NVD脆弱性詳細

CVE-2014-7169

概要	GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271.
概要	GNU Bash hasta 4.3 bash43-025 procesa cadenas finales después de la definición malformada de funciones en los valores de variables de entorno, lo que permite a atacantes remotos escribir hacia ficheros o posiblemente tener otro impacto desconocido a través de un entorno manipulado, tal y como se ha demostrado por vectores que involucran la característica ForceCommand en sshd OpenSSH, los módulos mod_cgi y mod_cgid en el Apache HTTP Server, scripts ejecutados por clientes DHCP no especificados, y otras situaciones en la cual establecer el entorno ocurre a través de un límite privilegiado de la ejecución de Bash. Nota: Esta vulnerabilidad existe debido a una solución incompleta para CVE-2014-6271.
公表日	2014年9月25日10:55
登録日	2021年1月26日15:17
最終更新日	2026年4月22日23:32

CVSS3.1 : CRITICAL
スコア	9.8
ベクター	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	低
攻撃に必要な特権レベル(PR)	不要
利用者の関与(UI)	不要
影響の想定範囲(S)	変更なし
機密性への影響(C)	高
完全性への影響(I)	高
可用性への影響(A)	高

CVSS2.0 : HIGH
スコア	10.0
ベクター	AV:N/AC:L/Au:N/C:C/I:C/A:C
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	低
攻撃前の認証要否(Au)	不要
機密性への影響(C)	高
完全性への影響(I)	高
可用性への影響(A)	高
全ての特権を取得	いいえ
ユーザー権限を取得	いいえ
その他の権限を取得	いいえ
ユーザー操作が必要	いいえ

