Shellshock vulnerability

The shellshock vulnerability (aka CVE-2014-6271 and CVE-2014-7169) is a security bug affecting Unix-like operating systems through the bash shell. Disclosed on September 24 2014, it has been rated 10 (the maximum score) for severity by NIST.^[1] Since a first patch was defective, a new patch was released and NIST assigned a second code to the bug.^[2]

Shellshock affects Bash versions between 1.14 and 4.3 which are used on many Linux distributions, Mac OS X, and other operating systems. Some web servers also rely upon Bash to execute CGI scripts, and this bug could allow the execution of malicious code from remote computers.^[3]

It is estimated that it potentially affects hundreds of millions of computers.^[4] It was discovered by Stephane Chazelas.^[5]

References

^ "NVD Vulnerability Summary for CVE-2014-6271". Retrieved 25 September 2014.
^ "NVD Vulnerability Summary for CVE-2014-7169". Retrieved 25 September 2014.
^ "Shellshock BASH Vulnerability Tester". Retrieved 25 September 2014.
^ "BBC News - Shellshock: 'Deadly serious' new vulnerability found". BBC News. Retrieved 25 September 2014.
^ "oss-sec: CVE-2014-6271: remote code execution through bash". Retrieved 25 September 2014.

This article is a stub. You can help Wikipedia by expanding it.

[1] "NVD Vulnerability Summary for CVE-2014-6271". Retrieved 25 September 2014.

[2] "NVD Vulnerability Summary for CVE-2014-7169". Retrieved 25 September 2014.

[3] "Shellshock BASH Vulnerability Tester". Retrieved 25 September 2014.

[4] "BBC News - Shellshock: 'Deadly serious' new vulnerability found". BBC News. Retrieved 25 September 2014.

[5] "oss-sec: CVE-2014-6271: remote code execution through bash". Retrieved 25 September 2014.

[1]

[2]

[3]

[4]

[5]