製品・ソフトウェアに関する情報

JVN脆弱性詳細

GNU bash における任意のコマンドを実行される脆弱性

Title	GNU bash における任意のコマンドを実行される脆弱性
Summary	GNU bash は、環境変数の値の関数定義を適切に解析しないため、任意のコマンドを実行される脆弱性が存在します。本脆弱性は、CVE-2014-6271、CVE-2014-7169、および CVE-2014-6277 に対する修正が不十分だったことによる脆弱性です。
Possible impacts	第三者により、巧妙に細工された環境を介して、任意のコマンドを実行される可能性があります。
Solution	ベンダ情報および参考情報を参照して適切な対策を実施してください。
Publication Date	Sept. 29, 2014, midnight
Registration Date	Oct. 1, 2014, 1:40 p.m.
Last Update	Dec. 24, 2015, 6:23 p.m.

CVSS2.0 : 危険
Score	10
Vector	AV:N/AC:L/Au:N/C:C/I:C/A:C

Affected System

GNU Project

bash 4.3 bash43-026 まで

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2014-6278	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6278
National Vulnerability Database (NVD)
2	CVE-2014-6278	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6278
Security Bug Tracker
3	CVE-2014-6278	https://security-tracker.debian.org/tracker/CVE-2014-6278

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-78	https://jvndb.jvn.jp/ja/cwe/CWE-78.html

