DHCP: GNU Bash Environment Variable Handling Command Execution DHCP Vector
This signature detects attempts to exploit a known vulnerability against GNU Bash. The vulnerability is due to a failure in handling environment variables. A remote attacker can exploit this vulnerability by interacting with an application that uses Bash environment variables whose content is determined by input read from the network such as a DHCP client. If an attacker can control the value of an environment variable, then command execution can be achieved in the context of the application using the environment variable.
Extended Description
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.
Affected Products
Redhat enterprise_linux_server
Short Name
DHCP:SERVER:GNU-BASH-CMD-EXE
Severity
Critical
Recommended
False
Recommended Action
Drop
Category
DHCP
Keywords
Bash CVE-2014-6271 CVE-2014-7169 Command DHCP Environment Execution GNU Handling Variable Vector bid:70103
Release Date
09/30/2014
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3727
False Positive
Unknown
Vendors
Checkpoint
Suse
F5
Redhat
Gnu
Ibm
Opensuse
Novell
Mageia
Arista
Qnap
Oracle
Canonical
Debian
Vmware
Apple
CVSS Score
10.0