Bash Shellcode is now at 6 CVE vulnerabilities

This Shellshock issue has now spawned 6 CVE’s  CVE = Common Vulnerabilities and Exposures

 

Threat level Yellow at Internet Storm Center

threat level yellow

This is a complex vulnerability

first CVE got patched almost immediately  CVE-2014-6271

The second CVE now has a patch as of Friday).  CVE-2014-7169

The 3rd and 4th CVE  CVE-2014-7186,

CVE-2014-7187   not patched yet….

also CVE-2014-6277  and 6278   these latest CVE’s have source code patches from http://lcamtuf.blogspot.com

 

The most dangerous of these are the DHCP exploits, which are still being exploited

 

But the biggest problem is the large amount of scanning for vulnerable systems on the Net.  All the hackers Are trying to find and hack the vulnerable systems.

 

Also Apple has now released an update with a patch for  first two http://support.apple.com/kb/DL1769

and not only the OS X systems but the Apple TV’s need fixes. The internet of things is being affected. (As mentioned in previous posts Cisco says in 2008 there are more devices on the Internet than people on Internet)

 

The belief that Microsoft products are not vulnerable may not be true, as any software installed that also installed Bash as software is vulnerable.

Do you have Apache on your Microsoft Server? or other software that requires it?