ベンダー情報

No	Name	URL
Asianux Technical Support Network
1	bash-3.2-33.AXS3.4	https://tsn.miraclelinux.com/tsn_local/index.php?m=errata&a=detail&eid=3918
2	bash-4.1.2-15.AXS4.2	https://tsn.miraclelinux.com/tsn_local/index.php?m=errata&a=detail&eid=3919
Cisco Security Advisory
3	cisco-sa-20140926-bash	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash
Citrix Support
4	CTX200217	https://support.citrix.com/article/CTX200217
5	CTX200223	https://support.citrix.com/article/CTX200223
GnuPG Project
6	GNU Bash	http://www.gnu.org/software/bash/
HP Security Bulletin
7	HPSBGN03138 SSRT101755	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04475942
8	HPSBGN03141 SSRT101763	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04479398
9	HPSBGN03142 SSRT101764	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04479402
10	HPSBGN03233	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04540692
11	HPSBHF03125 SSRT101724	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04471538
12	HPSBHF03145 SSRT101765	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04479505
13	HPSBHF03146 SSRT101765	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04479601
14	HPSBMU03143 SSRT101761	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04479536
15	HPSBMU03144 SSRT101762	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04479492
16	HPSBMU03165 SSRT101783	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04497075
17	HPSBMU03182 SSRT101787	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04497042
18	HPSBMU03217 SSRT101827	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04512907
19	HPSBMU03236 SSRT101830	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04552143
20	HPSBMU03245 SSRT101742	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04556845
21	HPSBST03122 SSRT101717	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04471532
22	HPSBST03129 SSRT101760	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04478866
23	HPSBST03154 SSRT101747	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04487558
24	HPSBST03155 SSRT101747	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04487573
25	HPSBST03157 SSRT101718	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04488200
26	HPSBST03181 SSRT101811	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04496383
IBM Support Document
27	1685433	http://www-01.ibm.com/support/docview.wss?uid=swg21685433
28	1685522	http://www-01.ibm.com/support/docview.wss?uid=swg21685522
29	1685541	http://www-01.ibm.com/support/docview.wss?uid=swg21685541
30	1685604	http://www-01.ibm.com/support/docview.wss?uid=swg21685604
31	1685733	http://www-01.ibm.com/support/docview.wss?uid=swg21685733
32	1685749	http://www-01.ibm.com/support/docview.wss?uid=swg21685749
33	1685914	http://www-01.ibm.com/support/docview.wss?uid=swg21685914
34	1686131	http://www-01.ibm.com/support/docview.wss?uid=swg21686131
35	1686479	http://www-01.ibm.com/support/docview.wss?uid=swg21686479
36	1686493	http://www-01.ibm.com/support/docview.wss?uid=swg21686493
37	MIGR-5096315	http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096315
38	S1004879	http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004879
39	S1004897	http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004897
40	S1004898	http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004898
41	S1004915	http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004915
42	T1021272	http://www-01.ibm.com/support/docview.wss?uid=isg3T1021272
43	T1021279	http://www-01.ibm.com/support/docview.wss?uid=isg3T1021279
IBM セキュリティー情報
44	1685798	http://www-01.ibm.com/support/docview.wss?uid=swg21685798
45	1686299	http://www-01.ibm.com/support/docview.wss?uid=swg21686299
46	1686635	http://www-01.ibm.com/support/docview.wss?uid=swg21686635
JVN
47	アライドテレシス株式会社からの情報	http://jvn.jp/vu/JVNVU97219505/522154/index.html
Knowledgebase
48	OES11 SP2, OES11SP1, OES2 SP3 vulnerability with GNU Bash Remote Code Execution (aka ShellShock) and Mozilla NSS vulnerabilities	https://www.novell.com/support/kb/doc.php?id=7015701
49	ZENworks Configuration Management vulnerability with GNU Bash Remote Code Execution (aka ShellShock)	https://www.novell.com/support/kb/doc.php?id=7015721
NEC製品セキュリティ情報
50	AV14-003	http://jpn.nec.com/security-info/av14-003.html
openSUSE
51	ShellShock 101 - What you need to know and do, to ensure your systems are secure	https://www.suse.com/support/shellshock/
Oracle
52	ELSA-2014-3093	http://linux.oracle.com/errata/ELSA-2014-3093
53	ELSA-2014-3094	http://linux.oracle.com/errata/ELSA-2014-3094
Oracle Technology Network
54	Bash "Shellshock" Vulnerabilities - CVE-2014-7169	http://www.oracle.com/technetwork/topics/security/bashcve-2014-7169-2317675.html
QNAP Systems, Inc.
55	NAS-201410-05	http://www.qnap.com/i/en/support/con_show.php?cid=61
Red Hat Bugzilla
56	Bug 1147414	https://bugzilla.redhat.com/show_bug.cgi?id=1147414
Red Hat Customer Portal
57	Resolution for Bash Code Injection Vulnerability via Specially Crafted Environment Variables (CVE-2014-6271, CVE-2014-7169) in Red Hat Enterprise Linux	https://access.redhat.com/solutions/1207723
Red Hat Security Blog
58	Bash specially-crafted environment variables code injection attack	https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/
RTシリーズのセキュリティに関するFAQ
59	GNU Bash 「OS コマンドインジェクション」の脆弱性について	http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/VU252743.html
Security Advisories
60	SA82	https://bto.bluecoat.com/security-advisory/sa82
Security Advisory
61	SOL15629	https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15629.html
SECURITY BLOG
62	Multiple vulnerabilities in Bash	https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_bash
Security Bulletin
63	JSA10648	https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10648
VMware Security Advisories
64	VMSA-2014-0010	http://www.vmware.com/security/advisories/VMSA-2014-0010.html
お知らせ
65	GNU bash の脆弱性に関する弊社調査・対応状況について	http://www.iodata.jp/support/information/2014/bash/
サーバ・クライアント製品セキュリティ情報
66	bashの脆弱性(CVE-2014-6271,CVE-2014-7169 他)によるHA8500への影響について	http://www.hitachi.co.jp/products/it/server/security/info/vulnerable/bash_ha8500.html
67	サーバ・クライアント製品 bashの脆弱性(CVE-2014-6271,CVE-2014-7169他)による影響について	http://www.hitachi.co.jp/products/it/server/security/info/vulnerable/bash_cve20146271.html
シスコセキュリティアドバイザリ
68	cisco-sa-20140926-bash	http://www.cisco.com/cisco/web/support/JP/112/1126/1126247_cisco-sa-20140926-bash-j.html
富士通セキュリティ情報
69	GNU Bash に OS コマンドインジェクションの脆弱性	http://software.fujitsu.com/jp/security/vulnerabilities/jvn-97219505.html
製品セキュリティ情報
70	GNU BashにおけるOSコマンドインジェクションの脆弱性	http://buffalo.jp/support_s/s20141002.html
71	TLSA-2014-10	http://www.turbolinux.co.jp/security/2014/TLSA-2014-10j.html

