Skip to Main Content
September 24, 2014

Remote Exploit (CVE-2014-6271) Patch Now!

Written by David Kennedy
Penetration Testing Security Testing & Analysis
A recently disclosed advisory http://seclists.org/oss-sec/2014/q3/649 disclosed an exposure in bash which impacts anything running bash. This would include Linux, Unix, and Mac/OSX. Since anything that technically uses any type of system calls (os.system/python, etc) or bash use would be vulnerable. This also includes mod_cgi with Apache and probably a variety of other areas. This also includes DHCP and client-side attacks as well. Implications are many. We recommend strongly that you update your systems immediately. No response from Apple at this point but most of the major Linux distributions have released patches (apt-get update && apt-get upgrade in Ubuntu/Debian). If you want to test if you are vulnerable, you can run this locally on your system (nix based); env x='() { :;}; echo Your system is vulnerable' bash -c "echo Test script" Some additional reference material and more information: Reddit ArticleCSO OnlineSeclist Disclosure