My next class:
Network Monitoring and Threat Detection In-DepthSingaporeNov 18th - Nov 23rd 2024

Shellshock: We are not done yet CVE-2014-6277, CVE-2014-6278

Published: 2014-09-29. Last Updated: 2014-09-29 14:14:59 UTC
by Johannes Ullrich (Version: 1)
0 comment(s)

With everybody's eyes on bash vulnerabilities, two new problems have been found [1]. These problems have been assigned CVE-2014-6277 and CVE-2014-6278. These issues are unrelated to the environment variable code injection of shellshock, but could also lead to code execution.

I hope you are keeping good notes as to what systems use bash and how as you are patching. Looks like bash will keep us busy for a bit.

[1] http://www.openwall.com/lists/oss-security/2014/09/25/32

---
Johannes B. Ullrich, Ph.D.
STI|Twitter|LinkedIn

Keywords:
0 comment(s)
My next class:
Network Monitoring and Threat Detection In-DepthSingaporeNov 18th - Nov 23rd 2024

Comments


Diary Archives