I'm sure this is going down well across the globe right now...
Details over at NIST.
As I understand it, it allows env variables to be propagated to child processes and where they start with a particular string "() {" for this to enable execution of any commands beyond the function definition. Nice. Will affect mainly CGI based servers which are many though typically older websites these days... I suspect 500 million sites affected is overdoing it a little but it doesn't overplay the seriousness of this bug.
... off to find whatever servers I have vulnerable to this little bugger...
Update: This guy is scanning the net for the vulnerability...
http://blog.erratasec.com/2014/09/bash-shellshock-scan-of-internet.html#.VCQSaC5dVnI
Update: And Redhat have a very good article on this one including a nice command to test your installation to see if you're affected on their security blog.
2014/09/25
Subscribe to:
Post Comments (Atom)
Picture yourself on a boat on a river...
PO: We need a bridge over the river right here? Me: Why? PO: Because the customer needs to get to the building on the other side? Me: Why ca...
-
When I were knee high to a grasshopper we didn't have all this new fangled cloud infrastructure and we certainly didn't have the con...
-
There, I said it. A four letter swear word. Something worse than the F’ word if the horror on the boss’ face is anything to go by. We don’t ...
-
Nice piece of work. Begs the questions when we'll see Windows for Linux though ;)
No comments:
Post a Comment