New remote exploit vulnerability discovered in bash

We don't regulary post about securities issues here (because, frankly, we'd be doing it all day), but every now and then there's a Big One that makes everyone sit up and take notice.

Last week, a vulnerability in the Bourne Again Shell - more colloquially known as Bash - was announced. Bash is widely deployed in most Linux-based operating systems (and can be found on Windows in cygwin).

The exploit - initially tagged CVE-2014-6271 but now widely known as 'shellshock' - allows remote attackers to execute arbitrary code via a crafted environment.

Since the initial bug was discovered, many more eyes have been on the Bash source code, resulting in several other updates. At the time of writing, another seemingly significant new exploit has been discovered ( CVE-2014-6278 has been reserved).

We're not going to go into too much detail about the issue - it has been covered very extensively elsewhere, and we encourage users interested in more details to read up on the technical roots.

This is a significant vulnerability and we advise all customers to update Bash immediately, and to continue to closely monitor any advisors relating to Bash in the coming weeks.