I would like bring to your attention a new vulnerability that has been found that potentially affects most versions of the Linux and Unix operating systems, in addition to Mac OS X (which is based around Unix). Known as the “Bash Bug” or “Shellshock,” the GNU Bash Remote Code Execution Vulnerability (CVE-2014-6271) could allow an attacker to gain control over a targeted computer if exploited successfully.
The vulnerability affects Bash, a common component known as a shell that appears in many versions of Linux and Unix. Bash acts as a command language interpreter. In other words, it allows the user to type commands into a simple text-based window, which the operating system will then run.
Please review the following document from the Symantec Security Blog for further details:
http://www.symantec.com/connect/blogs/shellshock-all-you-need-know-about-bash-bug-vulnerability
Advisories have been released by the following vendors:
*Red Hat has updated its advisory for this vulnerability, noting that its initial patch is incomplete.
Symantec Protection Symantec has created an Intrusion Prevention signature for protection against this vulnerability:
Symantec will continue to investigate this vulnerability and provide more details as they become available.