影響を受けるソフトウェアの構成

構成1	以上	以下	より上	未満
cpe:2.3:a:gnu:bash::::::::		4.3
cpe:2.3:o:arista:eos::::::::	4.9.0			4.9.12
cpe:2.3:o:arista:eos::::::::	4.10.0			4.10.9
cpe:2.3:o:arista:eos::::::::	4.11.0			4.11.11
cpe:2.3:o:arista:eos::::::::	4.12.0			4.12.9
cpe:2.3:o:arista:eos::::::::	4.13.0			4.13.9
cpe:2.3:o:arista:eos::::::::	4.14.0			4.14.4f
cpe:2.3:o:oracle:linux:4:::::::*
cpe:2.3:o:oracle:linux:5:-::::::
cpe:2.3:o:oracle:linux:6:-::::::
cpe:2.3:o:qnap:qts::::::::				4.1.1
cpe:2.3:o:qnap:qts:4.1.1:-::::::
cpe:2.3:o:qnap:qts:4.1.1:build_0927::::::
cpe:2.3:o:mageia:mageia:3.0:::::::*
cpe:2.3:o:mageia:mageia:4.0:::::::*
cpe:2.3:a:redhat:gluster_storage_server_for_on-premise:2.1:::::::*
cpe:2.3:a:redhat:virtualization:3.4:::::::*
cpe:2.3:o:redhat:enterprise_linux:4.0:::::::*
cpe:2.3:o:redhat:enterprise_linux:5.0:::::::*
cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*
cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_eus:5.9:::::::*
cpe:2.3:o:redhat:enterprise_linux_eus:6.4:::::::*
cpe:2.3:o:redhat:enterprise_linux_eus:6.5:::::::*
cpe:2.3:o:redhat:enterprise_linux_eus:7.3:::::::*
cpe:2.3:o:redhat:enterprise_linux_eus:7.4:::::::*
cpe:2.3:o:redhat:enterprise_linux_eus:7.5:::::::*
cpe:2.3:o:redhat:enterprise_linux_eus:7.6:::::::*
cpe:2.3:o:redhat:enterprise_linux_eus:7.7:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:5.9_s390x:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:6.4_s390x:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:6.5_s390x:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.3_s390x:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.4_s390x:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.5_s390x:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.6_s390x:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.7_s390x:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:5.0_ppc:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:5.9_ppc:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:6.0_ppc64:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:6.4_ppc64:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0_ppc64:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:6.5_ppc64:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.3_ppc64:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.4_ppc64:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.5_ppc64:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.6_ppc64:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.7_ppc64:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:6.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_server:5.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_aus:5.6:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_aus:5.9:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_aus:6.2:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_from_rhui:5.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_from_rhui:6.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_from_rhui:7.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_tus:6.5:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:::::::*
cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
cpe:2.3:a:suse:studio_onsite:1.3:::::::*
cpe:2.3:o:opensuse:opensuse:12.3:::::::*
cpe:2.3:o:opensuse:opensuse:13.1:::::::*
cpe:2.3:o:opensuse:opensuse:13.2:::::::*
cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3::::::
cpe:2.3:o:suse:linux_enterprise_desktop:12:-::::::
cpe:2.3:o:suse:linux_enterprise_server:10:sp3:::ltss:::*
cpe:2.3:o:suse:linux_enterprise_server:10:sp4:::ltss:::*
cpe:2.3:o:suse:linux_enterprise_server:11:sp1:::ltss:-::
cpe:2.3:o:suse:linux_enterprise_server:11:sp2:::ltss:::*
cpe:2.3:o:suse:linux_enterprise_server:11:sp3::::-::*
cpe:2.3:o:suse:linux_enterprise_server:11:sp3::::vmware::*
cpe:2.3:o:suse:linux_enterprise_server:12:-::::::
cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp3::::::
cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:-::::::
cpe:2.3:o:debian:debian_linux:7.0:::::::*
cpe:2.3:a:ibm:infosphere_guardium_database_activity_monitoring:8.2:::::::*
cpe:2.3:a:ibm:infosphere_guardium_database_activity_monitoring:9.0:::::::*
cpe:2.3:a:ibm:infosphere_guardium_database_activity_monitoring:9.1:::::::*
cpe:2.3:a:ibm:pureapplication_system::::::::	1.0.0.0	1.0.0.4
cpe:2.3:a:ibm:pureapplication_system::::::::	1.1.0.0	1.1.0.4
cpe:2.3:a:ibm:pureapplication_system:2.0.0.0:::::::*
cpe:2.3:a:ibm:qradar_risk_manager:7.1.0:::::::*
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.0:::::::*
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.0:mr1::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.0:mr2::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.1:-::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.1:p1::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.1:p2::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.1:p3::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.2:-::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.2:p1::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.2:p10::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.2:p11::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.2:p12::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.2:p13::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.2:p2::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.2:p3::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.2:p4::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.2:p5::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.2:p6::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.2:p7::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.2:p8::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.2:p9::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2:::::::*
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.0:-::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.0:p1::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.0:p2::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.0:p3::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.1:-::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.1:p1::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.1:p2::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.1:p3::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.2:-::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.2:p1::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.2:p2::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.2:p3::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.2:p4::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.3:-::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.3:p1::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.3:p2::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.3:p3::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.3:p4::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.4:-::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.4:p1::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.4:p2::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.4:p3::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.4:p4::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.4:p5::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.4:p6::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.5:-::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.5:p1::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.5:p2::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.5:p3::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.5:p4::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.5:p5::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.5:p6::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.6:-::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.6:p1::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.6:p2::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.6:p3::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.6:p4::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.6:p5::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.6:p6::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.6:p7::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.7:-::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.7:p1::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.7:p2::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.7:p3::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.7:p4::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.8:-::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.8:p1::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.8:p10::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.8:p11::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.8:p12::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.8:p13::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.8:p14::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.8:p15::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.8:p16::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.8:p2::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.8:p3::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.8:p4::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.8:p5::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.8:p6::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.8:p7::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.8:p8::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.8:p9::::::
