Wikipedia

Shellshock (software bug): Difference between revisions

Browse history interactively
← Previous editNext edit →
Content deleted Content added
VisualWikitext
Citation bot (talk | contribs)
Bots
5,866,117 edits
Add: website. | Use this bot. Report bugs. | Suggested by Whoop whoop pull up | Category:Injection exploits | #UCB_Category 1/23
eutyyyeyry yer 2
Tags: Reverted Visual edit Mobile edit Mobile web edit
Line 16:
}}
 
'''Shellshock''', also known as '''Bashdoor''',<ref name="NYT-20140925-NP">{{cite news |last=Perlroth |first=Nicole |title=Security Experts Expect 'Shellshock' Software Bug in Bash to Be Significant |url=https://www.nytimes.com/2014/09/26/technology/security-experts-expect-shellshock-software-bug-to-be-significant.html |date=25 September 2014 |work=[[New York Times]] |access-date=25 September 2014 }}</ref> is a family of [[Association football|security bugbugs]]s<ref name="TSM-20140927">Although described in some sources as a "virus," Shellshock is instead a design flaw in a program that comes with some operating systems. See => {{cite web |author=Staff |title=What does the "Shellshock" bug affect? |url= http://www.thesafemac.com/what-does-the-shellshock-bug-affect/|date=25 September 2014 |work=The Safe Mac |access-date=27 September 2014 }}</ref> in the [[Unix]] [[Bash (Unix shell)|Bash]] [[shell (computing)|shell]], the first of which was disclosed on 24 September 2014. Shellshock could enable an attacker to cause Bash to [[arbitrary code execution|execute arbitrary command]]s and gain unauthorized access<ref name="ZDN-20140929">{{cite web |last=Seltzer |first=Larry |title=Shellshock makes Heartbleed look insignificant |url=http://www.zdnet.com/shellshock-makes-heartbleed-look-insignificant-7000034143/ |date=29 September 2014 |work=[[ZDNet]] |access-date=29 September 2014 }}</ref> to many Internet-facing services, such as web servers, that use Bash to process requests.
 
On 12 September 2014, Stéphane Chazelas informed Bash's maintainer Chet Ramey<ref name="NYT-20140925-NP" /> of his discovery of the original bug, which he called "Bashdoor". Working with security experts, Mr. Chazelas developed a [[Patch (computing)|patch]]<ref name="NYT-20140925-NP" /> (fix) for the issue, which by then had been assigned the vulnerability identifier ''{{CVE|2014-6271}}''.<ref name="seclist-q3-650">{{cite mailing list|url=http://seclists.org/oss-sec/2014/q3/650 |mailing-list=oss-sec |title=Re: CVE-2014-6271: remote code execution through bash|author=Florian Weimer|date=24 September 2014|access-date=1 November 2014}}</ref> The existence of the bug was announced to the public on 2014-09-24, when Bash updates with the fix were ready for distribution.<ref name="seclist-q3-666">{{cite mailing list|url=http://seclists.org/oss-sec/2014/q3/666|mailing-list=oss-sec |title=Re: CVE-2014-6271: remote code execution through bash|author=Florian Weimer|date=24 September 2014|access-date=1 November 2014}}</ref>
Retrieved from "https://en.wikipedia.org/wiki/Shellshock_(software_bug)"