その他

No	Name	URL
IPA 重要なセキュリティ情報
1	bash の脆弱性対策について(CVE-2014-6271 等)	http://www.ipa.go.jp/security/ciadr/vul/20140926-bash.html
JPCERT 注意喚起
2	JPCERT-AT-2014-0037	https://www.jpcert.or.jp/at/2014/at140037.html
JVN
3	JVN#55667175	http://jvn.jp/jp/JVN55667175/index.html
4	JVNVU#97219505	http://jvn.jp/vu/JVNVU97219505/index.html
JVN iPedia
5	JVNDB-2014-000126	http://jvndb.jvn.jp/jvndb/JVNDB-2014-000126
US-CERT Technical Cyber Security Alert
6	TA14-268A	https://www.us-cert.gov/ncas/alerts/TA14-268A
US-CERT Vulnerability Note
7	VU#252743	http://www.kb.cert.org/vuls/id/252743
関連文書
8	Bash bug: apply Florian's patch now (CVE-2014-6277 and CVE-2014-6278)	http://lcamtuf.blogspot.jp/2014/09/bash-bug-apply-unofficial-patch-now.html
9	株式会社アラタナの告知ページ (GNU bash脆弱性への弊社対応状況について)	http://www.aratana.jp/security/detail.php?id=10

