NVD Vulnerability Detail

CVE-2014-6271

Summary	GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.
Summary	GNU Bash hasta la versión 4.3 procesa cadenas finales después de las definiciones de funciones en los valores de variables de entorno, lo que permite a atacantes remotos ejecutar código arbitrario a través de un entorno manipulado, tal como se ha demostrado por vectores que involucran la característica ForceCommand en sshd OpenSSH, los módulos mod_cgi y mod_cgid en el Apache HTTP Server, scripts ejecutados por clientes DHCP no especificados, y otras situaciones en las cuales el ajuste de entorno ocurre a través de un límite privilegiado de la ejecución de Bash, también conocido como "ShellShock." NOTA: la reparación original para este problema era incorrecta; CVE-2014-7169 ha sido asignada para cubrir la vulnerabilidad que todavía está presente después de la solución incorrecta.
Publication Date	Sept. 25, 2014, 3:48 a.m.
Registration Date	Jan. 26, 2021, 3:16 p.m.
Last Update	April 23, 2026, 1:07 a.m.

CVSS3.1 : CRITICAL
スコア	9.8
Vector	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	低
攻撃に必要な特権レベル(PR)	不要
利用者の関与(UI)	不要
影響の想定範囲(S)	変更なし
機密性への影響(C)	高
完全性への影響(I)	高
可用性への影響(A)	高

CVSS2.0 : HIGH
Score	10.0
Vector	AV:N/AC:L/Au:N/C:C/I:C/A:C
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	低
攻撃前の認証要否(Au)	不要
機密性への影響(C)	高
完全性への影響(I)	高
可用性への影響(A)	高
Get all privileges.	いいえ
Get user privileges	いいえ
Get other privileges	いいえ
User operation required	いいえ

