Bash Vulnerability Update
Please note the following updates to the September 25 post regarding the Bash / Shellshock vulnerability.
- The Redhat patch is incomplete and they continue to work on the issue. Refer to CVE-2014-7169 for more information.
- Review systems typically associated with Bash, including Telnet, FTP, and older versions of Apache, as well as video cameras.
- The absence of CGI does not mean the systems are safe from this vulnerability or that remediation is unnecessary.
- US-CERT also provided a link to a GNU Bash patch but warned that only experienced users and system administrators should implement it. Refer to CVE identifier CVE-2014-6271 for more details.