Diff for "BashFAQ/111"

Differences between revisions 1 and 4 (spanning 3 versions)

What is the Shellshock vulnerability in Bash?

As of this writing (September 25th, 2014), the situation with Shellshock is changing so rapidly that you're probably better off using your preferred search engine instead of this FAQ. For example, you could search a news site for recent items which contain the words "Shellshock" and/or "CVE-2014-6271".

After things stabilize a bit, this FAQ page should be updated with a handy summary. In the meantime, here are a few links that should help you get started:

Search Google News for 'Shellshock bash', limited to the last 24 hours
Search Google News for 'CVE-2014-6271' (no need to limit time range)
Critical Watch page on Shellshock
Official US-CERT page on CVE-2014-6271
NIST page on CVE-2014-6271
RedHat's "knowledge base" article
4-minute introductory video for non-programmers
Conversation thread on Y-Combinator
Conversation thread on Reddit
Patch instructions for OSX
"Everything you need to know about the Shellshock Bash bug", by Troy Hunt
Early report by Steven J. Vaughan-Nichols of ZDNet

CategoryShell

-  ⇤ ← Revision 1 as of 2014-09-25 23:14:13 → 
  Size: 1095
  Editor: WillDye
  Comment: Shellshock is a big enough event to merit a new FAQ number
+   ← Revision 4 as of 2014-09-26 02:40:02 → ⇥
  Size: 1983
  Editor: WillDye
  Comment: Force autoplay OFF in the link to a YouTube video
-Deletions are marked like this.
+Additions are marked like this.
 Line 10:
-recent items which contain the word "Shellshock".
+recent items which contain the words "Shellshock" and/or "CVE-2014-6271".
 Line 15:
-here are a few links that might help you get started:
+here are a few links that should help you get started:
 Line 17:
- * [[https://www.google.com/search?q=shellshock+bash&tbs=qdr:d|A search of Google News for 'Shellshock']]
+ * [[https://www.google.com/webhp?tbs=qdr:d#q=shellshock+bash&tbs=qdr:d&tbm=nws|Search Google News for 'Shellshock bash', limited to the last 24 hours]]
 * [[https://www.google.com/webhp?tbm=nws#q=CVE-2014-6271&tbm=nws|Search Google News for 'CVE-2014-6271' (no need to limit time range)]]
-Line 19:
+Line 20:
- * [[http://www.troyhunt.com/2014/09/everything-you-need-to-know-about.html|A report by Troy Hunt]]
 * [[http://blog.xeonbd.com/2014/09/every-mac-vulnerable-shellshock-bash-exploit-heres-patch-os-x/|Patch instructions for OSX]]
 * [[http://www.zdnet.com/unixlinux-bash-critical-security-hole-uncovered-7000034021/|Early ZDNet report on Shellshock]]
+ * [[https://www.us-cert.gov/ncas/alerts/TA14-268A|Official US-CERT page on CVE-2014-6271]]
 * [[http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271|NIST page on CVE-2014-6271]]
 * [[https://access.redhat.com/articles/1200223|RedHat's "knowledge base" article]]
 * [[https://www.youtube.com/v/aKShnpOXqn0&autoplay=0|4-minute introductory video for non-programmers]]
 * [[https://news.ycombinator.com/item?id=8361574|Conversation thread on Y-Combinator]]
 * [[http://www.reddit.com/r/programming/comments/2hc1w3/cve20146271_remote_code_execution_through_bash/|Conversation thread on Reddit]]
 * [[http://blog.xeonbd.com/2014/09/every-mac-vulnerable-shellshock-bash-exploit-heres-patch-os-x/|Patch instructions for OSX]] 
 * [[http://www.troyhunt.com/2014/09/everything-you-need-to-know-about.html|"Everything you need to know about the Shellshock Bash bug", by Troy Hunt]]
 * [[http://www.zdnet.com/unixlinux-bash-critical-security-hole-uncovered-7000034021/|Early report by Steven J. Vaughan-Nichols of ZDNet]]