This morning I noticed a tweet stating four exploits for Metasploit targeting Shellshock has been released. So instead of going into details I would rather collect some useful links on Shellshock.
- “Everything you need to know about the Shellshock Bash bug“, By Troy Hunt. Maybe the best resource I’ve seen on the subject.
- “Hackers Are Already Using the Shellshock Bug to Launch Botnet Attacks”
By Andy Greenberg, Wired.
- “Shellshock: All you need to know about the Bash Bug vulnerability”
- “‘Shellshock’ Bug Spells Trouble for Web Security”
- Bash Code Injection Vulnerability via Specially Crafted Environment Variables (CVE-2014-6271, CVE-2014-7169)”
By Redhat, Customer Portal