
  1. https://lcamtuf.blogspot.com/2014/09/quick-notes-about-bash-bug-its-impact.html
CVE-2014-6271 GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability primary_impact T1059.004 Unix Shell
Comments
CVE-2014-6271 allows environment variables set from service/HTTP requests on a serve (e.g. HTTP_COOKIE) in Bash shell that allows for spawning a child shell with the authority/privilege level of the parent shell to perform RCE of code provided by the adversary in the request.
References
  1. https://lcamtuf.blogspot.com/2014/09/quick-notes-about-bash-bug-its-impact.html