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.8.15:::::::*
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.9:::::::*
cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.0:::::::*
cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.1:::::::*
cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.2:::::::*
cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.3:::::::*
cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.4:::::::*
cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.6:p1::::::
cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.6:p2::::::
cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.6:p3::::::
cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.6:p4::::::
cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.6:p5::::::
cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.6:p6::::::
cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.6:p7::::::
cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.8:-::::::
cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.8:p1::::::
cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.8:p10::::::
cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.8:p11::::::
cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.8:p12::::::
cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.8:p13::::::
cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.8:p14::::::
cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.8:p15::::::
cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.8:p16::::::
cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.8:p17::::::
cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.8:p2::::::
cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.8:p3::::::
cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.8:p4::::::
cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.8:p5::::::
cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.8:p6::::::
cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.8:p7::::::
cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.8:p8::::::
cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.8:p9::::::
cpe:2.3:a:ibm:smartcloud_entry_appliance:2.3.0:::::::*
cpe:2.3:a:ibm:smartcloud_entry_appliance:2.4.0:::::::*
cpe:2.3:a:ibm:smartcloud_entry_appliance:3.1.0:::::::*
cpe:2.3:a:ibm:smartcloud_entry_appliance:3.2.0:::::::*
cpe:2.3:a:ibm:smartcloud_provisioning:2.1.0:::::::*
cpe:2.3:a:ibm:software_defined_network_for_virtual_environments:::::kvm:::*				1.2.1
cpe:2.3:a:ibm:software_defined_network_for_virtual_environments:::::openflow:::*				1.2.1
cpe:2.3:a:ibm:software_defined_network_for_virtual_environments:::::vmware:::*				1.2.1
cpe:2.3:a:ibm:starter_kit_for_cloud:2.2.0:::::::*
cpe:2.3:a:ibm:workload_deployer::::::::	3.1.0	3.1.0.7
cpe:2.3:o:ibm:security_access_manager_for_mobile_8.0_firmware:8.0.0.1:::::::*
cpe:2.3:o:ibm:security_access_manager_for_mobile_8.0_firmware:8.0.0.2:::::::*
cpe:2.3:o:ibm:security_access_manager_for_mobile_8.0_firmware:8.0.0.3:::::::*
cpe:2.3:o:ibm:security_access_manager_for_mobile_8.0_firmware:8.0.0.5:::::::*
cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.1:::::::*
cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.2:::::::*
cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.3:::::::*
cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.4:::::::*
cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.5:::::::*
cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.6:::::::*
cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.7:::::::*
cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.8:::::::*
cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.2:::::::*
cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.3:::::::*
cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.5:::::::*
cpe:2.3:o:ibm:storwize_v7000_firmware::::::::	1.1.0.0			1.4.3.5
cpe:2.3:o:ibm:storwize_v7000_firmware::::::::	1.5.0.0			1.5.0.4
cpe:2.3:o:ibm:storwize_v7000_firmware::::::::	7.2.0.0			7.2.0.9
cpe:2.3:o:ibm:storwize_v7000_firmware::::::::	7.3.0.0			7.3.0.7
cpe:2.3:o:ibm:storwize_v5000_firmware::::::::	1.1.0.0			7.1.0.11
cpe:2.3:o:ibm:storwize_v5000_firmware::::::::	7.2.0.0			7.2.0.9
cpe:2.3:o:ibm:storwize_v5000_firmware::::::::	7.3.0.0			7.3.0.7
cpe:2.3:o:ibm:storwize_v3700_firmware::::::::	1.1.0.0			7.1.0.11
cpe:2.3:o:ibm:storwize_v3700_firmware::::::::	7.2.0.0			7.2.0.9
cpe:2.3:o:ibm:storwize_v3700_firmware::::::::	7.3.0.0			7.3.0.7
cpe:2.3:o:ibm:storwize_v3500_firmware::::::::	1.1.0.0			7.1.0.11
cpe:2.3:o:ibm:storwize_v3500_firmware::::::::	7.2.0.0			7.2.0.9
cpe:2.3:o:ibm:storwize_v3500_firmware::::::::	7.3.0.0			7.3.0.7
cpe:2.3:o:ibm:flex_system_v7000_firmware::::::::	1.1.0.0			7.1.0.11
cpe:2.3:o:ibm:flex_system_v7000_firmware::::::::	7.2.0.0			7.2.0.9
cpe:2.3:o:ibm:flex_system_v7000_firmware::::::::	7.3.0.0			7.3.0.7
cpe:2.3:o:ibm:san_volume_controller_firmware::::::::	1.1.0.0			7.1.0.11
cpe:2.3:o:ibm:san_volume_controller_firmware::::::::	7.2.0.0			7.2.0.9
cpe:2.3:o:ibm:san_volume_controller_firmware::::::::	7.3.0.0			7.3.0.7
cpe:2.3:o:ibm:stn6500_firmware::::::::	3.8.0.0			3.8.0.07
cpe:2.3:o:ibm:stn6500_firmware::::::::	3.9.1.0			3.9.1.08
cpe:2.3:o:ibm:stn6500_firmware::::::::	4.1.2.0			4.1.2.06
cpe:2.3:o:ibm:stn6800_firmware::::::::	3.8.0.0			3.8.0.07
cpe:2.3:o:ibm:stn6800_firmware::::::::	3.9.1.0			3.9.1.08
cpe:2.3:o:ibm:stn6800_firmware::::::::	4.1.2.0			4.1.2.06
cpe:2.3:o:ibm:stn7800_firmware::::::::	3.8.0.0			3.8.0.07
cpe:2.3:o:ibm:stn7800_firmware::::::::	3.9.1.0			3.9.1.08
cpe:2.3:o:ibm:stn7800_firmware::::::::	4.1.2.0			4.1.2.06
cpe:2.3:o:canonical:ubuntu_linux:10.04::::-:::
cpe:2.3:o:canonical:ubuntu_linux:12.04::::-:::
cpe:2.3:o:canonical:ubuntu_linux:14.04::::esm:::
cpe:2.3:a:novell:zenworks_configuration_management:10.3:::::::*
cpe:2.3:a:novell:zenworks_configuration_management:11:::::::*
cpe:2.3:a:novell:zenworks_configuration_management:11.1:::::::*
cpe:2.3:a:novell:zenworks_configuration_management:11.2:::::::*
cpe:2.3:a:novell:zenworks_configuration_management:11.3.0:::::::*
cpe:2.3:o:novell:open_enterprise_server:2.0:sp3::::linux_kernel::*
cpe:2.3:o:novell:open_enterprise_server:11.0:sp2::::linux_kernel::*
cpe:2.3:a:checkpoint:security_gateway::::::::				r77.30
cpe:2.3:a:f5:big-ip_access_policy_manager::::::::	10.1.0	10.2.4
cpe:2.3:a:f5:big-ip_access_policy_manager::::::::	11.0.0	11.5.1
cpe:2.3:a:f5:big-ip_access_policy_manager:11.6.0:::::::*
cpe:2.3:a:f5:big-ip_advanced_firewall_manager::::::::	11.3.0	11.5.1
cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.6.0:::::::*
cpe:2.3:a:f5:big-ip_analytics::::::::	11.0.0	11.5.1
cpe:2.3:a:f5:big-ip_analytics:11.6.0:::::::*
cpe:2.3:a:f5:big-ip_application_acceleration_manager::::::::	11.4.0	11.5.1
cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.6.0:::::::*
cpe:2.3:a:f5:big-ip_application_security_manager::::::::	10.0.0	10.2.4
cpe:2.3:a:f5:big-ip_application_security_manager::::::::	11.0.0	11.5.1
cpe:2.3:a:f5:big-ip_application_security_manager:11.6.0:::::::*
cpe:2.3:a:f5:big-ip_edge_gateway::::::::	10.1.0	10.2.4
cpe:2.3:a:f5:big-ip_edge_gateway::::::::	11.0.0	11.3.0
cpe:2.3:a:f5:big-ip_global_traffic_manager::::::::	10.0.0	10.2.4
cpe:2.3:a:f5:big-ip_global_traffic_manager::::::::	11.0.0	11.5.1
cpe:2.3:a:f5:big-ip_global_traffic_manager:11.6.0:::::::*
cpe:2.3:a:f5:big-ip_link_controller::::::::	10.0.0	10.2.4
cpe:2.3:a:f5:big-ip_link_controller::::::::	11.0.0	11.5.1
cpe:2.3:a:f5:big-ip_link_controller:11.6.0:::::::*
cpe:2.3:a:f5:big-ip_local_traffic_manager::::::::	10.0.0	10.2.4
cpe:2.3:a:f5:big-ip_local_traffic_manager::::::::	11.0.0	11.5.1
cpe:2.3:a:f5:big-ip_local_traffic_manager:11.6.0:::::::*
cpe:2.3:a:f5:big-ip_policy_enforcement_manager::::::::	11.3.0	11.5.1
cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.6.0:::::::*
cpe:2.3:a:f5:big-ip_protocol_security_module::::::::	10.0.0	10.2.4
cpe:2.3:a:f5:big-ip_protocol_security_module::::::::	11.0.0	11.4.1
cpe:2.3:a:f5:big-ip_wan_optimization_manager::::::::	10.0.0	10.2.4
cpe:2.3:a:f5:big-ip_wan_optimization_manager::::::::	11.0.0	11.3.0
cpe:2.3:a:f5:big-ip_webaccelerator::::::::	10.0.0	10.2.4
cpe:2.3:a:f5:big-ip_webaccelerator::::::::	11.0.0	11.3.0
cpe:2.3:a:f5:big-iq_cloud::::::::	4.0.0	4.4.0
cpe:2.3:a:f5:big-iq_device::::::::	4.2.0	4.4.0
cpe:2.3:a:f5:big-iq_security::::::::	4.0.0	4.4.0
cpe:2.3:a:f5:enterprise_manager::::::::	2.1.0	2.3.0
cpe:2.3:a:f5:enterprise_manager::::::::	3.0.0	3.1.1
cpe:2.3:a:f5:traffix_signaling_delivery_controller::::::::	4.0.0	4.0.5
cpe:2.3:a:f5:traffix_signaling_delivery_controller:3.3.2:::::::*
cpe:2.3:a:f5:traffix_signaling_delivery_controller:3.4.1:::::::*
cpe:2.3:a:f5:traffix_signaling_delivery_controller:3.5.1:::::::*
cpe:2.3:a:f5:traffix_signaling_delivery_controller:4.1.0:::::::*
cpe:2.3:o:f5:arx_firmware::::::::	6.0.0	6.4.0
cpe:2.3:o:citrix:netscaler_sdx_firmware::::::::				9.3.67.5r1
cpe:2.3:o:citrix:netscaler_sdx_firmware::::::::	10			10.1.129.11r1
cpe:2.3:o:citrix:netscaler_sdx_firmware::::::::	10.5			10.5.52.11r1
cpe:2.3:o:apple:mac_os_x::::::::	10.0.0			10.10.0
cpe:2.3:a:vmware:vcenter_server_appliance:5.0:::::::*
cpe:2.3:a:vmware:vcenter_server_appliance:5.0:update_1::::::
cpe:2.3:a:vmware:vcenter_server_appliance:5.0:update_2::::::
cpe:2.3:a:vmware:vcenter_server_appliance:5.1:::::::*
cpe:2.3:a:vmware:vcenter_server_appliance:5.1:update_1::::::
cpe:2.3:a:vmware:vcenter_server_appliance:5.1:update_2::::::
cpe:2.3:a:vmware:vcenter_server_appliance:5.5:-::::::
cpe:2.3:a:vmware:vcenter_server_appliance:5.5:update_1::::::
cpe:2.3:o:vmware:esx:4.0:::::::*
cpe:2.3:o:vmware:esx:4.1:::::::*