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:gnu:bash::::::::		4.3
cpe:2.3:o:arista:eos::::::::	4.9.0			4.9.12
cpe:2.3:o:arista:eos::::::::	4.10.0			4.10.9
cpe:2.3:o:arista:eos::::::::	4.11.0			4.11.11
cpe:2.3:o:arista:eos::::::::	4.12.0			4.12.9
cpe:2.3:o:arista:eos::::::::	4.13.0			4.13.9
cpe:2.3:o:arista:eos::::::::	4.14.0			4.14.4f
cpe:2.3:o:oracle:linux:4:::::::*
cpe:2.3:o:oracle:linux:5:-::::::
cpe:2.3:o:oracle:linux:6:-::::::
cpe:2.3:o:qnap:qts::::::::				4.1.1
cpe:2.3:o:qnap:qts:4.1.1:-::::::
cpe:2.3:o:qnap:qts:4.1.1:build_0927::::::
cpe:2.3:o:mageia:mageia:3.0:::::::*
cpe:2.3:o:mageia:mageia:4.0:::::::*
cpe:2.3:a:redhat:gluster_storage_server_for_on-premise:2.1:::::::*
cpe:2.3:a:redhat:virtualization:3.4:::::::*
cpe:2.3:o:redhat:enterprise_linux:4.0:::::::*
cpe:2.3:o:redhat:enterprise_linux:5.0:::::::*
cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*
cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_eus:5.9:::::::*
cpe:2.3:o:redhat:enterprise_linux_eus:6.4:::::::*
cpe:2.3:o:redhat:enterprise_linux_eus:6.5:::::::*
cpe:2.3:o:redhat:enterprise_linux_eus:7.3:::::::*
cpe:2.3:o:redhat:enterprise_linux_eus:7.4:::::::*
cpe:2.3:o:redhat:enterprise_linux_eus:7.5:::::::*
cpe:2.3:o:redhat:enterprise_linux_eus:7.6:::::::*
cpe:2.3:o:redhat:enterprise_linux_eus:7.7:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:5.9_s390x:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:6.4_s390x:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:6.5_s390x:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.3_s390x:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.4_s390x:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.5_s390x:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.6_s390x:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.7_s390x:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:5.0_ppc:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:5.9_ppc:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:6.0_ppc64:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:6.4_ppc64:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0_ppc64:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:6.5_ppc64:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.3_ppc64:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.4_ppc64:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.5_ppc64:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.6_ppc64:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.7_ppc64:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:6.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_server:5.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_aus:5.6:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_aus:5.9:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_aus:6.2:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_from_rhui:5.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_from_rhui:6.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_from_rhui:7.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_tus:6.5:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:::::::*
cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
cpe:2.3:a:suse:studio_onsite:1.3:::::::*
cpe:2.3:o:opensuse:opensuse:12.3:::::::*
cpe:2.3:o:opensuse:opensuse:13.1:::::::*
cpe:2.3:o:opensuse:opensuse:13.2:::::::*
cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3::::::
cpe:2.3:o:suse:linux_enterprise_desktop:12:-::::::
cpe:2.3:o:suse:linux_enterprise_server:10:sp3:::ltss:::*
cpe:2.3:o:suse:linux_enterprise_server:10:sp4:::ltss:::*
cpe:2.3:o:suse:linux_enterprise_server:11:sp1:::ltss:-::
cpe:2.3:o:suse:linux_enterprise_server:11:sp2:::ltss:::*
cpe:2.3:o:suse:linux_enterprise_server:11:sp3::::-::*
cpe:2.3:o:suse:linux_enterprise_server:11:sp3::::vmware::*
cpe:2.3:o:suse:linux_enterprise_server:12:-::::::
cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp3::::::
cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:-::::::
cpe:2.3:o:debian:debian_linux:7.0:::::::*
cpe:2.3:a:ibm:infosphere_guardium_database_activity_monitoring:8.2:::::::*
cpe:2.3:a:ibm:infosphere_guardium_database_activity_monitoring:9.0:::::::*
cpe:2.3:a:ibm:infosphere_guardium_database_activity_monitoring:9.1:::::::*
cpe:2.3:a:ibm:pureapplication_system::::::::	1.0.0.0	1.0.0.4
cpe:2.3:a:ibm:pureapplication_system::::::::	1.1.0.0	1.1.0.4
cpe:2.3:a:ibm:pureapplication_system:2.0.0.0:::::::*
cpe:2.3:a:ibm:qradar_risk_manager:7.1.0:::::::*
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.0:::::::*
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.0:mr1::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.0:mr2::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.1:-::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.1:p1::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.1:p2::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.1:p3::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.2:-::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.2:p1::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.2:p10::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.2:p11::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.2:p12::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.2:p13::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.2:p2::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.2:p3::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.2:p4::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.2:p5::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.2:p6::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.2:p7::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.2:p8::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.2:p9::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2:::::::*
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.0:-::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.0:p1::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.0:p2::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.0:p3::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.1:-::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.1:p1::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.1:p2::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.1:p3::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.2:-::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.2:p1::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.2:p2::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.2:p3::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.2:p4::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.3:-::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.3:p1::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.3:p2::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.3:p3::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.3:p4::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.4:-::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.4:p1::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.4:p2::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.4:p3::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.4:p4::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.4:p5::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.4:p6::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.5:-::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.5:p1::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.5:p2::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.5:p3::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.5:p4::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.5:p5::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.5:p6::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.6:-::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.6:p1::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.6:p2::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.6:p3::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.6:p4::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.6:p5::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.6:p6::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.6:p7::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.7:-::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.7:p1::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.7:p2::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.7:p3::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.7:p4::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.8:-::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.8:p1::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.8:p10::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.8:p11::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.8:p12::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.8:p13::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.8:p14::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.8:p15::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.8:p16::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.8:p2::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.8:p3::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.8:p4::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.8:p5::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.8:p6::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.8:p7::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.8:p8::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.8:p9::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.8.15:::::::*
