A critical security vulnerability in the BASH (Bourne-Again SHell) has been discovered. This vulnerability, officially identified as CVE-2014-6271, nicknamed ‘Shell Shock’ by some, could leave countless websites, servers, PCs, OSX Macs, various home router and many more systems, open to exploitation by hackers. The vulnerability exploits an issue in the core bash shell present with the vast majority of Unix and Linux operating systems, and is often used as the default shell. It is particularly concerning for web applications built on CGI script frameworks (as request headers are packaged into environment variables). Using the vulnerability, the attacker is able to set the content of environment variables on the remote system to values of his choosing, and then execute the bash shell on the application hosting those environment variables. This leads to the system being compromised by the attacker. Network Box Security Response has PUSHed out NBIDPS (Network Box Intrusion Detection and Protection System) and WAF+ (Web Application Firewall Plus) signatures to detect and block this exploit. LINK: blog.networkboxusa/2014/09/25/shellshocked/
Posted on: Thu, 25 Sep 2014 19:22:59 +0000
Trending Topics
Recently Viewed Topics
© 2015