You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
shellshock
About this tag
Shellshock is a critical vulnerability in the GNU Bourne Again Shell (Bash), disclosed in September 2014, that affects Linux, BSD, UNIX, and Mac OS X systems. The flaw, tracked as CVE-2014-6271, allows remote attackers to execute arbitrary commands via crafted environment variables. Discussions on WindowsForum.com highlight its severity, with reports of the first Shellshock-based botnet, named Wopbot, actively scanning and infecting servers, including those at the US Department of Defense. Users compare it to Heartbleed, noting its potential to compromise internet infrastructure. The vulnerability impacts Bash versions through 4.3 and numerous distributions like CentOS, Debian, and Red Hat Enterprise Linux.
Wopbot on the rampage.
Attackers have been quick to exploit the Shellshock Bash command interpreter bug disclosed yesterday by building a botnet that is currently trying to infect other servers, according to a security researcher.
The "wopbot" botnet is active and scanning the internet for...
Original release date: September 25, 2014
Systems Affected
GNU Bash through 4.3.
Linux, BSD, and UNIX distributions including but not limited to:
CentOS 5 through 7
Debian
Mac OS X
Red Hat Enterprise Linux 4 through 7
Link Removed 10.04 LTS, 12.04 LTS, and 14.04 LTS
Overview
A critical...