構成2		以上	以下	より上	未満

関連情報、対策とツール

No	URL	refsource
1	http://advisories.mageia.org/MGASA-2014-0393.html	cve@mitre.org
2	http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html	cve@mitre.org
3	http://jvn.jp/en/jp/JVN55667175/index.html	cve@mitre.org
4	http://jvndb.jvn.jp/jvndb/JVNDB-2014-000126	cve@mitre.org
5	http://lcamtuf.blogspot.com/2014/09/quick-notes-about-bash-bug-its-impact.html	cve@mitre.org
6	http://linux.oracle.com/errata/ELSA-2014-1306.html	cve@mitre.org
7	http://linux.oracle.com/errata/ELSA-2014-3075.html	cve@mitre.org
8	http://linux.oracle.com/errata/ELSA-2014-3077.html	cve@mitre.org
9	http://linux.oracle.com/errata/ELSA-2014-3078.html	cve@mitre.org
10	http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00038.html	cve@mitre.org
11	http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00041.html	cve@mitre.org
12	http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00042.html	cve@mitre.org
13	http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00044.html	cve@mitre.org
14	http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00048.html	cve@mitre.org
15	http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00004.html	cve@mitre.org
16	http://lists.opensuse.org/opensuse-updates/2014-10/msg00023.html	cve@mitre.org
17	http://lists.opensuse.org/opensuse-updates/2014-10/msg00025.html	cve@mitre.org
18	http://marc.info/?l=bugtraq&m=141216207813411&w=2	cve@mitre.org
19	http://marc.info/?l=bugtraq&m=141216668515282&w=2	cve@mitre.org
20	http://marc.info/?l=bugtraq&m=141235957116749&w=2	cve@mitre.org
21	http://marc.info/?l=bugtraq&m=141319209015420&w=2	cve@mitre.org
22	http://marc.info/?l=bugtraq&m=141330425327438&w=2	cve@mitre.org
23	http://marc.info/?l=bugtraq&m=141330468527613&w=2	cve@mitre.org
24	http://marc.info/?l=bugtraq&m=141345648114150&w=2	cve@mitre.org
25	http://marc.info/?l=bugtraq&m=141383026420882&w=2	cve@mitre.org
26	http://marc.info/?l=bugtraq&m=141383081521087&w=2	cve@mitre.org
27	http://marc.info/?l=bugtraq&m=141383138121313&w=2	cve@mitre.org
28	http://marc.info/?l=bugtraq&m=141383196021590&w=2	cve@mitre.org
29	http://marc.info/?l=bugtraq&m=141383244821813&w=2	cve@mitre.org
30	http://marc.info/?l=bugtraq&m=141383304022067&w=2	cve@mitre.org
31	http://marc.info/?l=bugtraq&m=141383353622268&w=2	cve@mitre.org
32	http://marc.info/?l=bugtraq&m=141383465822787&w=2	cve@mitre.org
33	http://marc.info/?l=bugtraq&m=141450491804793&w=2	cve@mitre.org
34	http://marc.info/?l=bugtraq&m=141576728022234&w=2	cve@mitre.org
35	http://marc.info/?l=bugtraq&m=141577137423233&w=2	cve@mitre.org
36	http://marc.info/?l=bugtraq&m=141577241923505&w=2	cve@mitre.org
37	http://marc.info/?l=bugtraq&m=141577297623641&w=2	cve@mitre.org
38	http://marc.info/?l=bugtraq&m=141585637922673&w=2	cve@mitre.org
39	http://marc.info/?l=bugtraq&m=141694386919794&w=2	cve@mitre.org
40	http://marc.info/?l=bugtraq&m=141879528318582&w=2	cve@mitre.org
41	http://marc.info/?l=bugtraq&m=142113462216480&w=2	cve@mitre.org
42	http://marc.info/?l=bugtraq&m=142118135300698&w=2	cve@mitre.org
43	http://marc.info/?l=bugtraq&m=142358026505815&w=2	cve@mitre.org
44	http://marc.info/?l=bugtraq&m=142358078406056&w=2	cve@mitre.org
45	http://marc.info/?l=bugtraq&m=142721162228379&w=2	cve@mitre.org
46	http://marc.info/?l=bugtraq&m=142805027510172&w=2	cve@mitre.org
47	http://packetstormsecurity.com/files/128517/VMware-Security-Advisory-2014-0010.html	cve@mitre.org
48	http://packetstormsecurity.com/files/128567/CA-Technologies-GNU-Bash-Shellshock.html	cve@mitre.org
49	http://rhn.redhat.com/errata/RHSA-2014-1306.html	cve@mitre.org
50	http://rhn.redhat.com/errata/RHSA-2014-1311.html	cve@mitre.org
51	http://rhn.redhat.com/errata/RHSA-2014-1312.html	cve@mitre.org
52	http://rhn.redhat.com/errata/RHSA-2014-1354.html	cve@mitre.org
53	http://seclists.org/fulldisclosure/2014/Oct/0	cve@mitre.org
54	http://secunia.com/advisories/58200	cve@mitre.org
55	http://secunia.com/advisories/59272	cve@mitre.org
56	http://secunia.com/advisories/59737	cve@mitre.org
57	http://secunia.com/advisories/59907	cve@mitre.org
58	http://secunia.com/advisories/60024	cve@mitre.org
59	http://secunia.com/advisories/60034	cve@mitre.org
60	http://secunia.com/advisories/60044	cve@mitre.org
61	http://secunia.com/advisories/60055	cve@mitre.org
62	http://secunia.com/advisories/60063	cve@mitre.org
63	http://secunia.com/advisories/60193	cve@mitre.org
64	http://secunia.com/advisories/60325	cve@mitre.org
65	http://secunia.com/advisories/60433	cve@mitre.org
66	http://secunia.com/advisories/60947	cve@mitre.org
67	http://secunia.com/advisories/61065	cve@mitre.org
68	http://secunia.com/advisories/61128	cve@mitre.org
69	http://secunia.com/advisories/61129	cve@mitre.org
70	http://secunia.com/advisories/61188	cve@mitre.org
71	http://secunia.com/advisories/61283	cve@mitre.org
72	http://secunia.com/advisories/61287	cve@mitre.org
73	http://secunia.com/advisories/61291	cve@mitre.org
74	http://secunia.com/advisories/61312	cve@mitre.org
75	http://secunia.com/advisories/61313	cve@mitre.org
76	http://secunia.com/advisories/61328	cve@mitre.org
77	http://secunia.com/advisories/61442	cve@mitre.org
78	http://secunia.com/advisories/61471	cve@mitre.org
79	http://secunia.com/advisories/61479	cve@mitre.org
80	http://secunia.com/advisories/61485	cve@mitre.org
81	http://secunia.com/advisories/61503	cve@mitre.org
82	http://secunia.com/advisories/61550	cve@mitre.org
83	http://secunia.com/advisories/61552	cve@mitre.org
84	http://secunia.com/advisories/61565	cve@mitre.org
85	http://secunia.com/advisories/61603	cve@mitre.org
86	http://secunia.com/advisories/61618	cve@mitre.org
87	http://secunia.com/advisories/61619	cve@mitre.org
88	http://secunia.com/advisories/61622	cve@mitre.org
89	http://secunia.com/advisories/61626	cve@mitre.org
90	http://secunia.com/advisories/61633	cve@mitre.org
91	http://secunia.com/advisories/61641	cve@mitre.org
92	http://secunia.com/advisories/61643	cve@mitre.org
93	http://secunia.com/advisories/61654	cve@mitre.org
94	http://secunia.com/advisories/61676	cve@mitre.org
95	http://secunia.com/advisories/61700	cve@mitre.org
96	http://secunia.com/advisories/61703	cve@mitre.org
97	http://secunia.com/advisories/61711	cve@mitre.org
98	http://secunia.com/advisories/61715	cve@mitre.org
99	http://secunia.com/advisories/61780	cve@mitre.org
100	http://secunia.com/advisories/61816	cve@mitre.org
101	http://secunia.com/advisories/61855	cve@mitre.org
102	http://secunia.com/advisories/61857	cve@mitre.org
103	http://secunia.com/advisories/61873	cve@mitre.org
104	http://secunia.com/advisories/62228	cve@mitre.org
105	http://secunia.com/advisories/62312	cve@mitre.org
106	http://secunia.com/advisories/62343	cve@mitre.org
107	http://support.apple.com/kb/HT6495	cve@mitre.org
108	http://support.novell.com/security/cve/CVE-2014-7169.html	cve@mitre.org
109	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash	cve@mitre.org
110	http://twitter.com/taviso/statuses/514887394294652929	cve@mitre.org
111	http://www-01.ibm.com/support/docview.wss?uid=isg3T1021272	cve@mitre.org
112	http://www-01.ibm.com/support/docview.wss?uid=isg3T1021279	cve@mitre.org
113	http://www-01.ibm.com/support/docview.wss?uid=isg3T1021361	cve@mitre.org
114	http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004879	cve@mitre.org
115	http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004897	cve@mitre.org
116	http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004898	cve@mitre.org
117	http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004915	cve@mitre.org
118	http://www-01.ibm.com/support/docview.wss?uid=swg21685541	cve@mitre.org
119	http://www-01.ibm.com/support/docview.wss?uid=swg21685604	cve@mitre.org
120	http://www-01.ibm.com/support/docview.wss?uid=swg21685733	cve@mitre.org
121	http://www-01.ibm.com/support/docview.wss?uid=swg21685749	cve@mitre.org
122	http://www-01.ibm.com/support/docview.wss?uid=swg21685914	cve@mitre.org
123	http://www-01.ibm.com/support/docview.wss?uid=swg21686084	cve@mitre.org
124	http://www-01.ibm.com/support/docview.wss?uid=swg21686131	cve@mitre.org
125	http://www-01.ibm.com/support/docview.wss?uid=swg21686246	cve@mitre.org
126	http://www-01.ibm.com/support/docview.wss?uid=swg21686445	cve@mitre.org
127	http://www-01.ibm.com/support/docview.wss?uid=swg21686447	cve@mitre.org
128	http://www-01.ibm.com/support/docview.wss?uid=swg21686479	cve@mitre.org
129	http://www-01.ibm.com/support/docview.wss?uid=swg21686494	cve@mitre.org
