Wikipedia

Shellshock (software bug): Difference between revisions

Browse history interactively
← Previous editNext edit →
Content deleted Content added
VisualWikitext
Rescuing 2 sources and tagging 0 as dead.) #IABot (v2.0.8.6) (Neko-chan - 9462
manually recovering archive
Line 52:
: When using Bash to process email messages (e.g. through .forward or qmail-alias piping), the [[qmail]] mail server passes external input through in a way that can exploit a vulnerable version of Bash.<ref>[http://www.gossamer-threads.com/lists/qmail/users/138578 "qmail is a vector for CVE-2014-6271 (bash shellshock)"], 27 September 2014, Kyle George, qmail mailing list</ref><ref>[http://www.itnews.com.au/News/396256,further-flaws-render-shellshock-patch-ineffective.aspx "Further flaws render Shellshock patch ineffective"], 29 September 2014, Juha Saarinen, itnews.com.au</ref>
; IBM HMC restricted shell
: The bug can be exploited to gain access to Bash from the [[restricted shell]] of the [[IBM Hardware Management Console]],<ref>[{{cite web |url=https://www.ibm.com/developerworks/community/blogs/brian/resource/BLOGS_UPLOADED_IMAGES/shellshock.png "|title=IBM HMC is a vector for CVE-2014-6271 (bash "shellshock")] |archive-url=https://web.archive.org/web/20200119235509/https://www.ibm.com/developerworks/community/blogs/brian/resource/BLOGS_UPLOADED_IMAGES/shellshock.png |archive-date=2020-01-19}}</ref> a tiny Linux variant for system administrators. IBM released a patch to resolve this.<ref name="ibm-hmc">{{cite web |url=https://www-304.ibm.com/support/docview.wss?uid=ssg1S1004879 | title=Security Bulletin: Vulnerabilities in Bash affect DS8000 HMC (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278) | publisher=IBM | date=3 October 2014 | access-date=2 November 2014}}</ref>
 
==Reported vulnerabilities==
Retrieved from "https://en.wikipedia.org/wiki/Shellshock_(software_bug)"