Post by Admin_Vistamike on Sept 28, 2014 11:51:52 GMT
In a nutshell!! Below are some links for your delectation;
'The Shellshock vulnerability affects Bash, a program that various Unix-based systems use to execute command lines and command scripts. It is often installed as the system's default command line interface.
In Unix-based operating systems, and other operating systems that Bash supports, each running program has its own list of name/value pairs called environment variables. When one program starts another program, it provides an initial list of environment variables for the new program.[10] Separately from these, Bash also maintains an internal list of functions, which are named scripts that can be executed from within Bash.[11] Since Bash is both a command interpreter and a command, it is possible to execute Bash from within Bash. When this happens, the original instance of Bash can export environment variable and function definitions into the new instance.[12] Function definitions are exported by encoding them within the environment variable list as variables whose values begin with parentheses ("()") followed by a function definition. The new instance of Bash, upon starting, scans its environment variable list for values in this format and converts them back into internal functions.[13] Bash performs this conversion by creating a fragment of code from the value and executing it, thereby creating the function 'on-the-fly', but affected versions of Bash do not verify that the fragment is merely a function definition.[13] Therefore, anyone who can cause Bash to execute with a value of their choice in its environment variable list can craft the value to execute arbitrary code.' From WIKI
blog.erratasec.com/
How to Protect your Server Against the Shellshock Bash Vulnerability>>>>>
What is the Shellshock bug? Is it worse than Heartbleed?>>>>>
Source and More>>>>>
Added: Check If Your Linux System Is Vulnerable To Shellshock And Fix It>>>>>
'The Shellshock vulnerability affects Bash, a program that various Unix-based systems use to execute command lines and command scripts. It is often installed as the system's default command line interface.
In Unix-based operating systems, and other operating systems that Bash supports, each running program has its own list of name/value pairs called environment variables. When one program starts another program, it provides an initial list of environment variables for the new program.[10] Separately from these, Bash also maintains an internal list of functions, which are named scripts that can be executed from within Bash.[11] Since Bash is both a command interpreter and a command, it is possible to execute Bash from within Bash. When this happens, the original instance of Bash can export environment variable and function definitions into the new instance.[12] Function definitions are exported by encoding them within the environment variable list as variables whose values begin with parentheses ("()") followed by a function definition. The new instance of Bash, upon starting, scans its environment variable list for values in this format and converts them back into internal functions.[13] Bash performs this conversion by creating a fragment of code from the value and executing it, thereby creating the function 'on-the-fly', but affected versions of Bash do not verify that the fragment is merely a function definition.[13] Therefore, anyone who can cause Bash to execute with a value of their choice in its environment variable list can craft the value to execute arbitrary code.' From WIKI
blog.erratasec.com/
How to Protect your Server Against the Shellshock Bash Vulnerability>>>>>
What is the Shellshock bug? Is it worse than Heartbleed?>>>>>
Source and More>>>>>
Added: Check If Your Linux System Is Vulnerable To Shellshock And Fix It>>>>>