130	http://www-01.ibm.com/support/docview.wss?uid=swg21687079	cve@mitre.org
131	http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096315	cve@mitre.org
132	http://www.debian.org/security/2014/dsa-3035	cve@mitre.org
133	http://www.kb.cert.org/vuls/id/252743	cve@mitre.org
134	http://www.mandriva.com/security/advisories?name=MDVSA-2015:164	cve@mitre.org
135	http://www.novell.com/support/kb/doc.php?id=7015701	cve@mitre.org
136	http://www.novell.com/support/kb/doc.php?id=7015721	cve@mitre.org
137	http://www.openwall.com/lists/oss-security/2014/09/24/32	cve@mitre.org
138	http://www.oracle.com/technetwork/topics/security/bashcve-2014-7169-2317675.html	cve@mitre.org
139	http://www.qnap.com/i/en/support/con_show.php?cid=61	cve@mitre.org
140	http://www.securityfocus.com/archive/1/533593/100/0/threaded	cve@mitre.org
141	http://www.ubuntu.com/usn/USN-2363-1	cve@mitre.org
142	http://www.ubuntu.com/usn/USN-2363-2	cve@mitre.org
143	http://www.us-cert.gov/ncas/alerts/TA14-268A	cve@mitre.org
144	http://www.vmware.com/security/advisories/VMSA-2014-0010.html	cve@mitre.org
145	https://access.redhat.com/articles/1200223	cve@mitre.org
146	https://access.redhat.com/node/1200223	cve@mitre.org
147	https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes	cve@mitre.org
148	https://kb.bluecoat.com/index?page=content&id=SA82	cve@mitre.org
149	https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10648	cve@mitre.org
150	https://kc.mcafee.com/corporate/index?page=content&id=SB10085	cve@mitre.org
151	https://support.apple.com/kb/HT6535	cve@mitre.org
152	https://support.citrix.com/article/CTX200217	cve@mitre.org
153	https://support.citrix.com/article/CTX200223	cve@mitre.org
154	https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15629.html	cve@mitre.org
155	https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04497075	cve@mitre.org
156	https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04518183	cve@mitre.org
157	https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk102673&src=securityAlerts	cve@mitre.org
158	https://www.arista.com/en/support/advisories-notices/security-advisories/1008-security-advisory-0006	cve@mitre.org
159	https://www.exploit-db.com/exploits/34879/	cve@mitre.org
160	https://www.suse.com/support/shellshock/	cve@mitre.org
161	http://advisories.mageia.org/MGASA-2014-0393.html	af854a3a-2127-422b-91ae-364da2661108
162	http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html	af854a3a-2127-422b-91ae-364da2661108
163	http://jvn.jp/en/jp/JVN55667175/index.html	af854a3a-2127-422b-91ae-364da2661108
164	http://jvndb.jvn.jp/jvndb/JVNDB-2014-000126	af854a3a-2127-422b-91ae-364da2661108
165	http://lcamtuf.blogspot.com/2014/09/quick-notes-about-bash-bug-its-impact.html	af854a3a-2127-422b-91ae-364da2661108
166	http://linux.oracle.com/errata/ELSA-2014-1306.html	af854a3a-2127-422b-91ae-364da2661108
167	http://linux.oracle.com/errata/ELSA-2014-3075.html	af854a3a-2127-422b-91ae-364da2661108
168	http://linux.oracle.com/errata/ELSA-2014-3077.html	af854a3a-2127-422b-91ae-364da2661108
169	http://linux.oracle.com/errata/ELSA-2014-3078.html	af854a3a-2127-422b-91ae-364da2661108
170	http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00038.html	af854a3a-2127-422b-91ae-364da2661108
171	http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00041.html	af854a3a-2127-422b-91ae-364da2661108
172	http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00042.html	af854a3a-2127-422b-91ae-364da2661108
173	http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00044.html	af854a3a-2127-422b-91ae-364da2661108
174	http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00048.html	af854a3a-2127-422b-91ae-364da2661108
175	http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00004.html	af854a3a-2127-422b-91ae-364da2661108
176	http://lists.opensuse.org/opensuse-updates/2014-10/msg00023.html	af854a3a-2127-422b-91ae-364da2661108
177	http://lists.opensuse.org/opensuse-updates/2014-10/msg00025.html	af854a3a-2127-422b-91ae-364da2661108
178	http://marc.info/?l=bugtraq&m=141216207813411&w=2	af854a3a-2127-422b-91ae-364da2661108
179	http://marc.info/?l=bugtraq&m=141216668515282&w=2	af854a3a-2127-422b-91ae-364da2661108
180	http://marc.info/?l=bugtraq&m=141235957116749&w=2	af854a3a-2127-422b-91ae-364da2661108
181	http://marc.info/?l=bugtraq&m=141319209015420&w=2	af854a3a-2127-422b-91ae-364da2661108
182	http://marc.info/?l=bugtraq&m=141330425327438&w=2	af854a3a-2127-422b-91ae-364da2661108
183	http://marc.info/?l=bugtraq&m=141330468527613&w=2	af854a3a-2127-422b-91ae-364da2661108
184	http://marc.info/?l=bugtraq&m=141345648114150&w=2	af854a3a-2127-422b-91ae-364da2661108
185	http://marc.info/?l=bugtraq&m=141383026420882&w=2	af854a3a-2127-422b-91ae-364da2661108
186	http://marc.info/?l=bugtraq&m=141383081521087&w=2	af854a3a-2127-422b-91ae-364da2661108
187	http://marc.info/?l=bugtraq&m=141383138121313&w=2	af854a3a-2127-422b-91ae-364da2661108
188	http://marc.info/?l=bugtraq&m=141383196021590&w=2	af854a3a-2127-422b-91ae-364da2661108
189	http://marc.info/?l=bugtraq&m=141383244821813&w=2	af854a3a-2127-422b-91ae-364da2661108
190	http://marc.info/?l=bugtraq&m=141383304022067&w=2	af854a3a-2127-422b-91ae-364da2661108
191	http://marc.info/?l=bugtraq&m=141383353622268&w=2	af854a3a-2127-422b-91ae-364da2661108
192	http://marc.info/?l=bugtraq&m=141383465822787&w=2	af854a3a-2127-422b-91ae-364da2661108
193	http://marc.info/?l=bugtraq&m=141450491804793&w=2	af854a3a-2127-422b-91ae-364da2661108
194	http://marc.info/?l=bugtraq&m=141576728022234&w=2	af854a3a-2127-422b-91ae-364da2661108
195	http://marc.info/?l=bugtraq&m=141577137423233&w=2	af854a3a-2127-422b-91ae-364da2661108
196	http://marc.info/?l=bugtraq&m=141577241923505&w=2	af854a3a-2127-422b-91ae-364da2661108
197	http://marc.info/?l=bugtraq&m=141577297623641&w=2	af854a3a-2127-422b-91ae-364da2661108
198	http://marc.info/?l=bugtraq&m=141585637922673&w=2	af854a3a-2127-422b-91ae-364da2661108
199	http://marc.info/?l=bugtraq&m=141694386919794&w=2	af854a3a-2127-422b-91ae-364da2661108
200	http://marc.info/?l=bugtraq&m=141879528318582&w=2	af854a3a-2127-422b-91ae-364da2661108
201	http://marc.info/?l=bugtraq&m=142113462216480&w=2	af854a3a-2127-422b-91ae-364da2661108
202	http://marc.info/?l=bugtraq&m=142118135300698&w=2	af854a3a-2127-422b-91ae-364da2661108
203	http://marc.info/?l=bugtraq&m=142358026505815&w=2	af854a3a-2127-422b-91ae-364da2661108
204	http://marc.info/?l=bugtraq&m=142358078406056&w=2	af854a3a-2127-422b-91ae-364da2661108
205	http://marc.info/?l=bugtraq&m=142721162228379&w=2	af854a3a-2127-422b-91ae-364da2661108
206	http://marc.info/?l=bugtraq&m=142805027510172&w=2	af854a3a-2127-422b-91ae-364da2661108
207	http://packetstormsecurity.com/files/128517/VMware-Security-Advisory-2014-0010.html	af854a3a-2127-422b-91ae-364da2661108
208	http://packetstormsecurity.com/files/128567/CA-Technologies-GNU-Bash-Shellshock.html	af854a3a-2127-422b-91ae-364da2661108
209	http://rhn.redhat.com/errata/RHSA-2014-1306.html	af854a3a-2127-422b-91ae-364da2661108
210	http://rhn.redhat.com/errata/RHSA-2014-1311.html	af854a3a-2127-422b-91ae-364da2661108
211	http://rhn.redhat.com/errata/RHSA-2014-1312.html	af854a3a-2127-422b-91ae-364da2661108
212	http://rhn.redhat.com/errata/RHSA-2014-1354.html	af854a3a-2127-422b-91ae-364da2661108
213	http://seclists.org/fulldisclosure/2014/Oct/0	af854a3a-2127-422b-91ae-364da2661108
214	http://secunia.com/advisories/58200	af854a3a-2127-422b-91ae-364da2661108
215	http://secunia.com/advisories/59272	af854a3a-2127-422b-91ae-364da2661108
216	http://secunia.com/advisories/59737	af854a3a-2127-422b-91ae-364da2661108
217	http://secunia.com/advisories/59907	af854a3a-2127-422b-91ae-364da2661108
218	http://secunia.com/advisories/60024	af854a3a-2127-422b-91ae-364da2661108
219	http://secunia.com/advisories/60034	af854a3a-2127-422b-91ae-364da2661108
220	http://secunia.com/advisories/60044	af854a3a-2127-422b-91ae-364da2661108
221	http://secunia.com/advisories/60055	af854a3a-2127-422b-91ae-364da2661108
222	http://secunia.com/advisories/60063	af854a3a-2127-422b-91ae-364da2661108
223	http://secunia.com/advisories/60193	af854a3a-2127-422b-91ae-364da2661108
224	http://secunia.com/advisories/60325	af854a3a-2127-422b-91ae-364da2661108
225	http://secunia.com/advisories/60433	af854a3a-2127-422b-91ae-364da2661108
226	http://secunia.com/advisories/60947	af854a3a-2127-422b-91ae-364da2661108
227	http://secunia.com/advisories/61065	af854a3a-2127-422b-91ae-364da2661108
