Differences between revisions 1 and 8 (spanning 7 versions)
Revision 1 as of 2014-09-25 23:14:13
Size: 1095
Editor: WillDye
Comment: Shellshock is a big enough event to merit a new FAQ number
Revision 8 as of 2014-09-27 16:32:27
Size: 2731
Editor: WillDye
Comment: Typo.
Deletions are marked like this. Additions are marked like this.
Line 11: Line 11:
For information about specific vulnerabilities related to Shellshock,
you may find better results by searching for terms such as
"CVE-2014-6271", "CVE-2014-7169", "CVE-2014-7186", or "CVE-2014-7187".
Line 15: Line 18:
here are a few links that might help you get started: here are a few links that should help you get started:
Line 17: Line 20:
 * [[https://www.google.com/search?q=shellshock+bash&tbs=qdr:d|A search of Google News for 'Shellshock']]  * [[https://www.google.com/webhp?tbs=qdr:d#q=shellshock+bash&tbs=qdr:d&tbm=nws|Search Google News for 'Shellshock bash', limited to the last 24 hours]]
 * [[http://en.wikipedia.org/wiki/Shellshock_(software_bug)|Wikipedia article on Shellshock]]
 * [[https://access.redhat.com/articles/1200223|Summary article from RedHat on how to determine if a system is vulnerable]]
Line 19: Line 24:
 * [[http://www.troyhunt.com/2014/09/everything-you-need-to-know-about.html|A report by Troy Hunt]]  * [[https://www.us-cert.gov/ncas/alerts/TA14-268A|Official US-CERT page on CVE-2014-6271, the first vulnerability in the series to be discovered]]
 * [[http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271|NIST page on CVE-2014-6271]]
 * [[https://access.redhat.com/articles/1200223|RedHat's "knowledge base" article]]
 * [[https://www.youtube.com/v/aKShnpOXqn0&autoplay=0|4-minute introductory video for non-programmers]]
 * [[https://news.ycombinator.com/item?id=8361574|Conversation thread on Y-Combinator]]
 * [[http://www.reddit.com/r/programming/comments/2hc1w3/cve20146271_remote_code_execution_through_bash/|Conversation thread on Reddit]]
Line 21: Line 31:
 * [[http://www.zdnet.com/unixlinux-bash-critical-security-hole-uncovered-7000034021/|Early ZDNet report on Shellshock]]  * [[http://www.troyhunt.com/2014/09/everything-you-need-to-know-about.html|"Everything you need to know about the Shellshock Bash bug", by Troy Hunt]]
 * [[http://www.zdnet.com/unixlinux-bash-critical-security-hole-uncovered-7000034021/|Early report by Steven J. Vaughan-Nichols of ZDNet]]
 * [[https://www.google.com/webhp?tbm=nws#q=CVE-2014-6271&tbm=nws|Search Google News for 'CVE-2014-6271']]
 * [[https://www.google.com/webhp?tbm=nws#q=CVE-2014-7169&tbm=nws|Search Google News for 'CVE-2014-7169']]
 * [[https://www.google.com/webhp?tbm=nws#q=CVE-2014-7186&tbm=nws|Search Google News for 'CVE-2014-7186']]
 * [[https://www.google.com/webhp?tbm=nws#q=CVE-2014-7187&tbm=nws|Search Google News for 'CVE-2014-7187']]

What is the Shellshock vulnerability in Bash?

As of this writing (September 25th, 2014), the situation with Shellshock is changing so rapidly that you're probably better off using your preferred search engine instead of this FAQ. For example, you could search a news site for recent items which contain the word "Shellshock". For information about specific vulnerabilities related to Shellshock, you may find better results by searching for terms such as "CVE-2014-6271", "CVE-2014-7169", "CVE-2014-7186", or "CVE-2014-7187".

After things stabilize a bit, this FAQ page should be updated with a handy summary. In the meantime, here are a few links that should help you get started:

CategoryShell

BashFAQ/111 (last edited 2014-10-09 20:04:09 by GreyCat)