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.9:::::::*
cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.0:::::::*
cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.1:::::::*
cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.2:::::::*
cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.3:::::::*
cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.4:::::::*
cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.6:p1::::::
cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.6:p2::::::
cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.6:p3::::::
cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.6:p4::::::
cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.6:p5::::::
cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.6:p6::::::
cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.6:p7::::::
cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.8:-::::::
cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.8:p1::::::
cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.8:p10::::::
cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.8:p11::::::
cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.8:p12::::::
cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.8:p13::::::
cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.8:p14::::::
cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.8:p15::::::
cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.8:p16::::::
cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.8:p17::::::
cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.8:p2::::::
cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.8:p3::::::
cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.8:p4::::::
cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.8:p5::::::
cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.8:p6::::::
cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.8:p7::::::
cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.8:p8::::::
cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.8:p9::::::
cpe:2.3:a:ibm:smartcloud_entry_appliance:2.3.0:::::::*
cpe:2.3:a:ibm:smartcloud_entry_appliance:2.4.0:::::::*
cpe:2.3:a:ibm:smartcloud_entry_appliance:3.1.0:::::::*
cpe:2.3:a:ibm:smartcloud_entry_appliance:3.2.0:::::::*
cpe:2.3:a:ibm:smartcloud_provisioning:2.1.0:::::::*
cpe:2.3:a:ibm:software_defined_network_for_virtual_environments:::::kvm:::*				1.2.1
cpe:2.3:a:ibm:software_defined_network_for_virtual_environments:::::openflow:::*				1.2.1
cpe:2.3:a:ibm:software_defined_network_for_virtual_environments:::::vmware:::*				1.2.1
cpe:2.3:a:ibm:starter_kit_for_cloud:2.2.0:::::::*
cpe:2.3:a:ibm:workload_deployer::::::::	3.1.0	3.1.0.7
cpe:2.3:o:ibm:security_access_manager_for_mobile_8.0_firmware:8.0.0.1:::::::*
cpe:2.3:o:ibm:security_access_manager_for_mobile_8.0_firmware:8.0.0.2:::::::*
cpe:2.3:o:ibm:security_access_manager_for_mobile_8.0_firmware:8.0.0.3:::::::*
cpe:2.3:o:ibm:security_access_manager_for_mobile_8.0_firmware:8.0.0.5:::::::*
cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.1:::::::*
cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.2:::::::*
cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.3:::::::*
cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.4:::::::*
cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.5:::::::*
cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.6:::::::*
cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.7:::::::*
cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.8:::::::*
cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.2:::::::*
cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.3:::::::*
cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.5:::::::*
cpe:2.3:o:ibm:storwize_v7000_firmware::::::::	1.1.0.0			1.4.3.5
cpe:2.3:o:ibm:storwize_v7000_firmware::::::::	1.5.0.0			1.5.0.4
cpe:2.3:o:ibm:storwize_v7000_firmware::::::::	7.2.0.0			7.2.0.9
cpe:2.3:o:ibm:storwize_v7000_firmware::::::::	7.3.0.0			7.3.0.7
cpe:2.3:o:ibm:storwize_v5000_firmware::::::::	1.1.0.0			7.1.0.11
cpe:2.3:o:ibm:storwize_v5000_firmware::::::::	7.2.0.0			7.2.0.9
cpe:2.3:o:ibm:storwize_v5000_firmware::::::::	7.3.0.0			7.3.0.7
cpe:2.3:o:ibm:storwize_v3700_firmware::::::::	1.1.0.0			7.1.0.11
cpe:2.3:o:ibm:storwize_v3700_firmware::::::::	7.2.0.0			7.2.0.9
cpe:2.3:o:ibm:storwize_v3700_firmware::::::::	7.3.0.0			7.3.0.7
cpe:2.3:o:ibm:storwize_v3500_firmware::::::::	1.1.0.0			7.1.0.11
cpe:2.3:o:ibm:storwize_v3500_firmware::::::::	7.2.0.0			7.2.0.9
cpe:2.3:o:ibm:storwize_v3500_firmware::::::::	7.3.0.0			7.3.0.7
cpe:2.3:o:ibm:flex_system_v7000_firmware::::::::	1.1.0.0			7.1.0.11
cpe:2.3:o:ibm:flex_system_v7000_firmware::::::::	7.2.0.0			7.2.0.9
cpe:2.3:o:ibm:flex_system_v7000_firmware::::::::	7.3.0.0			7.3.0.7
cpe:2.3:o:ibm:san_volume_controller_firmware::::::::	1.1.0.0			7.1.0.11
cpe:2.3:o:ibm:san_volume_controller_firmware::::::::	7.2.0.0			7.2.0.9
cpe:2.3:o:ibm:san_volume_controller_firmware::::::::	7.3.0.0			7.3.0.7
cpe:2.3:o:ibm:stn6500_firmware::::::::	3.8.0.0			3.8.0.07
cpe:2.3:o:ibm:stn6500_firmware::::::::	3.9.1.0			3.9.1.08
cpe:2.3:o:ibm:stn6500_firmware::::::::	4.1.2.0			4.1.2.06
cpe:2.3:o:ibm:stn6800_firmware::::::::	3.8.0.0			3.8.0.07
cpe:2.3:o:ibm:stn6800_firmware::::::::	3.9.1.0			3.9.1.08
cpe:2.3:o:ibm:stn6800_firmware::::::::	4.1.2.0			4.1.2.06
cpe:2.3:o:ibm:stn7800_firmware::::::::	3.8.0.0			3.8.0.07
cpe:2.3:o:ibm:stn7800_firmware::::::::	3.9.1.0			3.9.1.08
cpe:2.3:o:ibm:stn7800_firmware::::::::	4.1.2.0			4.1.2.06
cpe:2.3:o:canonical:ubuntu_linux:10.04::::-:::
cpe:2.3:o:canonical:ubuntu_linux:12.04::::-:::
cpe:2.3:o:canonical:ubuntu_linux:14.04::::esm:::
cpe:2.3:a:novell:zenworks_configuration_management:10.3:::::::*
cpe:2.3:a:novell:zenworks_configuration_management:11:::::::*
cpe:2.3:a:novell:zenworks_configuration_management:11.1:::::::*
cpe:2.3:a:novell:zenworks_configuration_management:11.2:::::::*
cpe:2.3:a:novell:zenworks_configuration_management:11.3.0:::::::*
cpe:2.3:o:novell:open_enterprise_server:2.0:sp3::::linux_kernel::*
cpe:2.3:o:novell:open_enterprise_server:11.0:sp2::::linux_kernel::*
cpe:2.3:a:checkpoint:security_gateway::::::::				r77.30
cpe:2.3:a:f5:big-ip_access_policy_manager::::::::	10.1.0	10.2.4
cpe:2.3:a:f5:big-ip_access_policy_manager::::::::	11.0.0	11.5.1
cpe:2.3:a:f5:big-ip_access_policy_manager:11.6.0:::::::*
cpe:2.3:a:f5:big-ip_advanced_firewall_manager::::::::	11.3.0	11.5.1
cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.6.0:::::::*
cpe:2.3:a:f5:big-ip_analytics::::::::	11.0.0	11.5.1
cpe:2.3:a:f5:big-ip_analytics:11.6.0:::::::*
cpe:2.3:a:f5:big-ip_application_acceleration_manager::::::::	11.4.0	11.5.1
cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.6.0:::::::*
cpe:2.3:a:f5:big-ip_application_security_manager::::::::	10.0.0	10.2.4
cpe:2.3:a:f5:big-ip_application_security_manager::::::::	11.0.0	11.5.1
cpe:2.3:a:f5:big-ip_application_security_manager:11.6.0:::::::*
cpe:2.3:a:f5:big-ip_edge_gateway::::::::	10.1.0	10.2.4
cpe:2.3:a:f5:big-ip_edge_gateway::::::::	11.0.0	11.3.0
cpe:2.3:a:f5:big-ip_global_traffic_manager::::::::	10.0.0	10.2.4
cpe:2.3:a:f5:big-ip_global_traffic_manager::::::::	11.0.0	11.5.1
cpe:2.3:a:f5:big-ip_global_traffic_manager:11.6.0:::::::*
cpe:2.3:a:f5:big-ip_link_controller::::::::	10.0.0	10.2.4
cpe:2.3:a:f5:big-ip_link_controller::::::::	11.0.0	11.5.1
cpe:2.3:a:f5:big-ip_link_controller:11.6.0:::::::*
cpe:2.3:a:f5:big-ip_local_traffic_manager::::::::	10.0.0	10.2.4
cpe:2.3:a:f5:big-ip_local_traffic_manager::::::::	11.0.0	11.5.1
cpe:2.3:a:f5:big-ip_local_traffic_manager:11.6.0:::::::*
cpe:2.3:a:f5:big-ip_policy_enforcement_manager::::::::	11.3.0	11.5.1
cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.6.0:::::::*
cpe:2.3:a:f5:big-ip_protocol_security_module::::::::	10.0.0	10.2.4
cpe:2.3:a:f5:big-ip_protocol_security_module::::::::	11.0.0	11.4.1
cpe:2.3:a:f5:big-ip_wan_optimization_manager::::::::	10.0.0	10.2.4
cpe:2.3:a:f5:big-ip_wan_optimization_manager::::::::	11.0.0	11.3.0
cpe:2.3:a:f5:big-ip_webaccelerator::::::::	10.0.0	10.2.4
cpe:2.3:a:f5:big-ip_webaccelerator::::::::	11.0.0	11.3.0
cpe:2.3:a:f5:big-iq_cloud::::::::	4.0.0	4.4.0
cpe:2.3:a:f5:big-iq_device::::::::	4.2.0	4.4.0
cpe:2.3:a:f5:big-iq_security::::::::	4.0.0	4.4.0
cpe:2.3:a:f5:enterprise_manager::::::::	2.1.0	2.3.0
cpe:2.3:a:f5:enterprise_manager::::::::	3.0.0	3.1.1
cpe:2.3:a:f5:traffix_signaling_delivery_controller::::::::	4.0.0	4.0.5
cpe:2.3:a:f5:traffix_signaling_delivery_controller:3.3.2:::::::*
cpe:2.3:a:f5:traffix_signaling_delivery_controller:3.4.1:::::::*
cpe:2.3:a:f5:traffix_signaling_delivery_controller:3.5.1:::::::*
cpe:2.3:a:f5:traffix_signaling_delivery_controller:4.1.0:::::::*
cpe:2.3:o:f5:arx_firmware::::::::	6.0.0	6.4.0
cpe:2.3:o:citrix:netscaler_sdx_firmware::::::::				9.3.67.5r1
cpe:2.3:o:citrix:netscaler_sdx_firmware::::::::	10			10.1.129.11r1
cpe:2.3:o:citrix:netscaler_sdx_firmware::::::::	10.5			10.5.52.11r1
cpe:2.3:o:apple:mac_os_x::::::::	10.0.0			10.10.0
cpe:2.3:a:vmware:vcenter_server_appliance:5.0:::::::*
cpe:2.3:a:vmware:vcenter_server_appliance:5.0:update_1::::::
cpe:2.3:a:vmware:vcenter_server_appliance:5.0:update_2::::::
cpe:2.3:a:vmware:vcenter_server_appliance:5.1:::::::*
cpe:2.3:a:vmware:vcenter_server_appliance:5.1:update_1::::::
cpe:2.3:a:vmware:vcenter_server_appliance:5.1:update_2::::::
cpe:2.3:a:vmware:vcenter_server_appliance:5.5:-::::::
cpe:2.3:a:vmware:vcenter_server_appliance:5.5:update_1::::::
cpe:2.3:o:vmware:esx:4.0:::::::*
cpe:2.3:o:vmware:esx:4.1:::::::*

