Apple — Most Mac OS X Users Not Vulnerable to 'Shellshock' Bash Bug

On one hand where more than half of the Internet is considering the Bash vulnerability to be severe, Apple says the vast majority of Mac computer users are not at risk from the recently discovered vulnerability in the Bash command-line interpreter – aka the "Shellshock" bug that could allow hacke...

bash: code execution via specially-crafted environment (Incomplete fix for CVE-2014-6271)

It was found that the fix for CVE-2014-6271 was incomplete, and Bash still allowed certain characters to be injected into other environments via specially crafted environment variables. An attacker could potentially use this flaw to override or bypass environment restrictions to execute shell...

bash: parser can allow out-of-bounds memory access while handling redir_stack

It was identified that the fixed-sized redirstack could be forced to overflow in the Bash parser, resulting in memory corruption, and possibly leading to arbitrary code execution when evaluating untrusted input that would not otherwise be run as code...

bash: off-by-one error in deeply nested flow control constructs

An off-by-one error was discovered in the way Bash was handling deeply nested flow control constructs. Depending on the layout of the .bss segment, this could allow arbitrary execution of code that would not otherwise be executed by Bash...

Hackers Using 'Shellshock' Bash Vulnerability to Launch Botnet Attacks

Researchers on Thursday discovered a critical remotely exploitable vulnerability in the widely used command-line shell GNU Bourne Again Shell Bash, dubbed "Shellshock" which affects most of the Linux distributions and servers worldwide, and may already have been exploited in the wild to take over...

bash: code execution via specially-crafted environment (Incomplete fix for CVE-2014-6271)

It was found that the fix for CVE-2014-6271 was incomplete, and Bash still allowed certain characters to be injected into other environments via specially crafted environment variables. An attacker could potentially use this flaw to override or bypass environment restrictions to execute shell...

bash: parser can allow out-of-bounds memory access while handling redir_stack

It was identified that the fixed-sized redirstack could be forced to overflow in the Bash parser, resulting in memory corruption, and possibly leading to arbitrary code execution when evaluating untrusted input that would not otherwise be run as code...

bash: off-by-one error in deeply nested flow control constructs

An off-by-one error was discovered in the way Bash was handling deeply nested flow control constructs. Depending on the layout of the .bss segment, this could allow arbitrary execution of code that would not otherwise be executed by Bash...

Apple Says OS X Safe By Default Against Bash Vulnerability

Apple is trying to soothe users who are anxious about Mac OS X’s exposure to the Bash vulnerability. The company said in a statement to Threatpost that most Apple users are not at risk, and reports have it that Apple is preparing to release a patch. “With OS X, systems are safe by default and not...

Dhclient Bash Environment Variable Injection (Shellshock)

This module exploits the Shellshock vulnerability, a flaw in how the Bash shell handles external environment variables. This module targets dhclient by responding to DHCP requests with a malicious hostname, domainname, and URL which are then passed to the configuration scripts as environment...

DHCP Client Bash Environment Variable Code Injection (Shellshock)

This module exploits the Shellshock vulnerability, a flaw in how the Bash shell handles external environment variables. This module targets dhclient by responding to DHCP requests with a malicious hostname, domainname, and URL which are then passed to the configuration scripts as environment...

bash security update

CentOS Errata and Security Advisory CESA-2014:1306 Updated September 30, 2014 This advisory has been updated with information on restarting system services after applying this update. No changes have been made to the original packages. Updated bash packages that fix one security issue are now...

USN-2363-2: Bash vulnerability

USN-2363-1 fixed a vulnerability in Bash. Due to a build issue, the patch for CVE-2014-7169 didn't get properly applied in the Ubuntu 14.04 LTS package. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Tavis Ormandy discovered that the security fix for...

USN-2363-2 bash vulnerability

USN-2363-1 fixed a vulnerability in Bash. Due to a build issue, the patch for CVE-2014-7169 didn't get properly applied in the Ubuntu 14.04 LTS package. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Tavis Ormandy discovered that the security fix for...

bash: off-by-one error in deeply nested flow control constructs

An off-by-one error was discovered in the way Bash was handling deeply nested flow control constructs. Depending on the layout of the .bss segment, this could allow arbitrary execution of code that would not otherwise be executed by Bash...

Important: Red Hat Security Advisory: bash security update

Updated September 30, 2014 This advisory has been updated with information on restarting system services after applying this update. No changes have been made to the original packages. Updated bash packages that fix one security issue are now available for Red Hat Enterprise Linux 5, 6, and 7. Re...

bash: code execution via specially-crafted environment (Incomplete fix for CVE-2014-6271)

It was found that the fix for CVE-2014-6271 was incomplete, and Bash still allowed certain characters to be injected into other environments via specially crafted environment variables. An attacker could potentially use this flaw to override or bypass environment restrictions to execute shell...

bash: parser can allow out-of-bounds memory access while handling redir_stack

It was identified that the fixed-sized redirstack could be forced to overflow in the Bash parser, resulting in memory corruption, and possibly leading to arbitrary code execution when evaluating untrusted input that would not otherwise be run as code...

GNU Bash Environment Variable Command Injection Vulnerability

On September 24, 2014, a vulnerability in the Bash shell was publicly announced. The vulnerability is related to the way in which shell functions are passed though environment variables. The vulnerability may allow an attacker to inject commands into a Bash shell, depending on how the shell is...

Ubuntu 14.04 LTS : Bash vulnerability (USN-2363-2)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-2363-2 advisory. USN-2363-1 fixed a vulnerability in Bash. Due to a build issue, the patch for CVE-2014-7169 didn't get properly applied in the Ubuntu 14.04 LTS package. This upda...