2014/09/25

Shellshock

I'm sure this is going down well across the globe right now...

Details over at NIST.

As I understand it, it allows env variables to be propagated to child processes and where they start with a particular string "() {" for this to enable execution of any commands beyond the function definition. Nice. Will affect mainly CGI based servers which are many though typically older websites these days... I suspect 500 million sites affected is overdoing it a little but it doesn't overplay the seriousness of this bug.

... off to find whatever servers I have vulnerable to this little bugger...

Update: This guy is scanning the net for the vulnerability...

http://blog.erratasec.com/2014/09/bash-shellshock-scan-of-internet.html#.VCQSaC5dVnI

Update: And Redhat have a very good article on this one including a nice command to test your installation to see if you're affected on their security blog.
-
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

We can't go on like this!

I'm sitting here in the sun - yes, it's sunny in south London - and for the past 30 minutes I've been trying to buy another of M...