CVE-2014-6278 — GNU Bash OS Command Injection Vulnerability

GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary commands via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH ssh

01What is this vulnerability?

GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary commands via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other…

02Affected products

Vendor	Product	Versions
n	a / n/a	n/a

03Active exploitation status

Yes — actively exploited. Added to the CISA KEV catalog on 2025-10-02. Ransomware use: Unknown.

04Recommended remediation

• Patch to a fixed version listed in the vendor advisory (see references below).
• Mitigate with WAF rules, network egress filters, or feature flags where the patch is not yet available.
• Hunt historical logs for exploitation indicators — see Detection signatures below.

05Technical details

For the full vendor write-up, exploit chains, and reference implementations, see the references list in section 09.

06Detection signatures

Open the Sigma generator with a pre-filled prompt for this CVE to draft a starting detection in your stack of choice:

Open in Sigma generator →

07Related CVEs

No directly-cited follow-up CVEs in the KB record for this advisory. The references list in section 09 carries the vendor cross-references.

08Timeline

• Published: 2014-09-30T10:00:00.000Z
• Last modified: 2025-12-30T20:24:56.789Z
• Added to CISA KEV: 2025-10-02
• BOD 22-01 due: 2025-10-23

09References

• www-01.ibm.com — http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004897
• www-01.ibm.com — http://www-01.ibm.com/support/docview.wss?uid=swg21685749
• marc.info — http://marc.info/?l=bugtraq&m=141577137423233&w=2
• supportcenter.checkpoint.com — https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewso…
• linux.oracle.com — http://linux.oracle.com/errata/ELSA-2014-3093
• marc.info — http://marc.info/?l=bugtraq&m=142721162228379&w=2
• marc.info — http://marc.info/?l=bugtraq&m=142358026505815&w=2
• www-01.ibm.com — http://www-01.ibm.com/support/docview.wss?uid=swg21686479
• jvn.jp — http://jvn.jp/en/jp/JVN55667175/index.html
• secunia.com — http://secunia.com/advisories/60433
• marc.info — http://marc.info/?l=bugtraq&m=141383026420882&w=2
• marc.info — http://marc.info/?l=bugtraq&m=141585637922673&w=2
• packetstormsecurity.com — http://packetstormsecurity.com/files/137344/Sun-Secure-Global-Desktop-Oracle-Glo…
• marc.info — http://marc.info/?l=bugtraq&m=141576728022234&w=2
• www-01.ibm.com — http://www-01.ibm.com/support/docview.wss?uid=swg21685541
• www.oracle.com — http://www.oracle.com/technetwork/topics/security/bashcve-2014-7169-2317675.html
• secunia.com — http://secunia.com/advisories/61816
• lists.opensuse.org — http://lists.opensuse.org/opensuse-updates/2014-10/msg00025.html
• secunia.com — http://secunia.com/advisories/61442
• marc.info — http://marc.info/?l=bugtraq&m=142358078406056&w=2
• secunia.com — http://secunia.com/advisories/61283
• kc.mcafee.com — https://kc.mcafee.com/corporate/index?page=content&id=SB10085
• secunia.com — http://secunia.com/advisories/61654
• www.ubuntu.com — http://www.ubuntu.com/usn/USN-2380-1
• www-947.ibm.com — http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096315
• secunia.com — http://secunia.com/advisories/62312
• support.f5.com — https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15629.html
• marc.info — http://marc.info/?l=bugtraq&m=141879528318582&w=2
• security-tracker.debian.org — https://security-tracker.debian.org/tracker/CVE-2014-6278
• www-01.ibm.com — http://www-01.ibm.com/support/docview.wss?uid=swg21685604