Configuration2		or higher	or less	more than	less than

Related information, measures and tools

No	URL	refsource
1	http://advisories.mageia.org/MGASA-2014-0388.html	security@debian.org
2	http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html	security@debian.org
3	http://jvn.jp/en/jp/JVN55667175/index.html	security@debian.org
4	http://jvndb.jvn.jp/jvndb/JVNDB-2014-000126	security@debian.org
5	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10673	security@debian.org
6	http://lcamtuf.blogspot.com/2014/09/quick-notes-about-bash-bug-its-impact.html	security@debian.org
7	http://linux.oracle.com/errata/ELSA-2014-1293.html	security@debian.org
8	http://linux.oracle.com/errata/ELSA-2014-1294.html	security@debian.org
9	http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00028.html	security@debian.org
10	http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00029.html	security@debian.org
11	http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00034.html	security@debian.org
12	http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00037.html	security@debian.org
13	http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00040.html	security@debian.org
14	http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00044.html	security@debian.org
15	http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00049.html	security@debian.org
16	http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00004.html	security@debian.org
17	http://lists.opensuse.org/opensuse-updates/2014-10/msg00023.html	security@debian.org
18	http://lists.opensuse.org/opensuse-updates/2014-10/msg00025.html	security@debian.org
19	http://marc.info/?l=bugtraq&m=141216207813411&w=2	security@debian.org
20	http://marc.info/?l=bugtraq&m=141216668515282&w=2	security@debian.org
21	http://marc.info/?l=bugtraq&m=141235957116749&w=2	security@debian.org
22	http://marc.info/?l=bugtraq&m=141319209015420&w=2	security@debian.org
23	http://marc.info/?l=bugtraq&m=141330425327438&w=2	security@debian.org
24	http://marc.info/?l=bugtraq&m=141330468527613&w=2	security@debian.org
25	http://marc.info/?l=bugtraq&m=141345648114150&w=2	security@debian.org
26	http://marc.info/?l=bugtraq&m=141383026420882&w=2	security@debian.org
27	http://marc.info/?l=bugtraq&m=141383081521087&w=2	security@debian.org
28	http://marc.info/?l=bugtraq&m=141383138121313&w=2	security@debian.org
29	http://marc.info/?l=bugtraq&m=141383196021590&w=2	security@debian.org
30	http://marc.info/?l=bugtraq&m=141383244821813&w=2	security@debian.org
31	http://marc.info/?l=bugtraq&m=141383304022067&w=2	security@debian.org
32	http://marc.info/?l=bugtraq&m=141383353622268&w=2	security@debian.org
33	http://marc.info/?l=bugtraq&m=141383465822787&w=2	security@debian.org
34	http://marc.info/?l=bugtraq&m=141450491804793&w=2	security@debian.org
35	http://marc.info/?l=bugtraq&m=141576728022234&w=2	security@debian.org
36	http://marc.info/?l=bugtraq&m=141577137423233&w=2	security@debian.org
37	http://marc.info/?l=bugtraq&m=141577241923505&w=2	security@debian.org
38	http://marc.info/?l=bugtraq&m=141577297623641&w=2	security@debian.org
39	http://marc.info/?l=bugtraq&m=141585637922673&w=2	security@debian.org
40	http://marc.info/?l=bugtraq&m=141694386919794&w=2	security@debian.org
41	http://marc.info/?l=bugtraq&m=141879528318582&w=2	security@debian.org
42	http://marc.info/?l=bugtraq&m=142113462216480&w=2	security@debian.org
43	http://marc.info/?l=bugtraq&m=142118135300698&w=2	security@debian.org
44	http://marc.info/?l=bugtraq&m=142358026505815&w=2	security@debian.org
45	http://marc.info/?l=bugtraq&m=142358078406056&w=2	security@debian.org
46	http://marc.info/?l=bugtraq&m=142546741516006&w=2	security@debian.org
47	http://marc.info/?l=bugtraq&m=142719845423222&w=2	security@debian.org
48	http://marc.info/?l=bugtraq&m=142721162228379&w=2	security@debian.org
49	http://marc.info/?l=bugtraq&m=142805027510172&w=2	security@debian.org
50	http://packetstormsecurity.com/files/128517/VMware-Security-Advisory-2014-0010.html	security@debian.org
51	http://packetstormsecurity.com/files/128567/CA-Technologies-GNU-Bash-Shellshock.html	security@debian.org
52	http://packetstormsecurity.com/files/128573/Apache-mod_cgi-Remote-Command-Execution.html	security@debian.org
53	http://packetstormsecurity.com/files/137376/IPFire-Bash-Environment-Variable-Injection-Shellshock.html	security@debian.org
54	http://packetstormsecurity.com/files/161107/SonicWall-SSL-VPN-Shellshock-Remote-Code-Execution.html	security@debian.org
55	http://rhn.redhat.com/errata/RHSA-2014-1293.html	security@debian.org
56	http://rhn.redhat.com/errata/RHSA-2014-1294.html	security@debian.org
57	http://rhn.redhat.com/errata/RHSA-2014-1295.html	security@debian.org
58	http://rhn.redhat.com/errata/RHSA-2014-1354.html	security@debian.org
59	http://seclists.org/fulldisclosure/2014/Oct/0	security@debian.org
60	http://secunia.com/advisories/58200	security@debian.org
61	http://secunia.com/advisories/59272	security@debian.org
62	http://secunia.com/advisories/59737	security@debian.org
63	http://secunia.com/advisories/59907	security@debian.org
64	http://secunia.com/advisories/60024	security@debian.org
65	http://secunia.com/advisories/60034	security@debian.org
66	http://secunia.com/advisories/60044	security@debian.org
67	http://secunia.com/advisories/60055	security@debian.org
68	http://secunia.com/advisories/60063	security@debian.org
69	http://secunia.com/advisories/60193	security@debian.org
70	http://secunia.com/advisories/60325	security@debian.org
71	http://secunia.com/advisories/60433	security@debian.org
72	http://secunia.com/advisories/60947	security@debian.org
73	http://secunia.com/advisories/61065	security@debian.org
74	http://secunia.com/advisories/61128	security@debian.org
75	http://secunia.com/advisories/61129	security@debian.org
76	http://secunia.com/advisories/61188	security@debian.org
77	http://secunia.com/advisories/61283	security@debian.org
78	http://secunia.com/advisories/61287	security@debian.org
79	http://secunia.com/advisories/61291	security@debian.org
80	http://secunia.com/advisories/61312	security@debian.org
81	http://secunia.com/advisories/61313	security@debian.org
82	http://secunia.com/advisories/61328	security@debian.org
83	http://secunia.com/advisories/61442	security@debian.org
84	http://secunia.com/advisories/61471	security@debian.org
85	http://secunia.com/advisories/61485	security@debian.org
86	http://secunia.com/advisories/61503	security@debian.org
87	http://secunia.com/advisories/61542	security@debian.org
88	http://secunia.com/advisories/61547	security@debian.org
89	http://secunia.com/advisories/61550	security@debian.org
90	http://secunia.com/advisories/61552	security@debian.org
91	http://secunia.com/advisories/61565	security@debian.org
92	http://secunia.com/advisories/61603	security@debian.org
93	http://secunia.com/advisories/61633	security@debian.org
94	http://secunia.com/advisories/61641	security@debian.org
95	http://secunia.com/advisories/61643	security@debian.org
96	http://secunia.com/advisories/61654	security@debian.org
97	http://secunia.com/advisories/61676	security@debian.org
98	http://secunia.com/advisories/61700	security@debian.org
99	http://secunia.com/advisories/61703	security@debian.org
100	http://secunia.com/advisories/61711	security@debian.org
101	http://secunia.com/advisories/61715	security@debian.org
102	http://secunia.com/advisories/61780	security@debian.org
103	http://secunia.com/advisories/61816	security@debian.org
104	http://secunia.com/advisories/61855	security@debian.org
105	http://secunia.com/advisories/61857	security@debian.org
106	http://secunia.com/advisories/61873	security@debian.org
107	http://secunia.com/advisories/62228	security@debian.org
108	http://secunia.com/advisories/62312	security@debian.org
109	http://secunia.com/advisories/62343	security@debian.org
110	http://support.apple.com/kb/HT6495	security@debian.org
111	http://support.novell.com/security/cve/CVE-2014-6271.html	security@debian.org
112	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash	security@debian.org
113	http://www-01.ibm.com/support/docview.wss?uid=isg3T1021272	security@debian.org
114	http://www-01.ibm.com/support/docview.wss?uid=isg3T1021279	security@debian.org
115	http://www-01.ibm.com/support/docview.wss?uid=isg3T1021361	security@debian.org
116	http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004879	security@debian.org
117	http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004897	security@debian.org
118	http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004898	security@debian.org
119	http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004915	security@debian.org
120	http://www-01.ibm.com/support/docview.wss?uid=swg21685541	security@debian.org
121	http://www-01.ibm.com/support/docview.wss?uid=swg21685604	security@debian.org
122	http://www-01.ibm.com/support/docview.wss?uid=swg21685733	security@debian.org
123	http://www-01.ibm.com/support/docview.wss?uid=swg21685749	security@debian.org
124	http://www-01.ibm.com/support/docview.wss?uid=swg21685914	security@debian.org
125	http://www-01.ibm.com/support/docview.wss?uid=swg21686084	security@debian.org
126	http://www-01.ibm.com/support/docview.wss?uid=swg21686131	security@debian.org
127	http://www-01.ibm.com/support/docview.wss?uid=swg21686246	security@debian.org
128	http://www-01.ibm.com/support/docview.wss?uid=swg21686445	security@debian.org
129	http://www-01.ibm.com/support/docview.wss?uid=swg21686447	security@debian.org