Change Log

No	Changed Details	Date of change
0	[2014年10月01日] 掲載 [2014年10月06日] 影響を受けるシステム：ベンダ情報の追加に伴い内容を更新ベンダ情報：アライドテレシス (アライドテレシス株式会社からの情報) を追加ベンダ情報：ミラクル・リナックス (bash-3.2-33.AXS3.4) を追加ベンダ情報：ミラクル・リナックス (bash-4.1.2-15.AXS4.2) を追加ベンダ情報：ヤマハ (GNU Bash 「OS コマンドインジェクション」の脆弱性について) を追加ベンダ情報：日本電気 (AV14-003) を追加参考情報：関連文書 (株式会社アラタナの告知ページ (GNU bash脆弱性への弊社対応状況について)) を追加 [2014年10月21日] ベンダ情報：オラクル (Multiple vulnerabilities in Bash) を追加 [2014年11月10日] 影響を受けるシステム：ベンダ情報の追加に伴い内容を更新ベンダ情報：F5 Networks (SOL15629) を追加ベンダ情報：IBM (T1021272) を追加ベンダ情報：IBM (1685749) を追加ベンダ情報：IBM (1685914) を追加ベンダ情報：IBM (1685541) を追加ベンダ情報：IBM (S1004915) を追加ベンダ情報：IBM (S1004879) を追加ベンダ情報：IBM (T1021279) を追加ベンダ情報：IBM (S1004897) を追加ベンダ情報：IBM (S1004898) を追加ベンダ情報：IBM (1686479) を追加ベンダ情報：IBM (1685604) を追加ベンダ情報：IBM (1685733) を追加ベンダ情報：IBM (1686131) を追加ベンダ情報：IBM (MIGR-5096315) を追加ベンダ情報：Novell (OES11 SP2, OES11SP1, OES2 SP3 vulnerability with GNU Bash Remote Code Execution (aka ShellShock) and Mozilla NSS vulnerabilities) を追加ベンダ情報：Novell (ZENworks Configuration Management vulnerability with GNU Bash Remote Code Execution (aka ShellShock)) を追加ベンダ情報：Novell (ShellShock 101 - What you need to know and do, to ensure your systems are secure) を追加ベンダ情報：VMware (VMSA-2014-0010) を追加ベンダ情報：オラクル (Bash "Shellshock" Vulnerabilities - CVE-2014-7169) を追加ベンダ情報：シスコシステムズ (cisco-sa-20140926-bash) を追加ベンダ情報：シトリックス・システムズ (CTX200217) を追加ベンダ情報：シトリックス・システムズ (CTX200223) を追加ベンダ情報：ジュニパーネットワークス (JSA10648) を追加ベンダ情報：ヒューレット・パッカード (HPSBST03122 SSRT101717) を追加ベンダ情報：ヒューレット・パッカード (HPSBHF03125 SSRT101724) を追加ベンダ情報：ヒューレット・パッカード (HPSBGN03138 SSRT101755) を追加ベンダ情報：ブルーコートシステムズ (SA82) を追加ベンダ情報：バッファロー (GNU BashにおけるOSコマンドインジェクションの脆弱性) を追加 [2014年11月27日] ベンダ情報：ヒューレット・パッカード (HPSBST03129 SSRT101760) を追加ベンダ情報：ヒューレット・パッカード (HPSBGN03141 SSRT101763) を追加ベンダ情報：ヒューレット・パッカード (HPSBGN03142 SSRT101764) を追加ベンダ情報：ヒューレット・パッカード (HPSBMU03144 SSRT101762) を追加ベンダ情報：ヒューレット・パッカード (HPSBHF03145 SSRT101765) を追加ベンダ情報：ヒューレット・パッカード (HPSBMU03143 SSRT101761) を追加ベンダ情報：ヒューレット・パッカード (HPSBHF03146 SSRT101765) を追加ベンダ情報：ヒューレット・パッカード (HPSBST03157 SSRT101718) を追加ベンダ情報：QNAP Systems (NAS-201410-05) を追加参考情報：JVN iPedia (JVNDB-2014-000126) を追加参考情報：JVN (JVN#55667175) を追加 [2014年12月02日] ベンダ情報：ヒューレット・パッカード (HPSBMU03182 SSRT101787) を追加ベンダ情報：ヒューレット・パッカード (HPSBST03154 SSRT101747) を追加ベンダ情報：ヒューレット・パッカード (HPSBST03181 SSRT101811) を追加ベンダ情報：ヒューレット・パッカード (HPSBST03155 SSRT101747) を追加ベンダ情報：ヒューレット・パッカード (HPSBMU03165 SSRT101783) を追加 [2014年12月26日] ベンダ情報：オラクル (ELSA-2014-3093) を追加ベンダ情報：オラクル (ELSA-2014-3094) を追加 [2015年01月07日] ベンダ情報：アイ・オー・データ機器 (GNU bash の脆弱性に関する弊社調査・対応状況について) を追加 [2015年03月27日] ベンダ情報：ターボリナックス (TLSA-2014-10) を追加 [2015年04月30日] ベンダ情報：IBM (1685433) を追加ベンダ情報：IBM (1685522) を追加ベンダ情報：IBM (1686493) を追加ベンダ情報：IBM (1685798) を追加ベンダ情報：IBM (1686299) を追加ベンダ情報：IBM (1686635) を追加 [2015年05月27日] ベンダ情報：ヒューレット・パッカード (HPSBMU03217 SSRT101827) を追加ベンダ情報：ヒューレット・パッカード (HPSBGN03233) を追加ベンダ情報：ヒューレット・パッカード (HPSBMU03245 SSRT101742) を追加ベンダ情報：ヒューレット・パッカード (HPSBMU03246 SSRT101743) を追加 [2015年12月24日] 影響を受けるシステム：ベンダ情報の追加に伴い内容を更新ベンダ情報：日立 (サーバ・クライアント製品 bashの脆弱性(CVE-2014-6271,CVE-2014-7169他)による影響について) を追加ベンダ情報：日立 (bashの脆弱性(CVE-2014-6271,CVE-2014-7169 他)によるHA8500への影響について) を追加	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2014-6278

