GNU Bash Vulnerability

KB Home   |   GNU Bash Vulnerability

Main.GNUBashVulnerability History

Hide minor edits - Show changes to output

October 01, 2014, at 03:52 AM by 203.222.91.204 -
Changed lines 8-9 from:
PaperCutís development processes continually focused on security, and in saying this, we believe PaperCut is not impacted by the `ShellShock vulnerability. It is possible for systems hosting PaperCut to be vulnerable but we do not believe PaperCut adds to the vulnerability.
to:
PaperCutís development processes continually focus on security, and in saying this, we believe PaperCut is not impacted by the `ShellShock vulnerability. It is possible for systems hosting PaperCut to be vulnerable but we do not believe PaperCut adds to the vulnerability.
October 01, 2014, at 03:49 AM by 203.222.91.204 -
Changed lines 8-9 from:
PaperCutís development processes continually focused on security, and in saying this, we believe PaperCut is not impacted by the `ShellShock vulnerability. It is possible for Linux systems hosting PaperCut to be vulnerable but we do not believe PaperCut adds to the vulnerability.
to:
PaperCutís development processes continually focused on security, and in saying this, we believe PaperCut is not impacted by the `ShellShock vulnerability. It is possible for systems hosting PaperCut to be vulnerable but we do not believe PaperCut adds to the vulnerability.
October 01, 2014, at 03:38 AM by 203.222.91.204 -
Changed lines 3-4 from:
Recently, a major security vulnerability has been discovered in the software shell [[http://www.gnu.org/software/bash/|GNU Bash]]. The vulnerability known as Shellshock can allow attackers to remotely access and control systems using Bash (and programs that call Bash) as an attack vector. The bug affects many GNU/Linux users, as well as those using Bash on proprietary operating systems like OS X and Windows.
to:
Recently, a major security vulnerability has been discovered in the software shell [[http://www.gnu.org/software/bash/|GNU Bash]]. The vulnerability known as ''Shellshock'' can allow attackers to remotely access and control systems using Bash (and programs that call Bash) as an attack vector. The bug affects many GNU/Linux users, as well as those using Bash on proprietary operating systems like OS X and Windows.
October 01, 2014, at 03:37 AM by 203.222.91.204 -
Changed lines 3-6 from:
Recently, a major security vulnerability has been discovered in the software shell [[http://www.gnu.org/software/bash/|GNU Bash]]. The vulnerability known as Shellshock can allow attackers to remotely access and control systems using Bash (and programs that call Bash) as an attack vector. The bug affects many GNU/Linux users, as well as those using Bash on proprietary operating systems like OS X and Windows. More information about these issues can be found at [[https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271|CVE-2014-6271]]  and [[https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7169|CVE-2014-7169]]

Most software vendors affected by this vulnerability have already issued patches. PaperCut itself does not bundle GNU bash, however we recommend all Bash users audit their services that may be affected
.
to:
Recently, a major security vulnerability has been discovered in the software shell [[http://www.gnu.org/software/bash/|GNU Bash]]. The vulnerability known as Shellshock can allow attackers to remotely access and control systems using Bash (and programs that call Bash) as an attack vector. The bug affects many GNU/Linux users, as well as those using Bash on proprietary operating systems like OS X and Windows.

Most software vendors affected by this vulnerability have already issued patches
. PaperCut itself does not bundle GNU bash, however we recommend all Bash users audit their services that may be affected. More information about these issues can be found at [[https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271|CVE-2014-6271]]  and [[https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7169|CVE-2014-7169]]
October 01, 2014, at 03:37 AM by 203.222.91.204 -
Changed lines 3-6 from:
Recently, a major security vulnerability has been discovered in the software shell [[http://www.gnu.org/software/bash/|GNU Bash]]. Most software vendors affected by this vulnerability have already issued patches. PaperCut itself does not bundle GNU bash, however we recommend all Bash users audit their services that may be affected.

The vulnerability known
as Shellshock can allow attackers to remotely access and control systems using Bash (and programs that call Bash) as an attack vector. The bug affects many GNU/Linux users, as well as those using Bash on proprietary operating systems like OS X and Windows. More information about these issues can be found at [[https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271|CVE-2014-6271]]  and [[https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7169|CVE-2014-7169]]
to:
Recently, a major security vulnerability has been discovered in the software shell [[http://www.gnu.org/software/bash/|GNU Bash]]. The vulnerability known as Shellshock can allow attackers to remotely access and control systems using Bash (and programs that call Bash) as an attack vector. The bug affects many GNU/Linux users, as well as those using Bash on proprietary operating systems like OS X and Windows. More information about these issues can be found at [[https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271|CVE-2014-6271]]  and [[https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7169|CVE-2014-7169]]