130	http://www-01.ibm.com/support/docview.wss?uid=swg21686479	security@debian.org
131	http://www-01.ibm.com/support/docview.wss?uid=swg21686494	security@debian.org
132	http://www-01.ibm.com/support/docview.wss?uid=swg21687079	security@debian.org
133	http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096315	security@debian.org
134	http://www.debian.org/security/2014/dsa-3032	security@debian.org
135	http://www.kb.cert.org/vuls/id/252743	security@debian.org
136	http://www.mandriva.com/security/advisories?name=MDVSA-2015:164	security@debian.org
137	http://www.novell.com/support/kb/doc.php?id=7015701	security@debian.org
138	http://www.novell.com/support/kb/doc.php?id=7015721	security@debian.org
139	http://www.oracle.com/technetwork/topics/security/bashcve-2014-7169-2317675.html	security@debian.org
140	http://www.qnap.com/i/en/support/con_show.php?cid=61	security@debian.org
141	http://www.securityfocus.com/archive/1/533593/100/0/threaded	security@debian.org
142	http://www.securityfocus.com/bid/70103	security@debian.org
143	http://www.ubuntu.com/usn/USN-2362-1	security@debian.org
144	http://www.us-cert.gov/ncas/alerts/TA14-268A	security@debian.org
145	http://www.vmware.com/security/advisories/VMSA-2014-0010.html	security@debian.org
146	http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0	security@debian.org
147	https://access.redhat.com/articles/1200223	security@debian.org
148	https://access.redhat.com/node/1200223	security@debian.org
149	https://bugzilla.redhat.com/show_bug.cgi?id=1141597	security@debian.org
150	https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes	security@debian.org
151	https://kb.bluecoat.com/index?page=content&id=SA82	security@debian.org
152	https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10648	security@debian.org
153	https://kc.mcafee.com/corporate/index?page=content&id=SB10085	security@debian.org
154	https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/	security@debian.org
155	https://support.apple.com/kb/HT6535	security@debian.org
156	https://support.citrix.com/article/CTX200217	security@debian.org
157	https://support.citrix.com/article/CTX200223	security@debian.org
158	https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15629.html	security@debian.org
159	https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04497075	security@debian.org
160	https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04518183	security@debian.org
161	https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk102673&src=securityAlerts	security@debian.org
162	https://www.arista.com/en/support/advisories-notices/security-advisories/1008-security-advisory-0006	security@debian.org
163	https://www.exploit-db.com/exploits/34879/	security@debian.org
164	https://www.exploit-db.com/exploits/37816/	security@debian.org
165	https://www.exploit-db.com/exploits/38849/	security@debian.org
166	https://www.exploit-db.com/exploits/39918/	security@debian.org
167	https://www.exploit-db.com/exploits/40619/	security@debian.org
168	https://www.exploit-db.com/exploits/40938/	security@debian.org
169	https://www.exploit-db.com/exploits/42938/	security@debian.org
170	https://www.suse.com/support/shellshock/	security@debian.org
171	http://advisories.mageia.org/MGASA-2014-0388.html	af854a3a-2127-422b-91ae-364da2661108
172	http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html	af854a3a-2127-422b-91ae-364da2661108
173	http://jvn.jp/en/jp/JVN55667175/index.html	af854a3a-2127-422b-91ae-364da2661108
174	http://jvndb.jvn.jp/jvndb/JVNDB-2014-000126	af854a3a-2127-422b-91ae-364da2661108
175	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10673	af854a3a-2127-422b-91ae-364da2661108
176	http://lcamtuf.blogspot.com/2014/09/quick-notes-about-bash-bug-its-impact.html	af854a3a-2127-422b-91ae-364da2661108
177	http://linux.oracle.com/errata/ELSA-2014-1293.html	af854a3a-2127-422b-91ae-364da2661108
178	http://linux.oracle.com/errata/ELSA-2014-1294.html	af854a3a-2127-422b-91ae-364da2661108
179	http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00028.html	af854a3a-2127-422b-91ae-364da2661108
180	http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00029.html	af854a3a-2127-422b-91ae-364da2661108
181	http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00034.html	af854a3a-2127-422b-91ae-364da2661108
182	http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00037.html	af854a3a-2127-422b-91ae-364da2661108
183	http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00040.html	af854a3a-2127-422b-91ae-364da2661108
184	http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00044.html	af854a3a-2127-422b-91ae-364da2661108
185	http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00049.html	af854a3a-2127-422b-91ae-364da2661108
186	http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00004.html	af854a3a-2127-422b-91ae-364da2661108
187	http://lists.opensuse.org/opensuse-updates/2014-10/msg00023.html	af854a3a-2127-422b-91ae-364da2661108
188	http://lists.opensuse.org/opensuse-updates/2014-10/msg00025.html	af854a3a-2127-422b-91ae-364da2661108
189	http://marc.info/?l=bugtraq&m=141216207813411&w=2	af854a3a-2127-422b-91ae-364da2661108
190	http://marc.info/?l=bugtraq&m=141216668515282&w=2	af854a3a-2127-422b-91ae-364da2661108
191	http://marc.info/?l=bugtraq&m=141235957116749&w=2	af854a3a-2127-422b-91ae-364da2661108
192	http://marc.info/?l=bugtraq&m=141319209015420&w=2	af854a3a-2127-422b-91ae-364da2661108
193	http://marc.info/?l=bugtraq&m=141330425327438&w=2	af854a3a-2127-422b-91ae-364da2661108
194	http://marc.info/?l=bugtraq&m=141330468527613&w=2	af854a3a-2127-422b-91ae-364da2661108
195	http://marc.info/?l=bugtraq&m=141345648114150&w=2	af854a3a-2127-422b-91ae-364da2661108
196	http://marc.info/?l=bugtraq&m=141383026420882&w=2	af854a3a-2127-422b-91ae-364da2661108
197	http://marc.info/?l=bugtraq&m=141383081521087&w=2	af854a3a-2127-422b-91ae-364da2661108
198	http://marc.info/?l=bugtraq&m=141383138121313&w=2	af854a3a-2127-422b-91ae-364da2661108
199	http://marc.info/?l=bugtraq&m=141383196021590&w=2	af854a3a-2127-422b-91ae-364da2661108
200	http://marc.info/?l=bugtraq&m=141383244821813&w=2	af854a3a-2127-422b-91ae-364da2661108
201	http://marc.info/?l=bugtraq&m=141383304022067&w=2	af854a3a-2127-422b-91ae-364da2661108
202	http://marc.info/?l=bugtraq&m=141383353622268&w=2	af854a3a-2127-422b-91ae-364da2661108
203	http://marc.info/?l=bugtraq&m=141383465822787&w=2	af854a3a-2127-422b-91ae-364da2661108
204	http://marc.info/?l=bugtraq&m=141450491804793&w=2	af854a3a-2127-422b-91ae-364da2661108
205	http://marc.info/?l=bugtraq&m=141576728022234&w=2	af854a3a-2127-422b-91ae-364da2661108
206	http://marc.info/?l=bugtraq&m=141577137423233&w=2	af854a3a-2127-422b-91ae-364da2661108
207	http://marc.info/?l=bugtraq&m=141577241923505&w=2	af854a3a-2127-422b-91ae-364da2661108
208	http://marc.info/?l=bugtraq&m=141577297623641&w=2	af854a3a-2127-422b-91ae-364da2661108
209	http://marc.info/?l=bugtraq&m=141585637922673&w=2	af854a3a-2127-422b-91ae-364da2661108
210	http://marc.info/?l=bugtraq&m=141694386919794&w=2	af854a3a-2127-422b-91ae-364da2661108
211	http://marc.info/?l=bugtraq&m=141879528318582&w=2	af854a3a-2127-422b-91ae-364da2661108
212	http://marc.info/?l=bugtraq&m=142113462216480&w=2	af854a3a-2127-422b-91ae-364da2661108
213	http://marc.info/?l=bugtraq&m=142118135300698&w=2	af854a3a-2127-422b-91ae-364da2661108
214	http://marc.info/?l=bugtraq&m=142358026505815&w=2	af854a3a-2127-422b-91ae-364da2661108
215	http://marc.info/?l=bugtraq&m=142358078406056&w=2	af854a3a-2127-422b-91ae-364da2661108
216	http://marc.info/?l=bugtraq&m=142546741516006&w=2	af854a3a-2127-422b-91ae-364da2661108
217	http://marc.info/?l=bugtraq&m=142719845423222&w=2	af854a3a-2127-422b-91ae-364da2661108
218	http://marc.info/?l=bugtraq&m=142721162228379&w=2	af854a3a-2127-422b-91ae-364da2661108
219	http://marc.info/?l=bugtraq&m=142805027510172&w=2	af854a3a-2127-422b-91ae-364da2661108
220	http://packetstormsecurity.com/files/128517/VMware-Security-Advisory-2014-0010.html	af854a3a-2127-422b-91ae-364da2661108
221	http://packetstormsecurity.com/files/128567/CA-Technologies-GNU-Bash-Shellshock.html	af854a3a-2127-422b-91ae-364da2661108
222	http://packetstormsecurity.com/files/128573/Apache-mod_cgi-Remote-Command-Execution.html	af854a3a-2127-422b-91ae-364da2661108
223	http://packetstormsecurity.com/files/137376/IPFire-Bash-Environment-Variable-Injection-Shellshock.html	af854a3a-2127-422b-91ae-364da2661108
224	http://packetstormsecurity.com/files/161107/SonicWall-SSL-VPN-Shellshock-Remote-Code-Execution.html	af854a3a-2127-422b-91ae-364da2661108
225	http://rhn.redhat.com/errata/RHSA-2014-1293.html	af854a3a-2127-422b-91ae-364da2661108
226	http://rhn.redhat.com/errata/RHSA-2014-1294.html	af854a3a-2127-422b-91ae-364da2661108
227	http://rhn.redhat.com/errata/RHSA-2014-1295.html	af854a3a-2127-422b-91ae-364da2661108
228	http://rhn.redhat.com/errata/RHSA-2014-1354.html	af854a3a-2127-422b-91ae-364da2661108
229	http://seclists.org/fulldisclosure/2014/Oct/0	af854a3a-2127-422b-91ae-364da2661108
230	http://secunia.com/advisories/58200	af854a3a-2127-422b-91ae-364da2661108
231	http://secunia.com/advisories/59272	af854a3a-2127-422b-91ae-364da2661108
232	http://secunia.com/advisories/59737	af854a3a-2127-422b-91ae-364da2661108
233	http://secunia.com/advisories/59907	af854a3a-2127-422b-91ae-364da2661108
234	http://secunia.com/advisories/60024	af854a3a-2127-422b-91ae-364da2661108