Summary	GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary commands via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271, CVE-2014-7169, and CVE-2014-6277.
Publication Date	Sept. 30, 2014, 7:55 p.m.
Registration Date	Jan. 26, 2021, 3:16 p.m.
Last Update	Nov. 21, 2024, 11:14 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:gnu:bash:4.0:rc1::::::
cpe:2.3:a:gnu:bash:4.3:::::::*
cpe:2.3:a:gnu:bash:3.2.48:::::::*
cpe:2.3:a:gnu:bash:1.14.3:::::::*
cpe:2.3:a:gnu:bash:4.1:::::::*
cpe:2.3:a:gnu:bash:2.05:a::::::
cpe:2.3:a:gnu:bash:2.05:b::::::
cpe:2.3:a:gnu:bash:2.05:::::::*
cpe:2.3:a:gnu:bash:1.14.1:::::::*
cpe:2.3:a:gnu:bash:3.0:::::::*
cpe:2.3:a:gnu:bash:2.01:::::::*
cpe:2.3:a:gnu:bash:2.04:::::::*
cpe:2.3:a:gnu:bash:2.0:::::::*
cpe:2.3:a:gnu:bash:2.01.1:::::::*
cpe:2.3:a:gnu:bash:1.14.7:::::::*
cpe:2.3:a:gnu:bash:3.1:::::::*
cpe:2.3:a:gnu:bash:1.14.6:::::::*
cpe:2.3:a:gnu:bash:1.14.2:::::::*
cpe:2.3:a:gnu:bash:4.0:::::::*
cpe:2.3:a:gnu:bash:1.14.4:::::::*
cpe:2.3:a:gnu:bash:4.2:::::::*
cpe:2.3:a:gnu:bash:2.02.1:::::::*
cpe:2.3:a:gnu:bash:3.0.16:::::::*
cpe:2.3:a:gnu:bash:1.14.5:::::::*
cpe:2.3:a:gnu:bash:1.14.0:::::::*
cpe:2.3:a:gnu:bash:2.02:::::::*
cpe:2.3:a:gnu:bash:3.2:::::::*
cpe:2.3:a:gnu:bash:2.03:::::::*

