What We Know About Shellshock and Why the Bash Bug Matters

Friday, September 26, 2014

InfosecIsland News

Ffc4103a877b409fd8d6da8f854f617e

(SecurityWeek - Fahmida Y. Rashid) - Security researchers around the world have been working around the clock analyzing the recently disclosed flaw in Bash which can be exploited to execute code and hijack vulnerable devices. Attackers are already targeting the bug, which has been nicknamed Shellshock, and security experts warned organizations to prepare for more attacks and messy cleanup.

The investigation is still in the early stages and there are a many unanswered questions about how Shellshock can be abused. Opinions also vary wildly among experts as to its potential impact. What is known—and agreed upon—at this point, is that Shellshock is a very serious vulnerability because it allows remote code execution and gives the attacker full access to the system. Being able to get shell and execute any kind of program on the target system is a major coup for attackers

Bash "is widely used so attackers can use this vulnerability to remotely execute a huge variety of devices and web servers," said Tod Beardsley, engineering manager at Rapid7.....

Read the Full Analysis on Shellshock at SecurityWeek

Possibly Related Articles:
9069
Firewalls IDS/IDP Network Access Control Network->General SCADA Enterprise Security CVE Vulnerabilities
Information Security
Unix Security vulnerability Shellshock Bash Bug details CVE-2014-6271
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.