Critical Bash Vulnerability | Technology Services Organization

WHAT'S HAPPENING?
A critical Bash vulnerability was announced yesterday that allows an unauthenticated, remote attacker to inject and execute arbitrary commands on a targeted system. A successful exploit could result in a complete system compromise.

WHO IS AFFECTED?
Users managing any UNIX-like system.

WHAT DO YOU NEED TO DO?
Affected users should check with their operating system vendor for patches and patch immediately.

Additional information is available at:
CVE-2014-6271 (Shellshock) bash vulnerability
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271

RedHat
https://bugzilla.redhat.com/show_bug.cgi?id=1141597

Debian
https://www.debian.org/security/2014/dsa-3032

Ubuntu
http://www.ubuntu.com/usn/usn-2362-1/

This vulnerability also affects some devices with embedded Linux. Check with your vendor if they are not listed here:

Cisco
http://tools.cisco.com/security/center/viewAlert.x?alertId=35816

OpenWRT
https://dev.openwrt.org/ticket/17978

WHO SHOULD YOU CONTACT FOR QUESTIONS?
TSO Help Desk (CCB 148, 404.894.7065, helpdesk@cc.gatech.edu).

Technology Services Organization

College of Computing

Georgia Institute of Technology