openSUSE Security Update : bash (openSUSE-SU-2014:1310-1) (Shellshock)

Replace patches bash-4.2-heredoc-eof-delim.patch and bash-4.2-parse-exportfunc.patch with the official upstream patch levels bash42-052 and bash42-053 - Replace patch bash-4.2-CVE-2014-7187.patch with upstream patch level bash42-051 - Add patches bash-4.2-heredoc-eof-delim.patch for bsc898812,...

openSUSE Security Update : bash (openSUSE-SU-2014:1308-1) (Shellshock)

Replace patches bash-4.2-heredoc-eof-delim.patch and bash-4.2-parse-exportfunc.patch with the official upstream patch levels bash42-052 and bash42-053 - Replace patch bash-4.2-CVE-2014-7187.patch with upstream patch level bash42-051 - Make bash-4.2-extra-import-func.patch an optional patch due...

Privacy Criticism Hits OSX Yosemite over Location Data

Apple has fixed a huge number of security vulnerabilities in OS X and iTunes and, at the same time, is being hit with criticisms about privacy issues in the new version of OS X. The latest version of the operating system, known as Yosemite, sends location information to Apple by default via the...

Mac OS X < 10.10 Multiple Vulnerabilities (APPLE-SA-2014-10-16-1 OS X Yosemite v10.10)

Binary data 8555.prm...

CUPS Filter Bash Environment Variable Code Injection (Shellshock)

This module exploits the Shellshock vulnerability, a flaw in how the Bash shell handles external environment variables. This module targets CUPS filters through the PRINTERINFO and PRINTERLOCATION variables. A valid username and password is required to exploit this vulnerability through CUPS. Thi...

APPLE-SA-2014-10-16-1 OS X Yosemite v10.10

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-10-16-1 OS X Yosemite v10.10 OS X Yosemite v10.10 is now available and addresses the following: 802.1X Impact: An attacker can obtain WiFi credentials Description: An attacker could have impersonated a WiFi access point, offered to...

Mac OS X < 10.10 Multiple Vulnerabilities (POODLE) (Shellshock)

The remote host is running a version of Mac OS X is prior to version 10.10. This update contains several security-related fixes for the following components : - 802.1X - AFP File Server - apache - App Sandbox - Bash - Bluetooth - Certificate Trust Policy - CFPreferences - CoreStorage - CUPS - Doc...

Bash Shellshock vulnerability simply explained-vulnerability warning-the black bar safety net

Preface The national day before the analysis of this vulnerability,see the security reference for readers to discuss,made a simple Bash Shellshock vulnerability description. Vulnerability overview Vulnerability the principle of popular point that is to bash the language in the definition of a...

VMware vCenter Server Appliance Bash Remote Code Execution (VMSA-2014-0010) (Shellshock)

The version of VMware vCenter Server Appliance installed on the remote host is 5.0 prior to Update 3b, 5.1 prior to Update 2b, or 5.5 prior to Update 2a. It therefore contains a version of bash that is affected by a command injection vulnerability via environment variable manipulation. Depending ...

DNS Reverse Lookup Shellshock Exploit

DNS reverse lookups can be used as a vector of attack for the bash shellshock vulnerability. DNS Reverse Lookup as a vector for the Bash vulnerability CVE-2014-6271 et.al. CVE-2014-3671 references: CVE-2014-6271, CVE-2014-7169, CVE-2014-6277, CVE-2014-6278 CVE-2014-7186 and, CVE-2014-7187 Summary...

Oracle Critical Patch Update - October 2014

A Critical Patch Update CPU is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update...

DNS Reverse Lookup Shellshock

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Security Advisory DNS Reverse Lookup as a vector for the Bash vulnerability CVE-2014-6271 et.al. CVE-2014-3671 references: CVE-2014-6271, CVE-2014-7169, CVE-2014-6277, CVE-2014-6278 CVE-2014-7186 and, CVE-2014-7187 Summary: Above CVEs detail a number ...

CA20141001-01: Security Notice for Bash Shellshock Vulnerability

CA20141001-01: Security Notice for Bash Shellshock Vulnerability Issued: October 01, 2014 Updated: October 03, 2014 CA Technologies is investigating multiple GNU Bash vulnerabilities, referred to as the "Shellshock" vulnerabilities, which were publicly disclosed on September 24-27, 2014. CVE...

[security bulletin] HPSBST03122 rev.1 - HP StoreAll Operating System Software running Bash Shell, Remote Code Execution

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04471532 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04471532 Version: 1 HPSBST03122 rev....

Bash Incomplete Fix Remote Code Execution Vulnerability (Shellshock)

The remote host is running a version of Bash that is vulnerable to command injection via environment variable manipulation. Depending on the configuration of the system, an attacker can remotely execute arbitrary code. TRUSTED...

Amazon Linux AMI : bash (ALAS-2014-418) (Shellshock)

This ALAS is superceded by ALAS-2014-419. A flaw was found in the way Bash evaluated certain specially crafted environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Certain services and applications allow remote...

Amazon Linux AMI : bash (ALAS-2014-419)

GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the...

Fedora 20 : check-mk-1.2.4p5-2.fc20 (2014-11895)

Do not require any other shell than bash since that's the default shell for the Fedora / RHEL distributions New upstream release providing many security fixes. New upstream release providing many security fixes. Note that Tenable Network Security has extracted the preceding description block...

Ubuntu 14.04 LTS : Bash vulnerabilities (USN-2380-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2380-1 advisory. Michal Zalewski discovered that Bash incorrectly handled parsing certain function definitions. If an attacker were able to create an environment variable...

Fedora 19 : check-mk-1.2.4p5-2.fc19 (2014-11929)

Do not require any other shell than bash since that's the default shell for the Fedora / RHEL distributions New upstream release providing many security fixes. New upstream release providing many security fixes. Note that Tenable Network Security has extracted the preceding description block...