This vulnerability is already being exploited via bots and other worm like malware. Paste bin has examples if you search on the cve. I highly advise all to get ya stuff patched and asap.
Z On Sep 25, 2014 8:41 AM, "Andrew S. Baker" <[email protected]> wrote: > Good morning, > > > > There has been a significant vulnerability found a core Unix/Linux > component (Bash) which affects ALL known versions of this component across > every Unix-like OS. > > > > The potential impact of this vulnerability is already being compared to > the Heartbleed OpenSSL vunerability from April 2014, but the scope is much > larger – approx. 500 million Unix and Unix-like systems (this includes OSX, > as well as any Windows installations that are running something like Cygwin > to enable Unix commands). > > > > This issue is significant because even if the Bash shell is not used > manually, it can be called by other components. More details can be found > in the following articles: > > > > · > http://threatpost.com/major-bash-vulnerability-affects-linux-unix-mac-os-x > > · > http://www.zdnet.com/unixlinux-bash-critical-security-hole-uncovered-7000034021/ > > · > http://askubuntu.com/questions/528101/what-is-the-cve-2014-6271-bash-vulnerability-and-how-do-i-fix-it > > · > https://blog.cloudflare.com/bash-vulnerability-cve-2014-6271-patched/ > > · > https://community.qualys.com/blogs/securitylabs/2014/09/24/bash-remote-code-execution-vulnerability-cve-2014-6271 > > · > http://arstechnica.com/security/2014/09/bug-in-bash-shell-creates-big-security-hole-on-anything-with-nix-in-it/ > > · http://seclists.org/oss-sec/2014/q3/650 > > · > http://www.csoonline.com/article/2687265/application-security/remote-exploit-in-bash-cve-2014-6271.html > > > > > > *Proof of Concept Validation* > > · > https://community.qualys.com/blogs/securitylabs/2014/09/24/bash-remote-code-execution-vulnerability-cve-2014-6271 > > · > https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/ > > > > > > > > *Operating System fixes:* > > · > http://arstechnica.com/security/2014/09/bug-in-bash-shell-creates-big-security-hole-on-anything-with-nix-in-it/ > > · http://www.ubuntu.com/usn/usn-2362-1/ > > · > https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/ > > > > Regards, > > > > > > *-ASB: *http://xeeme.com/AndrewBaker > > > >
