Rewterz Threat Advisory – ‘Shellshock’ Vulnerability in Bash

Thursday, September 25, 2014

By now, you may have heard about CVE-2014-6271, also known as the “Shellshock”,  that may affect your organization. It’s rated the maximum CVSS score of 10 for impact and ease of exploitability. The affected software, Bash (the Bourne Again SHell), is present on most Linux, BSD, and Unix-like systems, including Mac OS X. New packages were released today, but further investigation made it clear that the patched version may still be exploitable, and at the very least can be crashed due to a null pointer exception. 

In an effort to keep our customers and the security community informed, we have released this threat advisory. We will continue to keep you informed as more information becomes available. In the meantime, we’ve included some information below.

How to protect?

The most straightforward answer is to deploy the patches that have been released as soon as possible. If you have systems that cannot be patched (for example systems that are End-of-Life), it’s critical that they are protected behind a firewall. A big one. And test whether that firewall is secure.

How can we help?

Rewterz’s Penetration Testing team can assist you with the detection and verification of these issues. We strongly recommend that you test your systems as soon as possible and deploy any necessary mitigations. If you would like some advice on how to handle this situation, our team can help.

Data Sheets

Corporate Brochure

Our Story



Managed Security

Upcoming Rewterz Trainings/Events

Rewterz News

  • 12, February 2019 Rewterz Threat Alert – Phishing Campaign Targeting Bank Employees in Pakistan, Forging Zimbra
  • 11, February 2019 Rewterz Threat Alert -Malware Campaign Hides Ransomware in Super Mario Wrapper
  • 11, February 2019 Rewterz Threat Alert – New Linux coin miner kills competing malware to maximize profits
  • 8, February 2019 Rewterz Threat Advisory -CVE-2018-11803 – Apache Subversion Denial of Service Vulnerability

Copyright © Rewterz. All rights reserved.