2014/09/25

Shellshock

I'm sure this is going down well across the globe right now...

Details over at NIST.

As I understand it, it allows env variables to be propagated to child processes and where they start with a particular string "() {" for this to enable execution of any commands beyond the function definition. Nice. Will affect mainly CGI based servers which are many though typically older websites these days... I suspect 500 million sites affected is overdoing it a little but it doesn't overplay the seriousness of this bug.

... off to find whatever servers I have vulnerable to this little bugger...

Update: This guy is scanning the net for the vulnerability...

http://blog.erratasec.com/2014/09/bash-shellshock-scan-of-internet.html#.VCQSaC5dVnI

Update: And Redhat have a very good article on this one including a nice command to test your installation to see if you're affected on their security blog.
-
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Voyaging dwarves riding phantom eagles

It's been said before... the only two difficult things in computing are naming things and cache invalidation... or naming things and som...

  • Picture yourself on a boat on a river...
    PO: We need a bridge over the river right here? Me: Why? PO: Because the customer needs to get to the other side? Me: Why can't they use...
  • We can't go on like this!
    I'm sitting here in the sun - yes, it's sunny in south London - and for the past 30 minutes I've been trying to buy another of M...
  • The internet is down, all is well
     A few weeks ago I switched from Zen internet (stable enough; a touch more expensive than the big boys; excellent customer service) to Com...