Related information, measures and tools

No	URL	タグ
1	http://jvn.jp/en/jp/JVN55667175/index.html
2	http://jvn.jp/en/jp/JVN55667175/index.html
3	http://jvndb.jvn.jp/jvndb/JVNDB-2014-000126
4	http://jvndb.jvn.jp/jvndb/JVNDB-2014-000126
5	http://lcamtuf.blogspot.com/2014/09/bash-bug-apply-unofficial-patch-now.html	Patch
6	http://lcamtuf.blogspot.com/2014/09/bash-bug-apply-unofficial-patch-now.html	Patch
7	http://lcamtuf.blogspot.com/2014/10/bash-bug-how-we-finally-cracked.html
8	http://lcamtuf.blogspot.com/2014/10/bash-bug-how-we-finally-cracked.html
9	http://linux.oracle.com/errata/ELSA-2014-3093
10	http://linux.oracle.com/errata/ELSA-2014-3093
11	http://linux.oracle.com/errata/ELSA-2014-3094
12	http://linux.oracle.com/errata/ELSA-2014-3094
13	http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00004.html
14	http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00004.html
15	http://lists.opensuse.org/opensuse-updates/2014-10/msg00025.html
16	http://lists.opensuse.org/opensuse-updates/2014-10/msg00025.html
17	http://marc.info/?l=bugtraq&m=141330468527613&w=2
18	http://marc.info/?l=bugtraq&m=141330468527613&w=2
19	http://marc.info/?l=bugtraq&m=141345648114150&w=2
20	http://marc.info/?l=bugtraq&m=141345648114150&w=2
21	http://marc.info/?l=bugtraq&m=141383026420882&w=2
22	http://marc.info/?l=bugtraq&m=141383026420882&w=2
23	http://marc.info/?l=bugtraq&m=141383081521087&w=2
24	http://marc.info/?l=bugtraq&m=141383081521087&w=2
25	http://marc.info/?l=bugtraq&m=141383196021590&w=2
26	http://marc.info/?l=bugtraq&m=141383196021590&w=2
27	http://marc.info/?l=bugtraq&m=141383244821813&w=2
28	http://marc.info/?l=bugtraq&m=141383244821813&w=2
29	http://marc.info/?l=bugtraq&m=141383304022067&w=2
30	http://marc.info/?l=bugtraq&m=141383304022067&w=2
31	http://marc.info/?l=bugtraq&m=141383353622268&w=2
32	http://marc.info/?l=bugtraq&m=141383353622268&w=2
33	http://marc.info/?l=bugtraq&m=141383465822787&w=2
34	http://marc.info/?l=bugtraq&m=141383465822787&w=2
35	http://marc.info/?l=bugtraq&m=141450491804793&w=2
36	http://marc.info/?l=bugtraq&m=141450491804793&w=2
37	http://marc.info/?l=bugtraq&m=141576728022234&w=2
38	http://marc.info/?l=bugtraq&m=141576728022234&w=2
39	http://marc.info/?l=bugtraq&m=141577137423233&w=2
40	http://marc.info/?l=bugtraq&m=141577137423233&w=2
41	http://marc.info/?l=bugtraq&m=141577241923505&w=2
42	http://marc.info/?l=bugtraq&m=141577241923505&w=2
43	http://marc.info/?l=bugtraq&m=141577297623641&w=2
44	http://marc.info/?l=bugtraq&m=141577297623641&w=2
45	http://marc.info/?l=bugtraq&m=141585637922673&w=2
46	http://marc.info/?l=bugtraq&m=141585637922673&w=2
47	http://marc.info/?l=bugtraq&m=141879528318582&w=2
48	http://marc.info/?l=bugtraq&m=141879528318582&w=2
49	http://marc.info/?l=bugtraq&m=141879528318582&w=2
50	http://marc.info/?l=bugtraq&m=141879528318582&w=2
51	http://marc.info/?l=bugtraq&m=142118135300698&w=2
52	http://marc.info/?l=bugtraq&m=142118135300698&w=2
53	http://marc.info/?l=bugtraq&m=142118135300698&w=2
54	http://marc.info/?l=bugtraq&m=142118135300698&w=2
55	http://marc.info/?l=bugtraq&m=142118135300698&w=2
56	http://marc.info/?l=bugtraq&m=142118135300698&w=2
57	http://marc.info/?l=bugtraq&m=142358026505815&w=2
58	http://marc.info/?l=bugtraq&m=142358026505815&w=2
59	http://marc.info/?l=bugtraq&m=142358026505815&w=2
60	http://marc.info/?l=bugtraq&m=142358026505815&w=2
61	http://marc.info/?l=bugtraq&m=142358078406056&w=2
62	http://marc.info/?l=bugtraq&m=142358078406056&w=2
63	http://marc.info/?l=bugtraq&m=142721162228379&w=2
64	http://marc.info/?l=bugtraq&m=142721162228379&w=2
65	http://marc.info/?l=bugtraq&m=142721162228379&w=2
66	http://marc.info/?l=bugtraq&m=142721162228379&w=2
67	http://packetstormsecurity.com/files/128567/CA-Technologies-GNU-Bash-Shellshock.html
68	http://packetstormsecurity.com/files/128567/CA-Technologies-GNU-Bash-Shellshock.html
69	http://packetstormsecurity.com/files/137344/Sun-Secure-Global-Desktop-Oracle-Global-Desktop-Shellshock.html
70	http://packetstormsecurity.com/files/137344/Sun-Secure-Global-Desktop-Oracle-Global-Desktop-Shellshock.html
71	http://secunia.com/advisories/58200
72	http://secunia.com/advisories/58200
73	http://secunia.com/advisories/59907
74	http://secunia.com/advisories/59907
75	http://secunia.com/advisories/59961
76	http://secunia.com/advisories/59961
77	http://secunia.com/advisories/60024
78	http://secunia.com/advisories/60024
79	http://secunia.com/advisories/60034
80	http://secunia.com/advisories/60034
81	http://secunia.com/advisories/60044
82	http://secunia.com/advisories/60044
83	http://secunia.com/advisories/60055
84	http://secunia.com/advisories/60055
85	http://secunia.com/advisories/60063
86	http://secunia.com/advisories/60063
87	http://secunia.com/advisories/60193
88	http://secunia.com/advisories/60193
89	http://secunia.com/advisories/60325
90	http://secunia.com/advisories/60325
91	http://secunia.com/advisories/60433
92	http://secunia.com/advisories/60433
93	http://secunia.com/advisories/61065
94	http://secunia.com/advisories/61065
95	http://secunia.com/advisories/61128
96	http://secunia.com/advisories/61128
97	http://secunia.com/advisories/61129
98	http://secunia.com/advisories/61129
99	http://secunia.com/advisories/61283
100	http://secunia.com/advisories/61283
101	http://secunia.com/advisories/61287
102	http://secunia.com/advisories/61287
103	http://secunia.com/advisories/61291
104	http://secunia.com/advisories/61291
105	http://secunia.com/advisories/61312
106	http://secunia.com/advisories/61312
107	http://secunia.com/advisories/61313
108	http://secunia.com/advisories/61313
109	http://secunia.com/advisories/61328
110	http://secunia.com/advisories/61328
111	http://secunia.com/advisories/61442
112	http://secunia.com/advisories/61442
113	http://secunia.com/advisories/61471
114	http://secunia.com/advisories/61471
115	http://secunia.com/advisories/61485
116	http://secunia.com/advisories/61485
117	http://secunia.com/advisories/61503
118	http://secunia.com/advisories/61503
119	http://secunia.com/advisories/61550
120	http://secunia.com/advisories/61550
121	http://secunia.com/advisories/61552
122	http://secunia.com/advisories/61552
123	http://secunia.com/advisories/61565
124	http://secunia.com/advisories/61565
