Skip to Content

What is Shellshock?

Security locks (ZDNet)There have been reports of a security bug–named Shellshock–discovered within the shell program Bash. Bash is used on several distributions of the Linux OS, Unix, and Apple OS X to execute different system commands and scripts and from a local command line user interface. The bug–identified also as CVE-2014-6271 and CVE-2014-7169–is regarded as a severe security issue since it would add extra code to common gateway interface (CGI) scripts which are used to generate content on webpages and web applications as well as HTTP requests.

At the time of this post, Ars Technica is reporting there are patches available for Red Hat Enterprise, CentOS, Ubuntu, and Debian Linux distributions. Apple did not specify an official patch for OS X but did release a software update yesterday.

For more information on this, check out this Ars Technica article.

2 thoughts on “What is Shellshock?

  1. Is there any indication that the software update was related to the Shellshock? Is there anything mac owners should be doing to protect themselves?

    1. It appears that the software update did not include the specific codes for a Shellshock patch. However, the UO Network Services administrators are working on such a patch for our network. There is an advanced method to patch it on your local machine and is recommended if and only if you use bash regularly for your work. If you are curious as to that methodology check out the links on Friday’s follow-up post.