HP Security Bulletin HPSBHF03125 - A potential security vulnerability has been identified with HP Next Generation Firewall (NGFW) running Bash Shell. This is the Bash Shell vulnerability known as "ShellShock" which could be exploited remotely to allow execution of code. NOTE: This vulnerability can only be exploited if the attacker already has valid administrative login credentials. Revision 1 of this advisory.
17f8eddb7283be7cb8ad30c6586d35e371e0c3c28a85f0aa23c2b591cbc0f229
HP Security Bulletin HPSBGN03138 - A potential security vulnerability has been identified with HP Operations Analytics. This is the Bash Shell vulnerability known as "Shellshock" which could be exploited remotely to allow execution of code. This vulnerability allows users that have been granted access to a shell script to escalate privilege and execute unrestricted commands at the same security level as the Bash script. Revision 1 of this advisory.
d2c8a68273b5d908b747dd246281eeb694499ac265b53b3dfe1649f854e5e958
DNS reverse lookups can be used as a vector of attack for the bash shellshock vulnerability.
f270585f9a138adfc590970e5d69e843b483a83fdff3980b13aa5bef341cd964
Ubuntu Security Notice 2380-1 - Michal Zalewski discovered that Bash incorrectly handled parsing certain function definitions. If an attacker were able to create an environment variable containing a function definition with a very specific name, these issues could possibly be used to bypass certain environment restrictions and execute arbitrary code. Please note that the previous Bash security update, USN-2364-1, includes a hardening measure that prevents these issues from being used in a Shellshock attack. Various other issues were also addressed.
8791425c635359bb13b6a4a403dd5e2900aebb6afed4869bed14e47f74436117
CA Technologies is investigating multiple GNU Bash vulnerabilities, referred to as the "Shellshock" vulnerabilities, which were publicly disclosed on September 24-27, 2014. CVE identifiers CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, and CVE-2014-6278 have been assigned to these vulnerabilities. These vulnerabilities could allow a local or remote attacker to utilize specially crafted input to execute arbitrary commands or code.
3db7713d504c91a2a12a2610e9cd8a98e74b36f790d1df3c77d0e4b33c6098c5
Gentoo Linux Security Advisory 201410-1 - Multiple parsing flaws in Bash could allow remote attackers to inject code or cause a Denial of Service condition. Versions less than 4.2_p52 are affected.
97311eeb89e6cca85680a723ad6c691b7e5512cffffb554a2af1e30435ca6ef6
This is information regarding more bash vulnerabilities and how the original bash patches are ineffective.
9bef4f643cbc941c231d0995aa7df24f7322c03118f4cd7d60f56a5e05ccb428