235	http://secunia.com/advisories/60034	af854a3a-2127-422b-91ae-364da2661108
236	http://secunia.com/advisories/60044	af854a3a-2127-422b-91ae-364da2661108
237	http://secunia.com/advisories/60055	af854a3a-2127-422b-91ae-364da2661108
238	http://secunia.com/advisories/60063	af854a3a-2127-422b-91ae-364da2661108
239	http://secunia.com/advisories/60193	af854a3a-2127-422b-91ae-364da2661108
240	http://secunia.com/advisories/60325	af854a3a-2127-422b-91ae-364da2661108
241	http://secunia.com/advisories/60433	af854a3a-2127-422b-91ae-364da2661108
242	http://secunia.com/advisories/60947	af854a3a-2127-422b-91ae-364da2661108
243	http://secunia.com/advisories/61065	af854a3a-2127-422b-91ae-364da2661108
244	http://secunia.com/advisories/61128	af854a3a-2127-422b-91ae-364da2661108
245	http://secunia.com/advisories/61129	af854a3a-2127-422b-91ae-364da2661108
246	http://secunia.com/advisories/61188	af854a3a-2127-422b-91ae-364da2661108
247	http://secunia.com/advisories/61283	af854a3a-2127-422b-91ae-364da2661108
248	http://secunia.com/advisories/61287	af854a3a-2127-422b-91ae-364da2661108
249	http://secunia.com/advisories/61291	af854a3a-2127-422b-91ae-364da2661108
250	http://secunia.com/advisories/61312	af854a3a-2127-422b-91ae-364da2661108
251	http://secunia.com/advisories/61313	af854a3a-2127-422b-91ae-364da2661108
252	http://secunia.com/advisories/61328	af854a3a-2127-422b-91ae-364da2661108
253	http://secunia.com/advisories/61442	af854a3a-2127-422b-91ae-364da2661108
254	http://secunia.com/advisories/61471	af854a3a-2127-422b-91ae-364da2661108
255	http://secunia.com/advisories/61485	af854a3a-2127-422b-91ae-364da2661108
256	http://secunia.com/advisories/61503	af854a3a-2127-422b-91ae-364da2661108
257	http://secunia.com/advisories/61542	af854a3a-2127-422b-91ae-364da2661108
258	http://secunia.com/advisories/61547	af854a3a-2127-422b-91ae-364da2661108
259	http://secunia.com/advisories/61550	af854a3a-2127-422b-91ae-364da2661108
260	http://secunia.com/advisories/61552	af854a3a-2127-422b-91ae-364da2661108
261	http://secunia.com/advisories/61565	af854a3a-2127-422b-91ae-364da2661108
262	http://secunia.com/advisories/61603	af854a3a-2127-422b-91ae-364da2661108
263	http://secunia.com/advisories/61633	af854a3a-2127-422b-91ae-364da2661108
264	http://secunia.com/advisories/61641	af854a3a-2127-422b-91ae-364da2661108
265	http://secunia.com/advisories/61643	af854a3a-2127-422b-91ae-364da2661108
266	http://secunia.com/advisories/61654	af854a3a-2127-422b-91ae-364da2661108
267	http://secunia.com/advisories/61676	af854a3a-2127-422b-91ae-364da2661108
268	http://secunia.com/advisories/61700	af854a3a-2127-422b-91ae-364da2661108
269	http://secunia.com/advisories/61703	af854a3a-2127-422b-91ae-364da2661108
270	http://secunia.com/advisories/61711	af854a3a-2127-422b-91ae-364da2661108
271	http://secunia.com/advisories/61715	af854a3a-2127-422b-91ae-364da2661108
272	http://secunia.com/advisories/61780	af854a3a-2127-422b-91ae-364da2661108
273	http://secunia.com/advisories/61816	af854a3a-2127-422b-91ae-364da2661108
274	http://secunia.com/advisories/61855	af854a3a-2127-422b-91ae-364da2661108
275	http://secunia.com/advisories/61857	af854a3a-2127-422b-91ae-364da2661108
276	http://secunia.com/advisories/61873	af854a3a-2127-422b-91ae-364da2661108
277	http://secunia.com/advisories/62228	af854a3a-2127-422b-91ae-364da2661108
278	http://secunia.com/advisories/62312	af854a3a-2127-422b-91ae-364da2661108
279	http://secunia.com/advisories/62343	af854a3a-2127-422b-91ae-364da2661108
280	http://support.apple.com/kb/HT6495	af854a3a-2127-422b-91ae-364da2661108
281	http://support.novell.com/security/cve/CVE-2014-6271.html	af854a3a-2127-422b-91ae-364da2661108
282	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash	af854a3a-2127-422b-91ae-364da2661108
283	http://www-01.ibm.com/support/docview.wss?uid=isg3T1021272	af854a3a-2127-422b-91ae-364da2661108
284	http://www-01.ibm.com/support/docview.wss?uid=isg3T1021279	af854a3a-2127-422b-91ae-364da2661108
285	http://www-01.ibm.com/support/docview.wss?uid=isg3T1021361	af854a3a-2127-422b-91ae-364da2661108
286	http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004879	af854a3a-2127-422b-91ae-364da2661108
287	http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004897	af854a3a-2127-422b-91ae-364da2661108
288	http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004898	af854a3a-2127-422b-91ae-364da2661108
289	http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004915	af854a3a-2127-422b-91ae-364da2661108
290	http://www-01.ibm.com/support/docview.wss?uid=swg21685541	af854a3a-2127-422b-91ae-364da2661108
291	http://www-01.ibm.com/support/docview.wss?uid=swg21685604	af854a3a-2127-422b-91ae-364da2661108
292	http://www-01.ibm.com/support/docview.wss?uid=swg21685733	af854a3a-2127-422b-91ae-364da2661108
293	http://www-01.ibm.com/support/docview.wss?uid=swg21685749	af854a3a-2127-422b-91ae-364da2661108
294	http://www-01.ibm.com/support/docview.wss?uid=swg21685914	af854a3a-2127-422b-91ae-364da2661108
295	http://www-01.ibm.com/support/docview.wss?uid=swg21686084	af854a3a-2127-422b-91ae-364da2661108
296	http://www-01.ibm.com/support/docview.wss?uid=swg21686131	af854a3a-2127-422b-91ae-364da2661108
297	http://www-01.ibm.com/support/docview.wss?uid=swg21686246	af854a3a-2127-422b-91ae-364da2661108
298	http://www-01.ibm.com/support/docview.wss?uid=swg21686445	af854a3a-2127-422b-91ae-364da2661108
299	http://www-01.ibm.com/support/docview.wss?uid=swg21686447	af854a3a-2127-422b-91ae-364da2661108
300	http://www-01.ibm.com/support/docview.wss?uid=swg21686479	af854a3a-2127-422b-91ae-364da2661108
301	http://www-01.ibm.com/support/docview.wss?uid=swg21686494	af854a3a-2127-422b-91ae-364da2661108
302	http://www-01.ibm.com/support/docview.wss?uid=swg21687079	af854a3a-2127-422b-91ae-364da2661108
303	http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096315	af854a3a-2127-422b-91ae-364da2661108
304	http://www.debian.org/security/2014/dsa-3032	af854a3a-2127-422b-91ae-364da2661108
305	http://www.kb.cert.org/vuls/id/252743	af854a3a-2127-422b-91ae-364da2661108
306	http://www.mandriva.com/security/advisories?name=MDVSA-2015:164	af854a3a-2127-422b-91ae-364da2661108
307	http://www.novell.com/support/kb/doc.php?id=7015701	af854a3a-2127-422b-91ae-364da2661108
308	http://www.novell.com/support/kb/doc.php?id=7015721	af854a3a-2127-422b-91ae-364da2661108
309	http://www.oracle.com/technetwork/topics/security/bashcve-2014-7169-2317675.html	af854a3a-2127-422b-91ae-364da2661108
310	http://www.qnap.com/i/en/support/con_show.php?cid=61	af854a3a-2127-422b-91ae-364da2661108
311	http://www.securityfocus.com/archive/1/533593/100/0/threaded	af854a3a-2127-422b-91ae-364da2661108
312	http://www.securityfocus.com/bid/70103	af854a3a-2127-422b-91ae-364da2661108
313	http://www.ubuntu.com/usn/USN-2362-1	af854a3a-2127-422b-91ae-364da2661108
314	http://www.us-cert.gov/ncas/alerts/TA14-268A	af854a3a-2127-422b-91ae-364da2661108
315	http://www.vmware.com/security/advisories/VMSA-2014-0010.html	af854a3a-2127-422b-91ae-364da2661108
316	http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0	af854a3a-2127-422b-91ae-364da2661108
317	https://access.redhat.com/articles/1200223	af854a3a-2127-422b-91ae-364da2661108
318	https://access.redhat.com/node/1200223	af854a3a-2127-422b-91ae-364da2661108
319	https://bugzilla.redhat.com/show_bug.cgi?id=1141597	af854a3a-2127-422b-91ae-364da2661108
320	https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes	af854a3a-2127-422b-91ae-364da2661108
321	https://kb.bluecoat.com/index?page=content&id=SA82	af854a3a-2127-422b-91ae-364da2661108
322	https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10648	af854a3a-2127-422b-91ae-364da2661108
323	https://kc.mcafee.com/corporate/index?page=content&id=SB10085	af854a3a-2127-422b-91ae-364da2661108
324	https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/	af854a3a-2127-422b-91ae-364da2661108
325	https://support.apple.com/kb/HT6535	af854a3a-2127-422b-91ae-364da2661108
326	https://support.citrix.com/article/CTX200217	af854a3a-2127-422b-91ae-364da2661108
327	https://support.citrix.com/article/CTX200223	af854a3a-2127-422b-91ae-364da2661108
328	https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15629.html	af854a3a-2127-422b-91ae-364da2661108
329	https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04497075	af854a3a-2127-422b-91ae-364da2661108
330	https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04518183	af854a3a-2127-422b-91ae-364da2661108
331	https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk102673&src=securityAlerts	af854a3a-2127-422b-91ae-364da2661108
332	https://www.arista.com/en/support/advisories-notices/security-advisories/1008-security-advisory-0006	af854a3a-2127-422b-91ae-364da2661108
333	https://www.exploit-db.com/exploits/34879/	af854a3a-2127-422b-91ae-364da2661108
334	https://www.exploit-db.com/exploits/37816/	af854a3a-2127-422b-91ae-364da2661108
335	https://www.exploit-db.com/exploits/38849/	af854a3a-2127-422b-91ae-364da2661108
336	https://www.exploit-db.com/exploits/39918/	af854a3a-2127-422b-91ae-364da2661108
337	https://www.exploit-db.com/exploits/40619/	af854a3a-2127-422b-91ae-364da2661108
338	https://www.exploit-db.com/exploits/40938/	af854a3a-2127-422b-91ae-364da2661108
339	https://www.exploit-db.com/exploits/42938/	af854a3a-2127-422b-91ae-364da2661108
340	https://www.suse.com/support/shellshock/	af854a3a-2127-422b-91ae-364da2661108
341	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-6271	134c704f-9b21-4f2e-91b3-4a467353bcc0