125	http://secunia.com/advisories/61603
126	http://secunia.com/advisories/61603
127	http://secunia.com/advisories/61633
128	http://secunia.com/advisories/61633
129	http://secunia.com/advisories/61641
130	http://secunia.com/advisories/61641
131	http://secunia.com/advisories/61643
132	http://secunia.com/advisories/61643
133	http://secunia.com/advisories/61654
134	http://secunia.com/advisories/61654
135	http://secunia.com/advisories/61703
136	http://secunia.com/advisories/61703
137	http://secunia.com/advisories/61780
138	http://secunia.com/advisories/61780
139	http://secunia.com/advisories/61816
140	http://secunia.com/advisories/61816
141	http://secunia.com/advisories/61857
142	http://secunia.com/advisories/61857
143	http://secunia.com/advisories/62312
144	http://secunia.com/advisories/62312
145	http://secunia.com/advisories/62343
146	http://secunia.com/advisories/62343
147	http://support.novell.com/security/cve/CVE-2014-6278.html
148	http://support.novell.com/security/cve/CVE-2014-6278.html
149	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash
150	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash
151	http://www.mandriva.com/security/advisories?name=MDVSA-2015:164
152	http://www.mandriva.com/security/advisories?name=MDVSA-2015:164
153	http://www.novell.com/support/kb/doc.php?id=7015721
154	http://www.novell.com/support/kb/doc.php?id=7015721
155	http://www.oracle.com/technetwork/topics/security/bashcve-2014-7169-2317675.html
156	http://www.oracle.com/technetwork/topics/security/bashcve-2014-7169-2317675.html
157	http://www.qnap.com/i/en/support/con_show.php?cid=61
158	http://www.qnap.com/i/en/support/con_show.php?cid=61
159	http://www.ubuntu.com/usn/USN-2380-1
160	http://www.ubuntu.com/usn/USN-2380-1
161	http://www.vmware.com/security/advisories/VMSA-2014-0010.html
162	http://www.vmware.com/security/advisories/VMSA-2014-0010.html
163	http://www-01.ibm.com/support/docview.wss?uid=isg3T1021272
164	http://www-01.ibm.com/support/docview.wss?uid=isg3T1021272
165	http://www-01.ibm.com/support/docview.wss?uid=isg3T1021279
166	http://www-01.ibm.com/support/docview.wss?uid=isg3T1021279
167	http://www-01.ibm.com/support/docview.wss?uid=isg3T1021361
168	http://www-01.ibm.com/support/docview.wss?uid=isg3T1021361
169	http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004879
170	http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004879
171	http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004897
172	http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004897
173	http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004898
174	http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004898
175	http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004915
176	http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004915
177	http://www-01.ibm.com/support/docview.wss?uid=swg21685541
178	http://www-01.ibm.com/support/docview.wss?uid=swg21685541
179	http://www-01.ibm.com/support/docview.wss?uid=swg21685604
180	http://www-01.ibm.com/support/docview.wss?uid=swg21685604
181	http://www-01.ibm.com/support/docview.wss?uid=swg21685733
182	http://www-01.ibm.com/support/docview.wss?uid=swg21685733
183	http://www-01.ibm.com/support/docview.wss?uid=swg21685749
184	http://www-01.ibm.com/support/docview.wss?uid=swg21685749
185	http://www-01.ibm.com/support/docview.wss?uid=swg21685914
186	http://www-01.ibm.com/support/docview.wss?uid=swg21685914
187	http://www-01.ibm.com/support/docview.wss?uid=swg21686131
188	http://www-01.ibm.com/support/docview.wss?uid=swg21686131
189	http://www-01.ibm.com/support/docview.wss?uid=swg21686246
190	http://www-01.ibm.com/support/docview.wss?uid=swg21686246
191	http://www-01.ibm.com/support/docview.wss?uid=swg21686445
192	http://www-01.ibm.com/support/docview.wss?uid=swg21686445
193	http://www-01.ibm.com/support/docview.wss?uid=swg21686479
194	http://www-01.ibm.com/support/docview.wss?uid=swg21686479
195	http://www-01.ibm.com/support/docview.wss?uid=swg21686494
196	http://www-01.ibm.com/support/docview.wss?uid=swg21686494
197	http://www-01.ibm.com/support/docview.wss?uid=swg21687079
198	http://www-01.ibm.com/support/docview.wss?uid=swg21687079
199	http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096315
200	http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096315
201	https://bugzilla.redhat.com/show_bug.cgi?id=1147414
202	https://bugzilla.redhat.com/show_bug.cgi?id=1147414
203	https://kb.bluecoat.com/index?page=content&id=SA82
204	https://kb.bluecoat.com/index?page=content&id=SA82
205	https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10648
206	https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10648
207	https://kc.mcafee.com/corporate/index?page=content&id=SB10085
208	https://kc.mcafee.com/corporate/index?page=content&id=SB10085
209	https://security-tracker.debian.org/tracker/CVE-2014-6278
210	https://security-tracker.debian.org/tracker/CVE-2014-6278
211	https://support.citrix.com/article/CTX200217
212	https://support.citrix.com/article/CTX200217
213	https://support.citrix.com/article/CTX200223
214	https://support.citrix.com/article/CTX200223
215	https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15629.html
216	https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15629.html
217	https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04497075
218	https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04497075
219	https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04518183
220	https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04518183
221	https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk102673&src=securityAlerts
222	https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk102673&src=securityAlerts
223	https://www.arista.com/en/support/advisories-notices/security-advisories/1008-security-advisory-0006
224	https://www.arista.com/en/support/advisories-notices/security-advisories/1008-security-advisory-0006
225	https://www.exploit-db.com/exploits/39568/
226	https://www.exploit-db.com/exploits/39568/
227	https://www.exploit-db.com/exploits/39887/
228	https://www.exploit-db.com/exploits/39887/
229	https://www.suse.com/support/shellshock/
230	https://www.suse.com/support/shellshock/

