Security Vulnerabilities and Testing Tools

Shellshock

Vulnerability in Bash

The so-called „shellshock“ bug is a vulnerability found in bash which might become a really big issue for a lot of systems. In general bash can be found on a lot of Linux and Mac systems and therefore a lot of potential vulnerable systems.

Here the link to the CERT where you will find updates for the most important systems: Bourne-Again Shell (Bash) Remote Code Execution Vulnerability

A very good explanation can be found on Troyhunt.

Testing your own server can be easily done by executing:

env x='() { :;}; echo vulnerable' bash -c "echo this is a test"

Testing Tools

ImmuniWeb