2014/09/25

Shellshock

I'm sure this is going down well across the globe right now...

Details over at NIST.

As I understand it, it allows env variables to be propagated to child processes and where they start with a particular string "() {" for this to enable execution of any commands beyond the function definition. Nice. Will affect mainly CGI based servers which are many though typically older websites these days... I suspect 500 million sites affected is overdoing it a little but it doesn't overplay the seriousness of this bug.

... off to find whatever servers I have vulnerable to this little bugger...

Update: This guy is scanning the net for the vulnerability...

http://blog.erratasec.com/2014/09/bash-shellshock-scan-of-internet.html#.VCQSaC5dVnI

Update: And Redhat have a very good article on this one including a nice command to test your installation to see if you're affected on their security blog.
-
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Voyaging dwarves riding phantom eagles

It's been said before... the only two difficult things in computing are naming things and cache invalidation... or naming things and som...

  • Picture yourself on a boat on a river...
    PO: We need a bridge over the river right here? Me: Why? PO: Because the customer needs to get to the other side? Me: Why can't they use...
  • Voyaging dwarves riding phantom eagles
    It's been said before... the only two difficult things in computing are naming things and cache invalidation... or naming things and som...
  • Docs
    There, I said it. A four letter swear word. Something worse than the F’ word if the horror on the boss’ face is anything to go by. We don’t ...