Rewterz Threat Advisory – ‘Shellshock’ Vulnerability in Bash

Thursday, September 25, 2014

By now, you may have heard about CVE-2014-6271, also known as the “Shellshock”,  that may affect your organization. It’s rated the maximum CVSS score of 10 for impact and ease of exploitability. The affected software, Bash (the Bourne Again SHell), is present on most Linux, BSD, and Unix-like systems, including Mac OS X. New packages were released today, but further investigation made it clear that the patched version may still be exploitable, and at the very least can be crashed due to a null pointer exception. 

In an effort to keep our customers and the security community informed, we have released this threat advisory. We will continue to keep you informed as more information becomes available. In the meantime, we’ve included some information below.

How to protect?

The most straightforward answer is to deploy the patches that have been released as soon as possible. If you have systems that cannot be patched (for example systems that are End-of-Life), it’s critical that they are protected behind a firewall. A big one. And test whether that firewall is secure.

How can we help?

Rewterz’s Penetration Testing team can assist you with the detection and verification of these issues. We strongly recommend that you test your systems as soon as possible and deploy any necessary mitigations. If you would like some advice on how to handle this situation, our team can help.

Data Sheets

Corporate Brochure

Our Story



Managed Security

Upcoming Rewterz Trainings/Events

Rewterz News

  • 25, May 2015 Rewterz Releases Jan-Apr 2015 Threat Intelligence Report on Attacks Targeting Pakistan’s Cyber Space
  • 18, October 2014 Rewterz Threat Advisory – SSL 3.0 Protocol Vulnerability and POODLE Attack
  • 25, September 2014 Rewterz Threat Advisory – ‘Shellshock’ Vulnerability in Bash
  • 17, September 2014 Rewterz Releases August’s Threat Intelligence Report on Attacks Targeting Pakistan’s Cyber Space

Copyright © Rewterz. All rights reserved.