Major Bash vulnerability disclosed
A major Bash vulnerability in the Bash shell has been disclosed today.
This vulnerability may impact many WordPress themes and plugins and other publishing platforms, web applications and web server platforms. Any shell execution or shell function that is performed by a web application, including the storage of request data in environment variables, may present an attack vector that allows the execution of arbitrary code.
In plain english, that means that systems that have not updated their version of ‘bash’ and who provide web hosting in any form, whether it’s WordPress hosting or another platform like Joomla, may allow remote attackers to upload files, execute arbitrary commands, exfiltrate data, send spam email and more.
This vulnerability was announced today and the infosec community has not had time to research the impact this has on individual products, but popular opinion indicates that this may be a one of the most significant vulnerabilities reported this year. You will likely start hearing about it in mainstream press as the week progresses.
What to do:
If you are the administrator of a Linux server, update your version of ‘bash’ to a patched version immediately. I have verified that an update for Ubuntu has already been released. If you are running Ubuntu, executing ‘apt-get update’ and then ‘apt-get upgrade’ without quotes should fix the issue for you.
We have updated All DFG servers to fix this hole if you have any questions email us at firstname.lastname@example.org