Severe Bash Vulnerability Disclosed that may affect many websites

This advisory just came out from Mark Maunder of Wordfence Security plug in:

A serious vulnerability in the bash shell has been disclosed. Bash will execute any trailing code after a function definition contained in an environment variable.

If you manage a Linux WordPress server, an update for Bash has been released today for most major Linux distributions. Update immediately. If you don’t run a server but are using a hosting provider it’s likely your host is aware of this issue already and has already upgraded their systems to protect you.

For more information please visit the Wordfence blog where I’ve included details of the vulnerability, how to test if you’re vulnerable, how to fix the issue and some details on how it works.

More information at: http://www.wordfence.com/blog/2014/09/major-bash-vulnerability-disclosed-may-affect-a-large-number-of-websites-and-web-apps/

One thought on “Severe Bash Vulnerability Disclosed that may affect many websites”

  1. This was posted at iMore:

    “The vast majority of OS X user are not at risk to recently reported bash vulnerabilities,” an Apple spokesperson told iMore. “Bash, a UNIX command shell and language included in OS X, has a weakness that could allow unauthorized users to remotely gain control of vulnerable systems. With OS X, systems are safe by default and not exposed to remote exploits of bash unless users configure advanced UNIX services. We are working to quickly provide a software update for our advanced UNIX users.”

    http://www.imore.com/apple-working-quickly-protect-os-x-against-shellshock-exploit

    But if you’re still concerned and want to be safe you could make the fix yourself. Here’s how:
    http://alblue.bandlem.com/2014/09/bash-remote-vulnerability.html

    From Al Blue’s Blog.

Comments are closed.