### [CVE-2014-7169](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271.

### POC

#### Reference
- http://linux.oracle.com/errata/ELSA-2014-1306.html
- http://packetstormsecurity.com/files/128517/VMware-Security-Advisory-2014-0010.html
- http://packetstormsecurity.com/files/128567/CA-Technologies-GNU-Bash-Shellshock.html
- http://www-01.ibm.com/support/docview.wss?uid=swg21685733
- http://www.qnap.com/i/en/support/con_show.php?cid=61
- http://www.ubuntu.com/usn/USN-2363-1
- https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04518183
- https://www.exploit-db.com/exploits/34879/

#### Github
- https://github.com/9069332997/session-1-full-stack
- https://github.com/ARPSyndicate/cvemon
- https://github.com/Az4ar/shocker
- https://github.com/ChefRycar/cookbook_shellshock
- https://github.com/CyberlearnbyVK/redteam-notebook
- https://github.com/EvanK/shocktrooper
- https://github.com/Gobinath-B/SHELL-SCHOCK
- https://github.com/IZAORICASTm/CHARQITO_NET
- https://github.com/JPedroVentura/Shocker
- https://github.com/Jean-Francois-C/Boot2root-CTFs-Writeups
- https://github.com/LubinLew/WEB-CVE
- https://github.com/MrCl0wnLab/ShellShockHunter
- https://github.com/NickRycar/cookbook_shellshock
- https://github.com/Ostorlab/KEV
- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
- https://github.com/PixelDef/Shocker
- https://github.com/Prashant-kumar/totalshares
- https://github.com/SaltwaterC/sploit-tools
- https://github.com/UMDTERPS/Shell-Shock-Update
- https://github.com/ajansha/shellshock
- https://github.com/alexpop/mysecurity-cookbook
- https://github.com/andrewxx007/MyExploit-ShellShock
- https://github.com/ankh2054/linux-pentest
- https://github.com/cbk914/ShellShockCheck
- https://github.com/chef-boneyard/bash-shellshock
- https://github.com/demining/ShellShock-Attack
- https://github.com/dlitz/bash-shellshock
- https://github.com/dokku-alt/dokku-alt
- https://github.com/foobarto/redteam-notebook
- https://github.com/gina-alaska/bash-cve-2014-7169-cookbook
- https://github.com/giterlizzi/secdb-feeds
- https://github.com/gitter-badger/scripts-3
- https://github.com/googleinurl/Xpl-SHELLSHOCK-Ch3ck
- https://github.com/h0n3yb/poc-development
- https://github.com/hannob/bashcheck
- https://github.com/ido/macosx-bash-92-shellshock-patched
- https://github.com/inspirion87/w-test
- https://github.com/jackbezalel/patchme
- https://github.com/jcollie/shellshock_salt_grain
- https://github.com/jdauphant/patch-bash-shellshock
- https://github.com/khansiddique/VulnHub-Boot2root-CTFs-Writeups
- https://github.com/make0day/pentest
- https://github.com/matthewlinks/shellshock-Ansible
- https://github.com/meherarfaoui09/meher
- https://github.com/milesbench/ShellshockScan
- https://github.com/mrigank-9594/Exploit-Shellshock
- https://github.com/mritunjay-k/CVE-2014-6271
- https://github.com/mubix/shellshocker-pocs
- https://github.com/mwhahaha/ansible-shellshock
- https://github.com/numenta/agamotto
- https://github.com/opragel/shellshockFixOSX
- https://github.com/opsxcq/exploit-CVE-2014-6271
- https://github.com/pbr94/Shellshock-Bash-Remote-Code-Execution-Vulnerability-and-Exploitation
- https://github.com/prince-stark/SHELL-SCHOCK
- https://github.com/rcvalle/exploits
- https://github.com/readloud/ShellShockHunter-v1.0
- https://github.com/renanvicente/puppet-shellshock
- https://github.com/ricedu/bash-4.2-patched
- https://github.com/thydel/ar-fix-bash-bug
- https://github.com/timb-machine-mirrors/rcvalle-exploits
- https://github.com/trhacknon/Xpl-SHELLSHOCK-Ch3ck
- https://github.com/trhacknon/exploit-CVE-2014-6271
- https://github.com/unixorn/shellshock-patch-osx
- https://github.com/warriordog/little-log-scan
- https://github.com/xdistro/ShellShock