228	http://secunia.com/advisories/61128	af854a3a-2127-422b-91ae-364da2661108
229	http://secunia.com/advisories/61129	af854a3a-2127-422b-91ae-364da2661108
230	http://secunia.com/advisories/61188	af854a3a-2127-422b-91ae-364da2661108
231	http://secunia.com/advisories/61283	af854a3a-2127-422b-91ae-364da2661108
232	http://secunia.com/advisories/61287	af854a3a-2127-422b-91ae-364da2661108
233	http://secunia.com/advisories/61291	af854a3a-2127-422b-91ae-364da2661108
234	http://secunia.com/advisories/61312	af854a3a-2127-422b-91ae-364da2661108
235	http://secunia.com/advisories/61313	af854a3a-2127-422b-91ae-364da2661108
236	http://secunia.com/advisories/61328	af854a3a-2127-422b-91ae-364da2661108
237	http://secunia.com/advisories/61442	af854a3a-2127-422b-91ae-364da2661108
238	http://secunia.com/advisories/61471	af854a3a-2127-422b-91ae-364da2661108
239	http://secunia.com/advisories/61479	af854a3a-2127-422b-91ae-364da2661108
240	http://secunia.com/advisories/61485	af854a3a-2127-422b-91ae-364da2661108
241	http://secunia.com/advisories/61503	af854a3a-2127-422b-91ae-364da2661108
242	http://secunia.com/advisories/61550	af854a3a-2127-422b-91ae-364da2661108
243	http://secunia.com/advisories/61552	af854a3a-2127-422b-91ae-364da2661108
244	http://secunia.com/advisories/61565	af854a3a-2127-422b-91ae-364da2661108
245	http://secunia.com/advisories/61603	af854a3a-2127-422b-91ae-364da2661108
246	http://secunia.com/advisories/61618	af854a3a-2127-422b-91ae-364da2661108
247	http://secunia.com/advisories/61619	af854a3a-2127-422b-91ae-364da2661108
248	http://secunia.com/advisories/61622	af854a3a-2127-422b-91ae-364da2661108
249	http://secunia.com/advisories/61626	af854a3a-2127-422b-91ae-364da2661108
250	http://secunia.com/advisories/61633	af854a3a-2127-422b-91ae-364da2661108
251	http://secunia.com/advisories/61641	af854a3a-2127-422b-91ae-364da2661108
252	http://secunia.com/advisories/61643	af854a3a-2127-422b-91ae-364da2661108
253	http://secunia.com/advisories/61654	af854a3a-2127-422b-91ae-364da2661108
254	http://secunia.com/advisories/61676	af854a3a-2127-422b-91ae-364da2661108
255	http://secunia.com/advisories/61700	af854a3a-2127-422b-91ae-364da2661108
256	http://secunia.com/advisories/61703	af854a3a-2127-422b-91ae-364da2661108
257	http://secunia.com/advisories/61711	af854a3a-2127-422b-91ae-364da2661108
258	http://secunia.com/advisories/61715	af854a3a-2127-422b-91ae-364da2661108
259	http://secunia.com/advisories/61780	af854a3a-2127-422b-91ae-364da2661108
260	http://secunia.com/advisories/61816	af854a3a-2127-422b-91ae-364da2661108
261	http://secunia.com/advisories/61855	af854a3a-2127-422b-91ae-364da2661108
262	http://secunia.com/advisories/61857	af854a3a-2127-422b-91ae-364da2661108
263	http://secunia.com/advisories/61873	af854a3a-2127-422b-91ae-364da2661108
264	http://secunia.com/advisories/62228	af854a3a-2127-422b-91ae-364da2661108
265	http://secunia.com/advisories/62312	af854a3a-2127-422b-91ae-364da2661108
266	http://secunia.com/advisories/62343	af854a3a-2127-422b-91ae-364da2661108
267	http://support.apple.com/kb/HT6495	af854a3a-2127-422b-91ae-364da2661108
268	http://support.novell.com/security/cve/CVE-2014-7169.html	af854a3a-2127-422b-91ae-364da2661108
269	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash	af854a3a-2127-422b-91ae-364da2661108
270	http://twitter.com/taviso/statuses/514887394294652929	af854a3a-2127-422b-91ae-364da2661108
271	http://www-01.ibm.com/support/docview.wss?uid=isg3T1021272	af854a3a-2127-422b-91ae-364da2661108
272	http://www-01.ibm.com/support/docview.wss?uid=isg3T1021279	af854a3a-2127-422b-91ae-364da2661108
273	http://www-01.ibm.com/support/docview.wss?uid=isg3T1021361	af854a3a-2127-422b-91ae-364da2661108
274	http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004879	af854a3a-2127-422b-91ae-364da2661108
275	http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004897	af854a3a-2127-422b-91ae-364da2661108
276	http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004898	af854a3a-2127-422b-91ae-364da2661108
277	http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004915	af854a3a-2127-422b-91ae-364da2661108
278	http://www-01.ibm.com/support/docview.wss?uid=swg21685541	af854a3a-2127-422b-91ae-364da2661108
279	http://www-01.ibm.com/support/docview.wss?uid=swg21685604	af854a3a-2127-422b-91ae-364da2661108
280	http://www-01.ibm.com/support/docview.wss?uid=swg21685733	af854a3a-2127-422b-91ae-364da2661108
281	http://www-01.ibm.com/support/docview.wss?uid=swg21685749	af854a3a-2127-422b-91ae-364da2661108
282	http://www-01.ibm.com/support/docview.wss?uid=swg21685914	af854a3a-2127-422b-91ae-364da2661108
283	http://www-01.ibm.com/support/docview.wss?uid=swg21686084	af854a3a-2127-422b-91ae-364da2661108
284	http://www-01.ibm.com/support/docview.wss?uid=swg21686131	af854a3a-2127-422b-91ae-364da2661108
285	http://www-01.ibm.com/support/docview.wss?uid=swg21686246	af854a3a-2127-422b-91ae-364da2661108
286	http://www-01.ibm.com/support/docview.wss?uid=swg21686445	af854a3a-2127-422b-91ae-364da2661108
287	http://www-01.ibm.com/support/docview.wss?uid=swg21686447	af854a3a-2127-422b-91ae-364da2661108
288	http://www-01.ibm.com/support/docview.wss?uid=swg21686479	af854a3a-2127-422b-91ae-364da2661108
289	http://www-01.ibm.com/support/docview.wss?uid=swg21686494	af854a3a-2127-422b-91ae-364da2661108
290	http://www-01.ibm.com/support/docview.wss?uid=swg21687079	af854a3a-2127-422b-91ae-364da2661108
291	http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096315	af854a3a-2127-422b-91ae-364da2661108
292	http://www.debian.org/security/2014/dsa-3035	af854a3a-2127-422b-91ae-364da2661108
293	http://www.kb.cert.org/vuls/id/252743	af854a3a-2127-422b-91ae-364da2661108
294	http://www.mandriva.com/security/advisories?name=MDVSA-2015:164	af854a3a-2127-422b-91ae-364da2661108
295	http://www.novell.com/support/kb/doc.php?id=7015701	af854a3a-2127-422b-91ae-364da2661108
296	http://www.novell.com/support/kb/doc.php?id=7015721	af854a3a-2127-422b-91ae-364da2661108
297	http://www.openwall.com/lists/oss-security/2014/09/24/32	af854a3a-2127-422b-91ae-364da2661108
298	http://www.oracle.com/technetwork/topics/security/bashcve-2014-7169-2317675.html	af854a3a-2127-422b-91ae-364da2661108
299	http://www.qnap.com/i/en/support/con_show.php?cid=61	af854a3a-2127-422b-91ae-364da2661108
300	http://www.securityfocus.com/archive/1/533593/100/0/threaded	af854a3a-2127-422b-91ae-364da2661108
301	http://www.ubuntu.com/usn/USN-2363-1	af854a3a-2127-422b-91ae-364da2661108
302	http://www.ubuntu.com/usn/USN-2363-2	af854a3a-2127-422b-91ae-364da2661108
303	http://www.us-cert.gov/ncas/alerts/TA14-268A	af854a3a-2127-422b-91ae-364da2661108
304	http://www.vmware.com/security/advisories/VMSA-2014-0010.html	af854a3a-2127-422b-91ae-364da2661108
305	https://access.redhat.com/articles/1200223	af854a3a-2127-422b-91ae-364da2661108
306	https://access.redhat.com/node/1200223	af854a3a-2127-422b-91ae-364da2661108
307	https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes	af854a3a-2127-422b-91ae-364da2661108
308	https://kb.bluecoat.com/index?page=content&id=SA82	af854a3a-2127-422b-91ae-364da2661108
309	https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10648	af854a3a-2127-422b-91ae-364da2661108
310	https://kc.mcafee.com/corporate/index?page=content&id=SB10085	af854a3a-2127-422b-91ae-364da2661108
311	https://support.apple.com/kb/HT6535	af854a3a-2127-422b-91ae-364da2661108
312	https://support.citrix.com/article/CTX200217	af854a3a-2127-422b-91ae-364da2661108
313	https://support.citrix.com/article/CTX200223	af854a3a-2127-422b-91ae-364da2661108
314	https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15629.html	af854a3a-2127-422b-91ae-364da2661108
315	https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04497075	af854a3a-2127-422b-91ae-364da2661108
316	https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04518183	af854a3a-2127-422b-91ae-364da2661108
317	https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk102673&src=securityAlerts	af854a3a-2127-422b-91ae-364da2661108
318	https://www.arista.com/en/support/advisories-notices/security-advisories/1008-security-advisory-0006	af854a3a-2127-422b-91ae-364da2661108
319	https://www.exploit-db.com/exploits/34879/	af854a3a-2127-422b-91ae-364da2661108
320	https://www.suse.com/support/shellshock/	af854a3a-2127-422b-91ae-364da2661108
321	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-7169	134c704f-9b21-4f2e-91b3-4a467353bcc0

