A major vulnerability has been found in the Bourne Again Shell (BASH) that it installed on most UNIX-based systems and this can be used to execute arbitrary code on vulnerable servers.
This vulnerability has been named “Shell Shock” and has been compared to the Heartbleed vulnerability in terms of its seriousness.
We strongly advise everyone who administers or uses a Linux/UNIX/OS X system to update their systems to the latest patched version of BASH that removes this vulnerability.
- The Register – Patch Bash NOW: ‘Shellshock’ bug blasts OS X, Linux systems wide open
- Qualys Blog – Bash Shellshock Command Injection Vulnerabilities