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-78	OSコマンド・インジェクション	https://cwe.mitre.org/data/definitions/78.html

JVN Vulnerability Information

GNU bash における任意のコードを実行される脆弱性

Title	GNU bash における任意のコードを実行される脆弱性
Summary	GNU bash は、環境変数の値の関数定義の後で末尾の文字列を処理するため、任意のコードを実行される脆弱性が存在します。
Possible impacts	第三者により、巧妙に細工された環境を介して、任意のコードを実行される可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Sept. 15, 2014, midnight
Registration Date	Sept. 29, 2014, 10:25 a.m.
Last Update	Dec. 24, 2015, 6:23 p.m.

Affected System

GNU Project

bash 4.3 まで

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
CISA Known Exploited Vulnerabilities Catalog
1	CVE-2014-6271	https://cisa.gov/known-exploited-vulnerabilities-catalog
Common Vulnerabilities and Exposures (CVE)
2	CVE-2014-6271	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271
National Vulnerability Database (NVD)
3	CVE-2014-6271	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271
Novell
4	CVE-2014-6271	http://support.novell.com/security/cve/CVE-2014-6271.html

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-78	https://jvndb.jvn.jp/ja/cwe/CWE-78.html

ベンダー情報

No	Name	URL
Apple Security Updates
1	HT6495	http://support.apple.com/kb/HT6495
2	HT6535	http://support.apple.com/kb/HT6535
Apple セキュリティアップデート
3	HT6495	http://support.apple.com/kb/HT6495?viewlocale=ja_JP
4	HT6535	http://support.apple.com/kb/HT6535?viewlocale=ja_JP
Asianux Technical Support Network
5	bash-3.2-33.AXS3.4	https://tsn.miraclelinux.com/tsn_local/index.php?m=errata&a=detail&eid=3918
6	bash-4.1.2-15.AXS4.2	https://tsn.miraclelinux.com/tsn_local/index.php?m=errata&a=detail&eid=3919
Check Point Support Center
7	sk102673	https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk102673&src=securityAlerts
Cisco Security Advisory
8	cisco-sa-20140926-bash	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash
Citrix Support
9	CTX200217	https://support.citrix.com/article/CTX200217
10	CTX200223	https://support.citrix.com/article/CTX200223
GnuPG Project
11	GNU Bash	http://www.gnu.org/software/bash/
HP Security Bulletin
12	HPSBGN03117 SSRT101724	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04467807
13	HPSBGN03138 SSRT101755	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04475942
14	HPSBGN03141 SSRT101763	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04479398
15	HPSBGN03142 SSRT101764	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04479402
16	HPSBGN03233	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04540692
17	HPSBHF03119 SSRT101725	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04468293
18	HPSBHF03124 SSRT101728	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04471546
19	HPSBHF03125 SSRT101724	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04471538
20	HPSBHF03145 SSRT101765	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04479505
21	HPSBHF03146 SSRT101765	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04479601
22	HPSBMU03133 SSRT101733	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04475347
23	HPSBMU03143 SSRT101761	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04479536
24	HPSBMU03144 SSRT101762	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04479492
25	HPSBMU03165 SSRT101783	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04497075
26	HPSBMU03182 SSRT101787	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04497042
27	HPSBMU03217 SSRT101827	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04512907
28	HPSBMU03220 SSRT101819	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04518183
29	HPSBMU03245 SSRT101742	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04556845
30	HPSBMU03246 SSRT101743	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04558068
31	HPSBOV03228 SSRT101711	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04533737
32	HPSBST03122 SSRT101717	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04471532
33	HPSBST03129 SSRT101760	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04478866
34	HPSBST03131 SSRT101749	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04477872
35	HPSBST03148 SSRT101749	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04479974
36	HPSBST03154 SSRT101747	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04487558
37	HPSBST03155 SSRT101747	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04487573
38	HPSBST03157 SSRT101718	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04488200
39	HPSBST03181 SSRT101811	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04496383
40	HPSBST03195 SSRT101835	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04595094
41	HPSBST03196 SSRT101816	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04599191
42	HPSBST03265 SSRT101905	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04574224
IBM Support Document
43	1685433	http://www-01.ibm.com/support/docview.wss?uid=swg21685433
44	1685522	http://www-01.ibm.com/support/docview.wss?uid=swg21685522
45	1685541	http://www-01.ibm.com/support/docview.wss?uid=swg21685541
46	1685604	http://www-01.ibm.com/support/docview.wss?uid=swg21685604
47	1685733	http://www-01.ibm.com/support/docview.wss?uid=swg21685733
48	1685749	http://www-01.ibm.com/support/docview.wss?uid=swg21685749
49	1685914	http://www-01.ibm.com/support/docview.wss?uid=swg21685914
50	1686084	http://www-01.ibm.com/support/docview.wss?uid=swg21686084
51	1686131	http://www-01.ibm.com/support/docview.wss?uid=swg21686131
52	1686246	http://www-01.ibm.com/support/docview.wss?uid=swg21686246
53	1686445	http://www-01.ibm.com/support/docview.wss?uid=swg21686445
54	1686447	http://www-01.ibm.com/support/docview.wss?uid=swg21686447
55	1686479	http://www-01.ibm.com/support/docview.wss?uid=swg21686479
56	1686493	http://www-01.ibm.com/support/docview.wss?uid=swg21686493
57	1686494	http://www-01.ibm.com/support/docview.wss?uid=swg21686494
58	1687079	http://www-01.ibm.com/support/docview.wss?uid=swg21687079
59	MIGR-5096315	http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096315
60	S1004879	http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004879
61	S1004897	http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004897
62	S1004898	http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004898
63	S1004915	http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004915
64	T1021272	http://www-01.ibm.com/support/docview.wss?uid=isg3T1021272
65	T1021279	http://www-01.ibm.com/support/docview.wss?uid=isg3T1021279
66	T1021361	http://www-01.ibm.com/support/docview.wss?uid=isg3T1021361
IBM セキュリティー情報
67	1685798	http://www-01.ibm.com/support/docview.wss?uid=swg21685798
68	1686299	http://www-01.ibm.com/support/docview.wss?uid=swg21686299
69	1686635	http://www-01.ibm.com/support/docview.wss?uid=swg21686635
JVN
70	アライドテレシス株式会社からの情報	http://jvn.jp/vu/JVNVU97219505/522154/index.html
Knowledgebase
71	OES11 SP2, OES11SP1, OES2 SP3 vulnerability with GNU Bash Remote Code Execution (aka ShellShock) and Mozilla NSS vulnerabilities	https://www.novell.com/support/kb/doc.php?id=7015701
NEC製品セキュリティ情報
72	AV14-003	http://jpn.nec.com/security-info/av14-003.html
Novell
73	ZENworks Configuration Management vulnerability with GNU Bash Remote Code Execution (aka ShellShock)	https://www.novell.com/support/kb/doc.php?id=7015721
openSUSE
74	ShellShock 101 - What you need to know and do, to ensure your systems are secure	https://www.suse.com/support/shellshock/
opensuse-security-announce
75	SUSE-SU-2014:1223	http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00034.html
Oracle Technology Network
76	Bash "Shellshock" Vulnerabilities - CVE-2014-7169	http://www.oracle.com/technetwork/topics/security/bashcve-2014-7169-2317675.html
QNAP Systems, Inc.
77	NAS-201410-05	http://www.qnap.com/i/en/support/con_show.php?cid=61
Red Hat Bugzilla
78	Bug 1141597	https://bugzilla.redhat.com/show_bug.cgi?id=1141597
Red Hat Customer Portal
79	Resolution for Bash Code Injection Vulnerability via Specially Crafted Environment Variables (CVE-2014-6271, CVE-2014-7169) in Red Hat Enterprise Linux	https://access.redhat.com/solutions/1207723
Red Hat Security Advisory
80	RHSA-2014:1293	https://rhn.redhat.com/errata/RHSA-2014-1293.html
81	RHSA-2014:1294	https://rhn.redhat.com/errata/RHSA-2014-1294.html
82	RHSA-2014:1295	https://rhn.redhat.com/errata/RHSA-2014-1295.html
83	RHSA-2014:1354	http://rhn.redhat.com/errata/RHSA-2014-1354.html
Red Hat Security Blog
84	Bash specially-crafted environment variables code injection attack	https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/
RTシリーズのTCP/IPに関するFAQ
85	GNU Bash 「OS コマンドインジェクション」の脆弱性について	http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/VU252743.html
Security Advisories
86	SA82	https://bto.bluecoat.com/security-advisory/sa82
Security Advisory
87	SOL15629	https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15629.html
SECURITY BLOG
88	Multiple vulnerabilities in Bash	https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_bash
Security Bulletin
89	JSA10648	https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10648
Solution Center
90	Vulnerabilities resolved in TRITON APX Version 8.0	http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0
VMware Security Advisories
91	VMSA-2014-0010	http://www.vmware.com/security/advisories/VMSA-2014-0010.html
お知らせ
92	GNU bash の脆弱性に関する弊社調査・対応状況について	http://www.iodata.jp/support/information/2014/bash/
サーバ・クライアント製品セキュリティ情報
93	bashの脆弱性(CVE-2014-6271,CVE-2014-7169 他)によるHA8500への影響について	http://www.hitachi.co.jp/products/it/server/security/info/vulnerable/bash_ha8500.html
94	サーバ・クライアント製品 bashの脆弱性(CVE-2014-6271,CVE-2014-7169他)による影響について	http://www.hitachi.co.jp/products/it/server/security/info/vulnerable/bash_cve20146271.html
シスコセキュリティアドバイザリ
95	cisco-sa-20140926-bash	http://www.cisco.com/cisco/web/support/JP/112/1126/1126247_cisco-sa-20140926-bash-j.html
富士通セキュリティ情報
96	「GNU Bash に OS コマンドインジェクションの脆弱性」への富士通製品の対応について	http://software.fujitsu.com/jp/security/vulnerabilities/jvn-97219505.html
製品セキュリティ情報
97	GNU BashにおけるOSコマンドインジェクションの脆弱性	http://buffalo.jp/support_s/s20141002.html
98	TLSA-2014-9	http://www.turbolinux.co.jp/security/2014/TLSA-2014-9j.html

その他

No	Name	URL
ICS-CERT ADVISORY
1	ICSA-14-269-01A	https://www.cisa.gov/news-events/ics-advisories/icsa-14-269-01a
2	ICSA-15-344-01	https://ics-cert.us-cert.gov/advisories/ICSA-15-344-01
IPA 重要なセキュリティ情報
3	bash の脆弱性対策について(CVE-2014-6271 等)	http://www.ipa.go.jp/security/ciadr/vul/20140926-bash.html
JPCERT 注意喚起
4	JPCERT-AT-2014-0037	https://www.jpcert.or.jp/at/2014/at140037.html
JVN
5	JVN#55667175	http://jvn.jp/jp/JVN55667175/index.html
6	JVNVU#97219505	http://jvn.jp/vu/JVNVU97219505/index.html
7	JVNVU#97537282	http://jvn.jp/vu/JVNVU97537282/index.html
JVN iPedia
8	JVNDB-2014-000126	http://jvndb.jvn.jp/jvndb/JVNDB-2014-000126
US-CERT Technical Cyber Security Alert
9	TA14-268A	https://www.us-cert.gov/ncas/alerts/TA14-268A
US-CERT Vulnerability Note
10	VU#252743	http://www.kb.cert.org/vuls/id/252743
関連文書
11	APPLE-SA-2014-10-16-1 OS X Yosemite v10.10	http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html
12	MGASA-2014-0388	http://advisories.mageia.org/MGASA-2014-0388.html
13	株式会社アラタナの告知ページ (GNU bash脆弱性への弊社対応状況について)	http://www.aratana.jp/security/detail.php?id=10

