本文详细介绍了Bash漏洞Shellshock对Linux、Unix和MacOS系统的潜在威胁,包括攻击原理、修复措施及关键信息。重点关注了Checkpoint、Cisco、Juniper和Vmware等供应商的响应情况。
Heartbleed Extension Vulnerability caused lots of worries for Internet system. The affects still do not go away and now Shellshock coming. This latest vulnerability affects the command line software Bash operating at Linux , Unix and Mac OS X.
Vendors have been posting the patches and suggestions on their websites already. Here is some quick collections for my environment.
1. Checkpoint’s Responding:
2. Cisco’s Responding:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash
3. Juniper’s Responding:
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10648&actp=RSS
4. Vmware:
Note: How it happened? (from Symantec)
An attacker can potentially use CGI to send a malformed environment variable to a vulnerable Web server. Because the server uses Bash to interpret the variable, it will also run any malicious command tacked-on to it.
扫一扫
1849
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
