Heartbleed Extension Vulnerability caused lots of worries for Internet system. The affects still do not go away and now Shellshock coming. This latest vulnerability affects the command line software Bash operating at Linux , Unix and Mac OS X.
Vendors have been posting the patches and suggestions on their websites already. Here is some quick collections for my environment.
1. Checkpoint's Responding:
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk1026732. Cisco's Responding:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash3. Juniper's Responding:
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10648&actp=RSS4. Vmware:
http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2090740Note: How it happened? (from Symantec)
An attacker can potentially use CGI to send a malformed environment variable to a vulnerable Web server. Because the server uses Bash to interpret the variable, it will also run any malicious command tacked-on to it.
No comments:
Post a Comment