Change Log

No	Changed Details	Date of change
1	[2024年07月17日] 参考情報：ICS-CERT ADVISORY (ICSA-14-269-01A) を追加	July 17, 2024, 2:34 p.m.
0	[2014年09月29日] 掲載 [2014年09月30日] ベンダ情報：レッドハット (RHSA-2014:1293) を追加ベンダ情報：レッドハット (RHSA-2014:1294) を追加ベンダ情報：レッドハット (Resolution for Bash Code Injection Vulnerability via Specially Crafted Environment Variables (CVE-2014-6271, CVE-2014-7169) in Red Hat Enterprise Linux) を追加ベンダ情報：富士通 (GNU Bash に OS コマンドインジェクションの脆弱性) を追加 [2014年10月06日] 影響を受けるシステム：ベンダ情報の追加に伴い内容を更新ベンダ情報：アライドテレシス (アライドテレシス株式会社からの情報) を追加ベンダ情報：ミラクル・リナックス (bash-3.2-33.AXS3.4) を追加ベンダ情報：ミラクル・リナックス (bash-4.1.2-15.AXS4.2) を追加ベンダ情報：ヤマハ (GNU Bash 「OS コマンドインジェクション」の脆弱性について) を追加ベンダ情報：日本電気 (AV14-003) を追加参考情報：関連文書 (株式会社アラタナの告知ページ (GNU bash脆弱性への弊社対応状況について)) を追加 [2014年10月21日] ベンダ情報：オラクル (Multiple vulnerabilities in Bash) を追加 [2014年10月28日] 参考情報：JVN (JVN#55667175) を追加 [2014年11月07日] 影響を受けるシステム：ベンダ情報の追加に伴い内容を更新ベンダ情報：F5 Networks (SOL15629) を追加ベンダ情報：IBM (T1021272) を追加ベンダ情報：IBM (1685749) を追加ベンダ情報：IBM (1685914) を追加ベンダ情報：IBM (1685541) を追加ベンダ情報：IBM (S1004915) を追加ベンダ情報：IBM (S1004879) を追加ベンダ情報：IBM (T1021279) を追加ベンダ情報：IBM (S1004897) を追加ベンダ情報：IBM (S1004898) を追加ベンダ情報：IBM (1686479) を追加ベンダ情報：IBM (1686084) を追加ベンダ情報：IBM (1685604) を追加ベンダ情報：IBM (1685733) を追加ベンダ情報：IBM (1686131) を追加ベンダ情報：IBM (MIGR-5096315) を追加ベンダ情報：Novell (OES11 SP2, OES11SP1, OES2 SP3 vulnerability with GNU Bash Remote Code Execution (aka ShellShock) and Mozilla NSS vulnerabilities) を追加ベンダ情報：Novell (CVE-2014-6271) を追加ベンダ情報：Novell (ZENworks Configuration Management vulnerability with GNU Bash Remote Code Execution (aka ShellShock)) を追加ベンダ情報：Novell (ShellShock 101 - What you need to know and do, to ensure your systems are secure) を追加ベンダ情報：Novell (SUSE-SU-2014:1223) を追加ベンダ情報：VMware (VMSA-2014-0010) を追加ベンダ情報：アップル (HT6495) を追加ベンダ情報：アップル (HT6535) を追加ベンダ情報：オラクル (Bash "Shellshock" Vulnerabilities - CVE-2014-7169) を追加ベンダ情報：シスコシステムズ (cisco-sa-20140926-bash) を追加ベンダ情報：シトリックス・システムズ (CTX200217) を追加ベンダ情報：シトリックス・システムズ (CTX200223) を追加ベンダ情報：ジュニパーネットワークス (JSA10648) を追加ベンダ情報：ヒューレット・パッカード (HPSBGN03117 SSRT101724) を追加ベンダ情報：ヒューレット・パッカード (HPSBHF03119 SSRT101725) を追加ベンダ情報：ヒューレット・パッカード (HPSBST03122 SSRT101717) を追加ベンダ情報：ヒューレット・パッカード (HPSBHF03124 SSRT101728) を追加ベンダ情報：ヒューレット・パッカード (HPSBHF03125 SSRT101724) を追加ベンダ情報：ヒューレット・パッカード (HPSBGN03138 SSRT101755) を追加ベンダ情報：レッドハット (RHSA-2014:1295) を追加ベンダ情報：ブルーコートシステムズ (SA82) を追加ベンダ情報：バッファロー (GNU BashにおけるOSコマンドインジェクションの脆弱性) を追加参考情報：JVN (JVNVU#97537282) を追加参考情報：関連文書 (APPLE-SA-2014-10-16-1 OS X Yosemite v10.10 ) を追加 [2014年11月27日] ベンダ情報：ヒューレット・パッカード (HPSBMU03143 SSRT101761) を追加ベンダ情報：ヒューレット・パッカード (HPSBMU03144 SSRT101762) を追加ベンダ情報：ヒューレット・パッカード (HPSBST03131 SSRT101749) を追加ベンダ情報：ヒューレット・パッカード (HPSBST03129 SSRT101760) を追加ベンダ情報：ヒューレット・パッカード (HPSBGN03142 SSRT101764) を追加ベンダ情報：ヒューレット・パッカード (HPSBGN03141 SSRT101763) を追加ベンダ情報：ヒューレット・パッカード (HPSBHF03146 SSRT101765) を追加ベンダ情報：ヒューレット・パッカード (HPSBST03157 SSRT101718) を追加ベンダ情報：ヒューレット・パッカード (HPSBHF03145 SSRT101765) を追加ベンダ情報：IBM (1686447) を追加ベンダ情報：レッドハット (RHSA-2014:1354) を追加ベンダ情報：QNAP Systems (NAS-201410-05) を追加参考情報：JVN iPedia (JVNDB-2014-000126) を追加 [2014年12月09日] ベンダ情報：ヒューレット・パッカード (HPSBST03148 SSRT101749) を追加 [2015年01月07日] ベンダ情報：アイ・オー・データ機器 (GNU bash の脆弱性に関する弊社調査・対応状況について) を追加 [2015年03月27日] ベンダ情報：ターボリナックス (TLSA-2014-9) を追加 [2015年04月30日] ベンダ情報：IBM (1685433) を追加ベンダ情報：IBM (1685522) を追加ベンダ情報：IBM (1686493) を追加ベンダ情報：IBM (1685798) を追加ベンダ情報：IBM (1686299) を追加ベンダ情報：IBM (1686635) を追加 [2015年05月27日] ベンダ情報：ウェブセンス (Vulnerabilities resolved in TRITON APX Version 8.0) を追加ベンダ情報：ヒューレット・パッカード (HPSBMU03217 SSRT101827) を追加ベンダ情報：ヒューレット・パッカード (HPSBOV03228 SSRT101711) を追加ベンダ情報：ヒューレット・パッカード (HPSBGN03233) を追加ベンダ情報：ヒューレット・パッカード (HPSBMU03245 SSRT101742) を追加ベンダ情報：ヒューレット・パッカード (HPSBMU03246 SSRT101743) を追加ベンダ情報：ヒューレット・パッカード (HPSBST03265 SSRT101905) を追加ベンダ情報：ヒューレット・パッカード (HPSBST03196 SSRT101816) を追加ベンダ情報：ヒューレット・パッカード (HPSBMU03220 SSRT101819) を追加ベンダ情報：ヒューレット・パッカード (HPSBST03195 SSRT101835) を追加ベンダ情報：ヒューレット・パッカード (HPSBMU03133 SSRT101733) を追加ベンダ情報：ヒューレット・パッカード (HPSBMU03165 SSRT101783) を追加ベンダ情報：ヒューレット・パッカード (HPSBMU03182 SSRT101787) を追加ベンダ情報：ヒューレット・パッカード (HPSBST03154 SSRT101747) を追加ベンダ情報：ヒューレット・パッカード (HPSBST03155 SSRT101747) を追加ベンダ情報：ヒューレット・パッカード (HPSBST03181 SSRT101811) を追加ベンダ情報：IBM (1686246) を追加ベンダ情報：IBM (1686445) を追加ベンダ情報：IBM (1686494) を追加ベンダ情報：IBM (1687079) を追加ベンダ情報：IBM (T1021361) を追加ベンダ情報：チェック・ポイント・ソフトウェア・テクノロジーズ (sk102673) を追加参考情報：関連文書 (MGASA-2014-0388) を追加 [2015年12月22日] 参考情報：ICS-CERT ADVISORY (ICSA-15-344-01) を追加 [2015年12月24日] 影響を受けるシステム：ベンダ情報の追加に伴い内容を更新ベンダ情報：日立 (サーバ・クライアント製品 bashの脆弱性(CVE-2014-6271,CVE-2014-7169他)による影響について) を追加ベンダ情報：日立 (bashの脆弱性(CVE-2014-6271,CVE-2014-7169 他)によるHA8500への影響について) を追加	Feb. 17, 2018, 10:37 a.m.