FTP: Multiple Products Bash Shellshock Vulnerability
This signature detects attempts to exploit a known vulnerability against GNU Bash. A successful attack can lead to arbitrary code execution.
Extended Description
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.
Affected Products
Redhat enterprise_linux_server
Short Name
FTP:SHELLSHOCK
Severity
Critical
Recommended
False
Recommended Action
Drop
Category
FTP
Keywords
Bash CVE-2014-6271 CVE-2014-6277 CVE-2014-6278 CVE-2014-7169 Multiple Products Shellshock Vulnerability bid:70103
Release Date
10/14/2014
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3727
False Positive
Unknown
Vendors
Checkpoint
Suse
F5
Redhat
Gnu
Ibm
Opensuse
Novell
Mageia
Arista
Qnap
Oracle
Canonical
Debian
Vmware
Apple
CVSS Score
10.0