CERT mailing list archives
Bourne Again Shell (Bash) Remote Code Execution Vulnerability
From: "US-CERT" <US-CERT () ncas us-cert gov>
Date: Wed, 24 Sep 2014 18:17:14 -0500
NCCIC / US-CERT National Cyber Awareness System: Bourne Again Shell (Bash) Remote Code Execution Vulnerability [ https://www.us-cert.gov/ncas/current-activity/2014/09/24/Bourne-Again-Shell-Bash-Remote-Code-Execution-Vulnerability ] 09/24/2014 06:06 PM EDT Original release date: September 24, 2014 US-CERT is aware of a Bash vulnerability affecting Unix-based operating systems such as Linux and Mac OS X. Exploitation of this vulnerability may allow a remote attacker to execute arbitrary code on an affected system. US-CERT recommends users and administrators review the Redhat Security Blog [ https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/ ] for additional details and to refer to their respective Linux or Unix-based OS vendor(s) for an appropriate patch. A GNU Bash patch [ http://lists.gnu.org/archive/html/bug-bash/2014-09/threads.html ] is also available for experienced users and administrators to implement. Operating systems with updates include: * CentOS [ http://lists.centos.org/pipermail/centos/2014-September/146099.html ] * Debian [ https://www.debian.org/security/2014/dsa-3032 ] * Redhat [ https://access.redhat.com/site/solutions/1207723 ] ________________________________________________________________________ This product is provided subject to this Notification [ http://www.us-cert.gov/privacy/notification ] and this Privacy & Use [ http://www.us-cert.gov/privacy/ ] policy. ________________________________________________________________________ OTHER RESOURCES: Contact Us [ http://www.us-cert.gov/contact-us/ ] | Security Publications [ http://www.us-cert.gov/security-publications ] | Alerts and Tips [ http://www.us-cert.gov/ncas ] | Related Resources [ http://www.us-cert.gov/related-resources ] STAY CONNECTED: Sign up for email updates [ http://public.govdelivery.com/accounts/USDHSUSCERT/subscriber/new ]
Current thread:
- Bourne Again Shell (Bash) Remote Code Execution Vulnerability US-CERT (Sep 24)