共通脆弱性一覧

No	CWE	名前	URL
1	CWE-78	OSコマンド・インジェクション	https://cwe.mitre.org/data/definitions/78.html

JVN脆弱性情報

GNU bash におけるファイルに書き込まれる脆弱性

タイトル	GNU bash におけるファイルに書き込まれる脆弱性
概要	GNU bash は、環境変数の値内の特定の不正な形式の関数定義の後で末尾の文字列を処理するため、ファイルに書き込まれるなど、不特定の影響を受ける脆弱性が存在します。本脆弱性は、CVE-2014-6271 に対する修正が不十分だったことによる脆弱性です。
想定される影響	第三者により、巧妙に細工された環境を介して、ファイルに書き込まれるなど、不特定の影響を受ける可能性があります。
対策	ベンダ情報および参考情報を参照して適切な対策を実施してください。
公表日	2014年9月24日0:00
登録日	2014年9月26日10:19
最終更新日	2024年7月17日17:21

影響を受けるシステム

GNU Project

bash 4.3 bash43-025 まで

CVE (情報セキュリティ共通脆弱性識別子)

No	名前	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2014-7169	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169
National Vulnerability Database (NVD)
2	CVE-2014-7169	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7169
Novell
3	CVE-2014-6271	http://support.novell.com/security/cve/CVE-2014-6271.html

CWE (共通脆弱性タイプ一覧)

No	名前	URL
JVNDB
1	CWE-78	https://jvndb.jvn.jp/ja/cwe/CWE-78.html

ベンダー情報

No	名前	URL
Apple Security Updates
1	HT6495	http://support.apple.com/kb/HT6495
2	HT6535	https://support.apple.com/kb/HT6535
Apple セキュリティアップデート
3	HT6495	http://support.apple.com/kb/HT6495?viewlocale=ja_JP
4	HT6535	http://support.apple.com/kb/HT6535?viewlocale=ja_JP
Asianux Technical Support Network
5	bash-3.2-33.AXS3.4	https://tsn.miraclelinux.com/tsn_local/index.php?m=errata&a=detail&eid=3918
6	bash-4.1.2-15.AXS4.2	https://tsn.miraclelinux.com/tsn_local/index.php?m=errata&a=detail&eid=3919
Cisco Security Advisory
7	cisco-sa-20140926-bash	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash
Citrix Support
8	CTX200217	https://support.citrix.com/article/CTX200217
9	CTX200223	https://support.citrix.com/article/CTX200223
GnuPG Project
10	GNU Bash	http://www.gnu.org/software/bash/
HP Security Bulletin
11	HPSBGN03117 SSRT101724	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04467807
12	HPSBGN03138 SSRT101755	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04475942
13	HPSBGN03141 SSRT101763	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04479398
14	HPSBGN03142 SSRT101764	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04479402
15	HPSBHF03119 SSRT101725	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04468293
16	HPSBHF03124 SSRT101728	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04471546
17	HPSBHF03125 SSRT101724	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04471538
18	HPSBHF03145 SSRT101765	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04479505
19	HPSBHF03146 SSRT101765	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04479601
20	HPSBMU03143 SSRT101761	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04479536
21	HPSBMU03144 SSRT101762	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04479492
22	HPSBMU03165 SSRT101783	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04497075
23	HPSBMU03182 SSRT101787	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04497042
24	HPSBST03122 SSRT101717	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04471532
25	HPSBST03129 SSRT101760	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04478866
26	HPSBST03131 SSRT101749	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04477872
27	HPSBST03154 SSRT101747	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04487558
28	HPSBST03155 SSRT101747	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04487573
29	HPSBST03157 SSRT101718	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04488200
30	HPSBST03181 SSRT101811	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04496383
IBM Support Document
31	1685433	http://www-01.ibm.com/support/docview.wss?uid=swg21685433
32	1685522	http://www-01.ibm.com/support/docview.wss?uid=swg21685522
33	1685541	http://www-01.ibm.com/support/docview.wss?uid=swg21685541
34	1685604	http://www-01.ibm.com/support/docview.wss?uid=swg21685604
35	1685733	http://www-01.ibm.com/support/docview.wss?uid=swg21685733
36	1685749	http://www-01.ibm.com/support/docview.wss?uid=swg21685749
37	1685914	http://www-01.ibm.com/support/docview.wss?uid=swg21685914
38	1686084	http://www-01.ibm.com/support/docview.wss?uid=swg21686084
39	1686131	http://www-01.ibm.com/support/docview.wss?uid=swg21686131
40	1686447	http://www-01.ibm.com/support/docview.wss?uid=swg21686447
41	1686479	http://www-01.ibm.com/support/docview.wss?uid=swg21686479
42	1686493	http://www-01.ibm.com/support/docview.wss?uid=swg21686493
43	MIGR-5096315	http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096315
44	S1004879	http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004879
45	S1004897	http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004897
46	S1004898	http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004898
47	S1004915	http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004915
48	T1021272	http://www-01.ibm.com/support/docview.wss?uid=isg3T1021272
49	T1021279	http://www-01.ibm.com/support/docview.wss?uid=isg3T1021279
IBM セキュリティー情報
50	1685798	http://www-01.ibm.com/support/docview.wss?uid=swg21685798
51	1686299	http://www-01.ibm.com/support/docview.wss?uid=swg21686299
52	1686635	http://www-01.ibm.com/support/docview.wss?uid=swg21686635
JVN
53	アライドテレシス株式会社からの情報	http://jvn.jp/vu/JVNVU97219505/522154/index.html
Knowledgebase
54	OES11 SP2, OES11SP1, OES2 SP3 vulnerability with GNU Bash Remote Code Execution (aka ShellShock) and Mozilla NSS vulnerabilities	https://www.novell.com/support/kb/doc.php?id=7015701
55	ZENworks Configuration Management vulnerability with GNU Bash Remote Code Execution (aka ShellShock)	https://www.novell.com/support/kb/doc.php?id=7015721
NEC製品セキュリティ情報
56	AV14-003	http://jpn.nec.com/security-info/av14-003.html
openSUSE
57	ShellShock 101 - What you need to know and do, to ensure your systems are secure	https://www.suse.com/support/shellshock/
Oracle Security Alert
58	Oracle Security Alert for CVE-2014-7169	http://www.oracle.com/technetwork/topics/security/alert-cve-2014-7169-2303276.html
Oracle Technology Network
59	Bash "Shellshock" Vulnerabilities - CVE-2014-7169	http://www.oracle.com/technetwork/topics/security/bashcve-2014-7169-2317675.html
QNAP Systems, Inc.
60	NAS-201410-05	http://www.qnap.com/i/en/support/con_show.php?cid=61
Red Hat Bugzilla
61	Bug 1141597	https://bugzilla.redhat.com/show_bug.cgi?id=1141597
Red Hat Customer Portal
62	Resolution for Bash Code Injection Vulnerability via Specially Crafted Environment Variables (CVE-2014-6271, CVE-2014-7169) in Red Hat Enterprise Linux	https://access.redhat.com/solutions/1207723
Red Hat Security Advisory
63	RHSA-2014:1306	https://rhn.redhat.com/errata/RHSA-2014-1306.html
64	RHSA-2014:1354	https://rhn.redhat.com/errata/RHSA-2014-1354.html
Red Hat Security Blog
65	Bash specially-crafted environment variables code injection attack	https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/
RTシリーズのセキュリティに関するFAQ
66	GNU Bash 「OS コマンドインジェクション」の脆弱性について	http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/VU252743.html
Security Advisories
67	SA82	https://bto.bluecoat.com/security-advisory/sa82
Security Advisory
68	SOL15629	https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15629.html
SECURITY BLOG
69	Multiple vulnerabilities in Bash	https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_bash
Security Bulletin
70	JSA10648	https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10648
VMware Security Advisories
71	VMSA-2014-0010	http://www.vmware.com/security/advisories/VMSA-2014-0010.html
お知らせ
72	GNU bash の脆弱性に関する弊社調査・対応状況について	http://www.iodata.jp/support/information/2014/bash/
サーバ・クライアント製品セキュリティ情報
73	bashの脆弱性(CVE-2014-6271,CVE-2014-7169 他)によるHA8500への影響について	http://www.hitachi.co.jp/products/it/server/security/info/vulnerable/bash_ha8500.html
74	サーバ・クライアント製品 bashの脆弱性(CVE-2014-6271,CVE-2014-7169他)による影響について	http://www.hitachi.co.jp/products/it/server/security/info/vulnerable/bash_cve20146271.html
シスコセキュリティアドバイザリ
75	cisco-sa-20140926-bash	http://www.cisco.com/cisco/web/support/JP/112/1126/1126247_cisco-sa-20140926-bash-j.html
富士通セキュリティ情報
76	「GNU Bash に OS コマンドインジェクションの脆弱性」への富士通製品の対応について	http://software.fujitsu.com/jp/security/vulnerabilities/jvn-97219505.html
製品セキュリティ情報
77	GNU BashにおけるOSコマンドインジェクションの脆弱性	http://buffalo.jp/support_s/s20141002.html
78	TLSA-2014-9	http://www.turbolinux.co.jp/security/2014/TLSA-2014-9j.html

