mirror of
https://github.com/cliffe/SecGen.git
synced 2026-02-22 11:48:17 +00:00
41 lines
1.4 KiB
XML
41 lines
1.4 KiB
XML
<?xml version="1.0"?>
|
|
|
|
<vulnerability xmlns="http://www.github/cliffe/SecGen/vulnerability"
|
|
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
|
xsi:schemaLocation="http://www.github/cliffe/SecGen/vulnerability">
|
|
<name>Bashbug / Shellshock</name>
|
|
<author>Thomas Shaw</author>
|
|
<module_license>MIT</module_license>
|
|
<description>Installs GNU bash version 4.1 which contains the bashbug / shellshock vulnerability.</description>
|
|
|
|
<type>bash</type>
|
|
<privilege>none</privilege>
|
|
<access>local</access>
|
|
<platform>unix</platform>
|
|
|
|
<!--optional vulnerability details-->
|
|
<difficulty>medium</difficulty>
|
|
<cve>CVE-2014-6271</cve>
|
|
<cvss_base_score>10</cvss_base_score>
|
|
<cvss_vector>AV:N/AC:L/Au:N/C:C/I:C/A:C</cvss_vector>
|
|
|
|
<reference>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271</reference>
|
|
<reference>http://www.symantec.com/connect/blogs/shellshock-all-you-need-know-about-bash-bug-vulnerability</reference>
|
|
<software_name>bash</software_name>
|
|
<software_license>GPLv3+</software_license>
|
|
|
|
<!-- only tested for Wheezy -->
|
|
<conflict>
|
|
<name>.*Debian.*Stretch.*</name>
|
|
</conflict>
|
|
<conflict>
|
|
<name>.*Debian.*Buster.*</name>
|
|
</conflict>
|
|
<requires>
|
|
<type>update</type>
|
|
</requires>
|
|
<!-- TODO: set metadata on this module as a local privilege escalation attack -->
|
|
<!-- TODO: strings_to_leak to /root -->
|
|
<!-- TODO: test on newer versions of Debian -->
|
|
</vulnerability>
|