Lumension® Endpoint Intelligence Center

Intelligence Center » News Archive » Bash bug "Shellshock" is as large as issue as Heartbleed

Bash bug "Shellshock" is as large as issue as Heartbleed

2014/09/25

Softpedia - (International) A researcher found a security vulnerability in the GNU Bourne Again Shell (Bash) command interpreter named Shellshock available through versions 1.14 and 4.3 and used in several Unix-based operating systems such as Linux and Mac OS X that poses the risk of remote code execution and can be executed in many ways by applications. A patch was issued for the vulnerability CVE-2014-6271 but remained incomplete, and a second vulnerability, CVE-2014-7169, that was issued as a result remains unpatched.

Source: http://news.softpedia.com/news/Bash-Bug-Shellshock-Is-As-Large-An-Issue-As-Heartbleed-459913.shtml

Note: This news synopsis is taken from the DHS Daily Open Source Infrastructure Report, a daily [Monday through Friday, except US Federal holidays] summary of open-source published information concerning significant critical infrastructure issues; a 10-day archive of the DOSIR can be found at: http://www.dhs.gov/dhs-daily-open-source-infrastructure-report.


Last Updated: 27 May 2016 10:21:49