Last week on September 24, the details of a vulnerability in the
widely used Bourne Again Shell (Bash) were disclosed by multiple
Linux vendors. The vulnerability, assigned CVE-2014-6271 by Mitre,
was originally discovered by Stephane Chazelas, a Unix and Linux
network and telecom administrator and IT manager at UK robotics
company SeeByte, Ltd.
While this vulnerability didn’t come with quite the fanfare or a
catchy name like Heartbleed, the security community quickly
dubbed it “Shellshock.” Bash is present in most Linux and Unix
distributions as well as Apple’s Mac OS X, and there’s a good
chance anyone reading this has a system they need to patch.
Palo Alto Networks initiated an emergency IPS content release to
detect this vulnerability last night with Signature ID: 36729 “Bash
Remote Code Execution Vulnerability.”
All versions of PAN-OS and Panorama include the vulnerable version
of Bash, but we’ve determined the issue is only exploitable by
authenticated users.
Comments
Post a Comment