その他

No	名前	URL
ICS-CERT ADVISORY
1	ICSA-14-269-01A	https://www.cisa.gov/news-events/ics-advisories/icsa-14-269-01a
IPA 重要なセキュリティ情報
2	bash の脆弱性対策について(CVE-2014-6271 等)	http://www.ipa.go.jp/security/ciadr/vul/20140926-bash.html
JPCERT 注意喚起
3	JPCERT-AT-2014-0037	https://www.jpcert.or.jp/at/2014/at140037.html
JVN
4	JVN#55667175	http://jvn.jp/jp/JVN55667175/index.html
5	JVNVU#97219505	http://jvn.jp/vu/JVNVU97219505/index.html
6	JVNVU#97537282	http://jvn.jp/vu/JVNVU97537282/index.html
JVN iPedia
7	JVNDB-2014-000126	http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000126.html
US-CERT Technical Cyber Security Alert
8	TA14-268A	https://www.us-cert.gov/ncas/alerts/TA14-268A
US-CERT Vulnerability Note
9	VU#252743	http://www.kb.cert.org/vuls/id/252743
関連文書
10	APPLE-SA-2014-10-16-1 OS X Yosemite v10.10	http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html
11	Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers	http://www.openwall.com/lists/oss-security/2014/09/24/32
12	The bash patch seems incomplete to me, function parsing is still brittle.	https://twitter.com/taviso/statuses/514887394294652929
13	株式会社アラタナの告知ページ (GNU bash脆弱性への弊社対応状況について)	http://www.aratana.jp/security/detail.php?id=10

変更履歴

No	変更内容	変更日
0	[2014年09月26日] 掲載 [2014年09月30日] ベンダ情報：レッドハット (RHSA-2014:1306) を追加ベンダ情報：レッドハット (Bash specially-crafted environment variables code injection attack) を追加ベンダ情報：レッドハット (Resolution for Bash Code Injection Vulnerability via Specially Crafted Environment Variables (CVE-2014-6271, CVE-2014-7169) in Red Hat Enterprise Linux) を追加ベンダ情報：富士通 (GNU Bash に OS コマンドインジェクションの脆弱性) を追加 [2014年10月06日] 影響を受けるシステム：ベンダ情報の追加に伴い内容を更新ベンダ情報：アライドテレシス (アライドテレシス株式会社からの情報) を追加ベンダ情報：ミラクル・リナックス (bash-3.2-33.AXS3.4) を追加ベンダ情報：ミラクル・リナックス (bash-4.1.2-15.AXS4.2) を追加ベンダ情報：ヤマハ (GNU Bash 「OS コマンドインジェクション」の脆弱性について) を追加ベンダ情報：日本電気 (AV14-003) を追加参考情報：関連文書 (株式会社アラタナの告知ページ (GNU bash脆弱性への弊社対応状況について)) を追加 [2014年10月21日] ベンダ情報：オラクル (Oracle Security Alert for CVE-2014-7169) を追加ベンダ情報：オラクル (Multiple vulnerabilities in Bash) を追加 [2014年10月28日] 参考情報：JVN (JVN#55667175) を追加 [2014年11月07日] 影響を受けるシステム：ベンダ情報の追加に伴い内容を更新ベンダ情報：F5 Networks (SOL15629) を追加ベンダ情報：IBM (T1021272) を追加ベンダ情報：IBM (1685749) を追加ベンダ情報：IBM (1685914) を追加ベンダ情報：IBM (1685541) を追加ベンダ情報：IBM (S1004915) を追加ベンダ情報：IBM (S1004879) を追加ベンダ情報：IBM (T1021279) を追加ベンダ情報：IBM (S1004897) を追加ベンダ情報：IBM (S1004898) を追加ベンダ情報：IBM (1686479) を追加ベンダ情報：IBM (1686084) を追加ベンダ情報：IBM (1685604) を追加ベンダ情報：IBM (1685733) を追加ベンダ情報：IBM (1686131) を追加ベンダ情報：IBM (MIGR-5096315) を追加ベンダ情報：Novell (OES11 SP2, OES11SP1, OES2 SP3 vulnerability with GNU Bash Remote Code Execution (aka ShellShock) and Mozilla NSS vulnerabilities) を追加ベンダ情報：Novell (CVE-2014-6271) を追加ベンダ情報：Novell (ZENworks Configuration Management vulnerability with GNU Bash Remote Code Execution (aka ShellShock)) を追加ベンダ情報：Novell (ShellShock 101 - What you need to know and do, to ensure your systems are secure) を追加ベンダ情報：VMware (VMSA-2014-0010) を追加ベンダ情報：アップル (HT6495) を追加ベンダ情報：アップル (HT6535) を追加ベンダ情報：オラクル (Bash "Shellshock" Vulnerabilities - CVE-2014-7169) を追加ベンダ情報：シスコシステムズ (cisco-sa-20140926-bash) を追加ベンダ情報：シトリックス・システムズ (CTX200217) を追加ベンダ情報：シトリックス・システムズ (CTX200223) を追加ベンダ情報：ジュニパーネットワークス (JSA10648) を追加ベンダ情報：ヒューレット・パッカード (HPSBGN03117 SSRT101724) を追加ベンダ情報：ヒューレット・パッカード (HPSBHF03119 SSRT101725) を追加ベンダ情報：ヒューレット・パッカード (HPSBST03122 SSRT101717) を追加ベンダ情報：ヒューレット・パッカード (HPSBHF03124 SSRT101728) を追加ベンダ情報：ヒューレット・パッカード (HPSBHF03125 SSRT101724) を追加ベンダ情報：ヒューレット・パッカード (HPSBGN03138 SSRT101755) を追加ベンダ情報：レッドハット (Bug 1141597) を追加ベンダ情報：ブルーコートシステムズ (SA82) を追加ベンダ情報：バッファロー (GNU BashにおけるOSコマンドインジェクションの脆弱性) を追加参考情報：JVN (JVNVU#97537282) を追加参考情報：関連文書 (APPLE-SA-2014-10-16-1 OS X Yosemite v10.10) を追加 [2014年11月27日] 影響を受けるシステム：ベンダ情報の追加に伴い内容を更新ベンダ情報：ヒューレット・パッカード (HPSBST03131 SSRT101749) を追加ベンダ情報：ヒューレット・パッカード (HPSBST03129 SSRT101760) を追加ベンダ情報：ヒューレット・パッカード (HPSBGN03141 SSRT101763) を追加ベンダ情報：ヒューレット・パッカード (HPSBGN03142 SSRT101764) を追加ベンダ情報：ヒューレット・パッカード (HPSBMU03144 SSRT101762) を追加ベンダ情報：ヒューレット・パッカード (HPSBHF03145 SSRT101765) を追加ベンダ情報：ヒューレット・パッカード (HPSBMU03143 SSRT101761) を追加ベンダ情報：ヒューレット・パッカード (HPSBHF03146 SSRT101765) を追加ベンダ情報：ヒューレット・パッカード (HPSBST03157 SSRT101718) を追加ベンダ情報：IBM (1686447) を追加ベンダ情報：レッドハット (RHSA-2014:1354) を追加ベンダ情報：QNAP Systems (NAS-201410-05) を追加参考情報：JVN iPedia (JVNDB-2014-000126) を追加 [2014年12月02日] ベンダ情報：ヒューレット・パッカード (HPSBMU03182 SSRT101787) を追加ベンダ情報：ヒューレット・パッカード (HPSBST03154 SSRT101747) を追加ベンダ情報：ヒューレット・パッカード (HPSBST03181 SSRT101811) を追加ベンダ情報：ヒューレット・パッカード (HPSBST03155 SSRT101747) を追加ベンダ情報：ヒューレット・パッカード (HPSBMU03165 SSRT101783) を追加 [2015年01月07日] ベンダ情報：アイ・オー・データ機器 (GNU bash の脆弱性に関する弊社調査・対応状況について) を追加 [2015年03月27日] ベンダ情報：ターボリナックス (TLSA-2014-9) を追加 [2015年04月30日] ベンダ情報：IBM (1685433) を追加ベンダ情報：IBM (1685522) を追加ベンダ情報：IBM (1686493) を追加ベンダ情報：IBM (1685798) を追加ベンダ情報：IBM (1686299) を追加ベンダ情報：IBM (1686635) を追加 [2015年12月24日] 影響を受けるシステム：ベンダ情報の追加に伴い内容を更新ベンダ情報：日立 (サーバ・クライアント製品 bashの脆弱性(CVE-2014-6271,CVE-2014-7169他)による影響について) を追加ベンダ情報：日立 (bashの脆弱性(CVE-2014-6271,CVE-2014-7169 他)によるHA8500への影響について) を追加	2018年2月17日10:37
1	[2024年07月17日] 参考情報：ICS-CERT ADVISORY (ICSA-14-269-01A) を追加	2024年7月17日14:51