[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Fsuk-manchester] ShellShock vulnerability
From: |
Michael Dorrington |
Subject: |
[Fsuk-manchester] ShellShock vulnerability |
Date: |
Thu, 25 Sep 2014 19:26:41 +0100 |
User-agent: |
Mozilla/5.0 (X11; Linux i686 on x86_64; rv:24.0) Gecko/20100101 Icedove/24.8.0 |
In case you have been asleep all day then you might not have heard of
the ShellShock vulnerability. This is an issue with bash and being able
to pass environmental variables to a shell instance that are then
executed. This can potentially affect CGI scripts and sshd but also
includes "scripts executed by unspecified DHCP clients". I recommend
you install your distro's security updates asap.
https://en.wikipedia.org/wiki/Shellshock_vulnerability
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169
Regards,
Mike.
--
FSF member #9429
http://www.fsf.org/register_form?referrer=9429
http://www.fsf.org/about
"The Free Software Foundation (FSF) is a nonprofit with a worldwide
mission to promote computer user freedom and to defend the rights of all
free software users."
signature.asc
Description: OpenPGP digital signature
- [Fsuk-manchester] ShellShock vulnerability,
Michael Dorrington <=