CVE-2014-6271, 6277, 6278, 7169, 7186, 7187 - Bash Remote Code Execution Vulnerability, aka Shellshock

*Update (10/01/2014) - Content has been improved and updated to detect the final two known CVE's (CVE-2014-6277, CVE-2014-6278).

*Update (9/29/2014) - Content has now been added to enable the detection of the first 4 Shellshock CVE's (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, and CVE-2014-7187). We will continue to make updates available here and expect content to be available for two additional CVEs (CVE-2014-6277 and CVE-2014-6278) as their details are released over the coming days. Register now for a webcast on using Tanium to hunt for Shellshock vulnerabilities on Thursday, Oct 2 at 2:00 pm Eastern Time. See the Tanium community site with details on the latest sensor and ask your Tanium Technical Account Manager about saved questions and an updated dashboard. 

 *Update (9/24/2014) - An additional vulnerability (CVE 2014-7169 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7169) was released to address a flaw in the originally assigned CVE-2014-6271.  The Tanium sensor was updated to account for and detect whether machines are vulnerable up to the level of CVE-2014-7169.

 

 

The United States Computer Emergency Readiness Team (US-CERT) issued an alert Sept 24, 2014 about a Bash vulnerability (CVE 2014-6271) affecting Unix-based operating systems such as Linux and Max OS X that may give attackers the ability to execute malicious code remotely.  US-Cert recommended users and administrators review the Redhat Security Blog for additional details and refer to OS vendors for appropriate patches.

Tanium customers can take advantage of a newly created sensor that has been added to our community site that detects this vulnerability and there is a new dashboard available to provide Tanium users a real-time heads up view of their vulnerabilities across their enterprise (see figure).  Please contact your Technical Account Manager for further information on access to the dashboard.

Screen_Shot_2014-09-25_at_1.32.55_PM.png

 

External links:

Have more questions? Submit a request