Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Shellshock: We are not done yet CVE-2014-6277, CVE-2014-6278 - SANS Internet Storm Center SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Shellshock: We are not done yet CVE-2014-6277, CVE-2014-6278

With everybody's eyes on bash vulnerabilities, two new problems have been found [1]. These problems have been assigned CVE-2014-6277 and CVE-2014-6278. These issues are unrelated to the environment variable code injection of shellshock, but could also lead to code execution.

I hope you are keeping good notes as to what systems use bash and how as you are patching. Looks like bash will keep us busy for a bit.

[1] http://www.openwall.com/lists/oss-security/2014/09/25/32

---
Johannes B. Ullrich, Ph.D.
STI|Twitter|LinkedIn

I will be teaching next: Application Security: Securing Web Apps, APIs, and Microservices - SANSFIRE 2022

 Johannes

4511 Posts
ISC Handler
Sep 29th 2014
Thread locked Subscribe Sep 29th 2014
7 years ago

Sign Up for Free or Log In to start participating in the conversation!