Shellshock Vulnerability Vulnerability Alert CVE-2014-6271: GNU Bash Environmental Variable Command Injection Vulnerability (aka Shellshock) A vulnerability in the GNU Bourne-Again SHell (Bash) could allow an unauthenticated, remote attacker to execute arbitrary commands on systems running Linux or Unix. A successful exploit could result in a complete system compromise. The vulnerability is due to improper processing of environment variables by the affected software. An unauthenticated, remote attacker could exploit this vulnerability by submitting malicious environment variable values to an application using Bash. Processing the values could allow the attacker to inject arbitrary commands on the system that would run in the security context of the targeted application. GNU Bash versions 4.3 and prior are affected. GNU, Red Hat, CentOS, and FreeBSD have confirmed the vulnerability and have released software patches. A patch for MacOS is forthcoming. Cisco has released Intrusion Prevention System (IPS) signatures 4689/0, 4689/1, 4689/2, and 4689/3 to detect and block Shellshock exploit attempts. Cisco IPS sensors with active licenses and automatic signature updates will automatically download and enforce these signatures. At this time, no Cisco hardware or software has been confirmed to be vulnerable. ENS Group will closely monitor this situation and provide an update if this status changes.
Posted on: Wed, 01 Oct 2014 19:59:43 +0000
Trending Topics
Recently Viewed Topics
© 2015