Educause Security Discussion mailing list archives
Re: serious and widespread Bash vulnerability CVE-2014-6271
From: "Avdagic, Indir" <iavdagic () SEAS HARVARD EDU>
Date: Thu, 25 Sep 2014 16:13:10 +0000
Hi all, Tenable just released a CGI plugin and a non-CGI plugin for Nessus: Plugin ID: 77829: http://www.tenable.com/plugins/index.php?view=single&id=77829 Plugin ID: 77823: http://www.tenable.com/plugins/index.php?view=single&id=77823 Best, ~~Indir ______________________________________________________ Indir Avdagić, CISM, CISSP, ACSA, TICSA Director of Information Security and Risk Management & Int. Assoc. Director of Computing Harvard University - SEAS Email: indir_avdagic () harvard edu<mailto:iavdagic () seas harvard edu> Phone: (617) 496-3502 ______________________________________________________ P Think twice before you print CONFIDENTIALITY: This email (including any attachments) may contain confidential, proprietary and privileged information, and unauthorized disclosure or use is prohibited. If you received this email in error, please notify the sender and delete this email from your system. From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Keller, Alex Sent: Wednesday, September 24, 2014 9:56 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] serious and widespread Bash vulnerability CVE-2014-6271 Hi Folks, This Bash vulnerability appears to be serious and widespread (CVSS 10/High): http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271 https://www.us-cert.gov/ncas/current-activity/2014/09/24/Bourne-Again-Shell-Bash-Remote-Code-Execution-Vulnerability Best, alex [NCCIC / US-CERT] National Cyber Awareness System: Bourne Again Shell (Bash) Remote Code Execution Vulnerability<https://www.us-cert.gov/ncas/current-activity/2014/09/24/Bourne-Again-Shell-Bash-Remote-Code-Execution-Vulnerability> 09/24/2014 06:06 PM EDT Original release date: September 24, 2014 US-CERT is aware of a Bash vulnerability affecting Unix-based operating systems such as Linux and Mac OS X. Exploitation of this vulnerability may allow a remote attacker to execute arbitrary code on an affected system. US-CERT recommends users and administrators review the Redhat Security Blog<https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/> for additional details and to refer to their respective Linux or Unix-based OS vendor(s) for an appropriate patch. A GNU Bash patch<http://lists.gnu.org/archive/html/bug-bash/2014-09/threads.html> is also available for experienced users and administrators to implement. Operating systems with updates include: * CentOS<http://lists.centos.org/pipermail/centos/2014-September/146099.html> * Debian<https://www.debian.org/security/2014/dsa-3032> * Redhat<https://access.redhat.com/site/solutions/1207723> Alex Keller Information Technology Stanford School of Engineering axkeller () stanford edu<mailto:axkeller () stanford edu> (650) 736-6421 [SoE_IT_Logo]
Current thread:
- serious and widespread Bash vulnerability CVE-2014-6271 Keller, Alex (Sep 24)
- Re: serious and widespread Bash vulnerability CVE-2014-6271 Avdagic, Indir (Sep 25)
- Re: serious and widespread Bash vulnerability CVE-2014-6271 Livio Ricciulli (Sep 25)
- Re: serious and widespread Bash vulnerability CVE-2014-6271 Avdagic, Indir (Sep 25)