Yes, the embedded systems are going to be the tricky ones. Think firewalls, IPS, virtual appliances based on *nix, routers (especially consumer ones)...
Fun, fun, fun... *ASB **http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker> *Providing Virtual CIO Services (IT Operations & Information Security) for the SMB market...* On Thu, Sep 25, 2014 at 8:50 AM, Dave Hardyman <[email protected]> wrote: > Palo Alto Networks pushed out an emergency content update to our firewall > overnight to address this vulnerability. > > > > Dave > > > > > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Andrew S. Baker > *Sent:* Thursday, September 25, 2014 7:40 AM > *Subject:* [NTSysADM] Major Bash Vulnerability -- ALL versions > > > > Good morning, > > > > There has been a significant vulnerability found a core Unix/Linux > component (Bash) which affects ALL known versions of this component across > every Unix-like OS. > > > > The potential impact of this vulnerability is already being compared to > the Heartbleed OpenSSL vunerability from April 2014, but the scope is much > larger - approx. 500 million Unix and Unix-like systems (this includes OSX, > as well as any Windows installations that are running something like Cygwin > to enable Unix commands). > > > > This issue is significant because even if the Bash shell is not used > manually, it can be called by other components. More details can be found > in the following articles: > > > > · > http://threatpost.com/major-bash-vulnerability-affects-linux-unix-mac-os-x > > · > http://www.zdnet.com/unixlinux-bash-critical-security-hole-uncovered-7000034021/ > > · > http://askubuntu.com/questions/528101/what-is-the-cve-2014-6271-bash-vulnerability-and-how-do-i-fix-it > > · > https://blog.cloudflare.com/bash-vulnerability-cve-2014-6271-patched/ > > · > https://community.qualys.com/blogs/securitylabs/2014/09/24/bash-remote-code-execution-vulnerability-cve-2014-6271 > > · > http://arstechnica.com/security/2014/09/bug-in-bash-shell-creates-big-security-hole-on-anything-with-nix-in-it/ > > · http://seclists.org/oss-sec/2014/q3/650 > > · > http://www.csoonline.com/article/2687265/application-security/remote-exploit-in-bash-cve-2014-6271.html > > > > > > *Proof of Concept Validation* > > · > https://community.qualys.com/blogs/securitylabs/2014/09/24/bash-remote-code-execution-vulnerability-cve-2014-6271 > > · > https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/ > > > > > > > > *Operating System fixes:* > > · > http://arstechnica.com/security/2014/09/bug-in-bash-shell-creates-big-security-hole-on-anything-with-nix-in-it/ > > · http://www.ubuntu.com/usn/usn-2362-1/ > > · > https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/ > > > > Regards, > > > > > > *-ASB: *http://xeeme.com/AndrewBaker > > >