Most software vendors affected by this vulnerability have already issued patches
. PaperCut itself does not bundle GNU bash, however we recommend all Bash users audit their services that may be affected.
October 01, 2014, at 03:29 AM by 203.222.91.204 -
Changed lines 3-4 from:
Recently, a major security vulnerability has been discovered in the software shell [[http://www.gnu.org/software/bash/|GNU Bash]]. Most software vendors affected by this vulnerability have already issued patches. PaperCut does not bundle GNU bash, however PaperCut recommends all Bash users audit their services that may be affected.
to:
Recently, a major security vulnerability has been discovered in the software shell [[http://www.gnu.org/software/bash/|GNU Bash]]. Most software vendors affected by this vulnerability have already issued patches. PaperCut itself does not bundle GNU bash, however we recommend all Bash users audit their services that may be affected.
October 01, 2014, at 03:27 AM by 203.222.91.204 -
Changed lines 3-4 from:
Recently, a major security vulnerability has been discovered in the software shell [[http://www.gnu.org/software/bash/|GNU Bash]]. Most software vendors affected by this vulnerability have already issued patches. PaperCut recommends all Bash users audit their services that may be affected.
to:
Recently, a major security vulnerability has been discovered in the software shell [[http://www.gnu.org/software/bash/|GNU Bash]]. Most software vendors affected by this vulnerability have already issued patches. PaperCut does not bundle GNU bash, however PaperCut recommends all Bash users audit their services that may be affected.
October 01, 2014, at 03:21 AM by 203.222.91.204 -
Changed lines 3-4 from:
Recently, a major security vulnerability has been discovered in the software shell GNU Bash. Most software vendors affected by this vulnerability have already issued patches. PaperCut recommends all Bash users audit their services that may be affected.
to:
Recently, a major security vulnerability has been discovered in the software shell [[http://www.gnu.org/software/bash/|GNU Bash]]. Most software vendors affected by this vulnerability have already issued patches. PaperCut recommends all Bash users audit their services that may be affected.
October 01, 2014, at 03:20 AM by 203.222.91.204 -
Changed lines 8-9 from:
PaperCutís development processes continually focused on security, and in saying this, we believe PaperCut is not impacted by the `ShellShock vulnerability directly. It is possible for Linux systems hosting PaperCut to be vulnerable but we do not believe PaperCut adds to the vulnerability.
to:
PaperCutís development processes continually focused on security, and in saying this, we believe PaperCut is not impacted by the `ShellShock vulnerability. It is possible for Linux systems hosting PaperCut to be vulnerable but we do not believe PaperCut adds to the vulnerability.
October 01, 2014, at 03:19 AM by 203.222.91.204 -
Deleted lines 11-19:







TODO link your page here: https://www.papercut.com/kb/Main/Miscellaneous

Changed line 13 from:
''Categories:'' [[Category.TODOFirstCategory|+]], [[Category.TODOSecondCategoryIfNeeded|+]]
to:
''Categories:'' [[Category.Security|+]]
Changed line 15 from:
[-Keywords: TODO keywords here if needed-]
to:
[-Keywords: Shellshock-]
October 01, 2014, at 03:17 AM by 203.222.91.204 -
Added lines 1-24:
(:title GNU Bash Vulnerability:)

Recently, a major security vulnerability has been discovered in the software shell GNU Bash. Most software vendors affected by this vulnerability have already issued patches. PaperCut recommends all Bash users audit their services that may be affected.

The vulnerability known as Shellshock can allow attackers to remotely access and control systems using Bash (and programs that call Bash) as an attack vector. The bug affects many GNU/Linux users, as well as those using Bash on proprietary operating systems like OS X and Windows. More information about these issues can be found at [[https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271|CVE-2014-6271]]  and [[https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7169|CVE-2014-7169]]

!!Is PaperCut vulnerable?
PaperCutís development processes continually focused on security, and in saying this, we believe PaperCut is not impacted by the `ShellShock vulnerability directly. It is possible for Linux systems hosting PaperCut to be vulnerable but we do not believe PaperCut adds to the vulnerability.

The majority of PaperCut runs in Java code in the JVM. There are points at which PaperCut does execute other processes, but the commands invoked are hard-coded and there is no way for an external source to set environment variables before execution. This means that PaperCut is not vulnerable to this attack.








TODO link your page here: https://www.papercut.com/kb/Main/Miscellaneous

----
''Categories:'' [[Category.TODOFirstCategory|+]], [[Category.TODOSecondCategoryIfNeeded|+]]
----
[-Keywords: TODO keywords here if needed-]

Comments

Share your findings and experience with other PaperCut users. Feel free to add comments and suggestions about this Knowledge Base article. Please don't use this for support requests.

Article last modified on October 01, 2014, at 03:52 AM
Printable View   |   Article History   |   Edit Article