Jump to content

Shellshock vulnerability

Add links
From Wikipedia, the free encyclopedia
This is an old revision of this page, as edited by Beland (talk | contribs) at 18:02, 25 September 2014 (clean up). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

The shellshock vulnerability (aka CVE-2014-6271 and CVE-2014-7169) is a security bug affecting Unix-like operating systems through the bash shell. Disclosed on September 24 2014, it has been rated 10 (the maximum score) for severity by NIST.[1] Since a first patch resulted defective, a new patch was released and NIST assigned a second code to the bug.[2]

Shellshock affects Bash versions between 1.14 and 4.3 which are used on many Linux distributions, Mac OS X, and other operating systems. Some web servers also rely upon Bash to execute CGI scripts, and this bug could allow the execution of malicious code from remote computers.

References

  1. ^ http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271
  2. ^ http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7169

This article is a stub. You can help Wikipedia by expanding it.

Retrieved from "https://en.wikipedia.org/w/index.php?title=Shellshock_vulnerability&oldid=627055979"