Shellshock
Posted by Jim Jagielski on Friday, September 26. 2014 in Programming
UPDATED: Sept 29, 2014 with current OSX Bash patch
First of all, when this was first found, we were looking for a cool name... It was found.
Anyway, as noted here [https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/] the shellshock vulnerability is pretty nasty. What's interesting is that, in general, the *BSD variants aren't as vulnerable as *NIX platforms, simply because the default shell on BSD is still the Bourne shell (the "real" sh) and not Bash itself (On Linux and OSX, for example, /bin/sh is either a copy or link to /bin/bash).
Even so, BSD systems are not immune by any stretch of the imagination, since one attack vector is via web-servers and CGI, and it's likely that there are numerous CGI scripts that require/use Bash. So no matter what, patch your systems.
Page 1 of 1, totaling 1 entries
Syndicate This Blog
