From SANS a few hours ago. While he says LINUX, it should say any system using the bash shell.
Quote:
SANS FLASH REPORT: The Shellshock vulnerability: What you should do now.
September 25, 2014
Shellshock merits this FLASH report because it is so widespread and so easy to exploit on systems like your firewalls and web servers and other similarly important servers running LINUX.
Johannes Ullrich, Director of SANS Internet Storm Center just updated a brief webcast to provide authoritative answers to the five questions we are being asked:
1. How important is Shellshock (which specific types of systems can actually be exploited now)?
2. What is the primary way that this vulnerability is being exploited?
3. What went wrong? Where did the vulnerability come from?
4. How can you find out which of your systems are vulnerable? and How easy it is for attackers to find the vulnerable systems on your network?
5. How can you protect yourself?
You can see the slides and listen to his briefing at: https://isc.sans.edu/forums/diary/We...rability/18709
Storm Center has also posted a FAQ which is being updated as new data is found: https://isc.sans.edu/forums/diary/Up...llshock+/18707
Alan Paller, Director of Research, SANS institute apaller at sans.org
|