๐Ÿ”ด CVE-2014-6278

CVE-2014-6278 is a Bash Shellshock vulnerability allowing remote command execution via crafted environment variables. It affects internet-facing services using Bash for CGI scripts, SSH, DHCP, and other network services that process environment variables.

โ† Back to Overview
HIGH_RISK
Risk Level
8.8
CVSS Score
NETWORK
Attack Vector
Initial Access
ATT&CK Tactic
T1190 โ€” Exploit Public-Facing Application
ATT&CK Technique
VERY_HIGH
Deployment Risk
No
Ransomware

๐Ÿ“‹ Vulnerability Details

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: DIRECT_NETWORK

CVE Published: 2014-09-30

Added to CISA KEV: 2025-10-02 4020 DAYS BETWEEN CVE AND KEV

๐ŸŽฏ Recommendations:

๐Ÿ” Web Intelligence (Kagi ยท 2026-06-04)

CVE-2014-6278 is one of several vulnerabilities collectively known as "Shellshock" (or the Bashdoor bug), which were disclosed in September 2014 [2] [4]. It specifically represents an incomplete fix for earlier Shellshock vulnerabilities, including CVE-2014-6271 and CVE-2014-7169 [4].

Attack Method and Exploitation
  • Mechanism: The vulnerability exists because GNU Bash (up to version 4.3) improperly parses function definitions within environment variables [1]. An attacker can inject malicious code into these environment variables, which Bash then executes when it initializes [2].
  • Requirements: Exploitation is typically remote and does not require user interaction, provided there is a vector that allows an attacker to set environment variables that are subsequently processed by a vulnerable Bash instance [1].
  • Common Vectors: Known attack vectors include:
* CGI Scripts: Apache HTTP Server modules (`mod_cgi` and `mod_cgid`) that pass HTTP request headers as environment variables to scripts [1]. * OpenSSH: The `ForceCommand` feature in `sshd` [1]. * DHCP Clients: Scripts executed by certain DHCP clients [1].
Impact and Access
Successful exploitation allows for arbitrary command execution on the target system with the privileges of the user running the Bash process [1]. This can lead to full system compromise, data exfiltration, or the installation of persistent malware.
Exploitation in the Wild
  • Usage: Following the disclosure of Shellshock, the vulnerability was widely exploited in the wild by various threat actors to create botnets, perform reconnaissance, and deploy malware [2].
  • Tools: Proof-of-concept code and exploit modules (such as those in the Metasploit Framework) were made publicly available shortly after the vulnerability was announced, facilitating widespread scanning and exploitation [3].
Affected Versions and Mitigation
  • Affected Versions: GNU Bash through version 4.3 (specifically up to `bash43-026`) [1].
  • Status: This vulnerability is long-patched. Mitigation was achieved through patches that hardened the Bash parser, preventing environment variables from being incorrectly interpreted as function definitions?id=000018454?kagi_q=CVE-2014-6278+details. Systems running modern, updated versions of Bash are not vulnerable to this issue.

Sources

  1. CVE-2014-6278 Detail - NVD

    GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute ... GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote aโ€ฆ

  2. GNU Bourne-Again Shell (Bash) 'Shellshock' Vulnerability (CVE ...

    The flaw could allow an attacker to remotely execute shell commands by attaching malicious code in environment variables used by the operating ...

  3. CVE-2014-6278 : GNU Bash through 4.3 bash43-026 does not properly parse ...

    CVE-2014-6278 : GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to ... Metasploit modules for CVE-2014-6278. Apache mod_cgi Bash Environment Variable Code Injection (Shellshock). Disclosure Date: 2014-โ€ฆ

  4. CVE-2014-6278 Common Vulnerabilities and Exposures

    Secure your Linux systems from CVE-2014-6278. Stay ahead of potential threats with the latest security updates from SUSE. ... CVE-2014-6278 ... NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271, CVE-2014-7169, and CVE-2014-6277. ... This issue is already mitigated (fixedโ€ฆ

Generated by PatchNow Intelligence System

Analysis based on CIRCL.LU data, Claude AI assessment, and MITRE ATT&CK framework

๐Ÿ“„ Download JSON Data | ๐Ÿ“ก RSS Feed