Not sure if there is a post about it here somewhere already. Anyway:
Remote exploit vulnerability in bash CVE-2014-6271 | CSO Online
2 Likes
Im still half asleep at work but will keep an eye on it, interested to see how it can be exploited
I assume that hackers would need to get to the server using ssh with a -c option for command. IMHO, web servers should not have outward facing ssh ports and if they do they should not use port 22 and should use cert based authentication. It seems like this is going to affect companies that don't have good network security, more than those that do.
I would be curious to see what the attack looks like though.
Thanks for the heads-up, updating now.
Lots and lots of things use the shell... It's not inconceivable someone could exploit a CGI script for example. It wouldn't be easy, but if they manage it once on a common software like webmin, they have a way into lots of machines.