The Shellshock vulnerability (also known as Bash Bug) will have a widespread impact for any organization or user that has Bash enabled on a server, desktop, or device. This includes over 500 million web servers on the Internet today. Shellshock (CVE-2014-6271 and CVE-2014-7169) is found in Bash, the dominant shell for Unix and Linux (default), and can also be found in Mac OS X, some Windows server deployments, and even Android. It enables remote code injection of arbitrary commands without authentication, which can then allow malicious code execution that could be used to take over an operating system, access confidential data, or set the stage for future attacks.
Get the facts