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-78	OSコマンド・インジェクション	https://cwe.mitre.org/data/definitions/78.html

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:gnu:bash:4.0:rc1::::::
cpe:2.3:a:gnu:bash:4.3:::::::*
cpe:2.3:a:gnu:bash:3.2.48:::::::*
cpe:2.3:a:gnu:bash:1.14.3:::::::*
cpe:2.3:a:gnu:bash:4.1:::::::*
cpe:2.3:a:gnu:bash:2.05:a::::::
cpe:2.3:a:gnu:bash:2.05:b::::::
cpe:2.3:a:gnu:bash:2.05:::::::*
cpe:2.3:a:gnu:bash:1.14.1:::::::*
cpe:2.3:a:gnu:bash:3.0:::::::*
cpe:2.3:a:gnu:bash:2.01:::::::*
cpe:2.3:a:gnu:bash:2.04:::::::*
cpe:2.3:a:gnu:bash:2.0:::::::*
cpe:2.3:a:gnu:bash:2.01.1:::::::*
cpe:2.3:a:gnu:bash:1.14.7:::::::*
cpe:2.3:a:gnu:bash:3.1:::::::*
cpe:2.3:a:gnu:bash:1.14.6:::::::*
cpe:2.3:a:gnu:bash:1.14.2:::::::*
cpe:2.3:a:gnu:bash:4.0:::::::*
cpe:2.3:a:gnu:bash:1.14.4:::::::*
cpe:2.3:a:gnu:bash:4.2:::::::*
cpe:2.3:a:gnu:bash:2.02.1:::::::*
cpe:2.3:a:gnu:bash:3.0.16:::::::*
cpe:2.3:a:gnu:bash:1.14.5:::::::*
cpe:2.3:a:gnu:bash:1.14.0:::::::*
cpe:2.3:a:gnu:bash:2.02:::::::*
cpe:2.3:a:gnu:bash:3.2:::::::*
cpe:2.3:a:gnu:bash:2.03:::::::*