"Bash" (CVE-2014-6271) vulnerability – Q&A
http://securelist.com/blog/research/66673/bash-cve-2014-6271-vulnerability-qa-2/
The "bash" vulnerability, actually described as CVE-2014-6271, is an extremely powerful vulnerability due to its high impact and the ease with which it can be exploited. An attacker can simply execute system level commands, with the same privileges as the affected services.In most of the examples on the Internet right now, attackers are remotely attacking web servers hosting CGI scripts that have been written in bash.
At the time of writing, the vulnerability has already been used for malicious intentions – infecting vulnerable web servers with malware, and also in hacker attacks. Our researchers are constantly gathering new samples and indications of infections based on this vulnerability; and more information about this malware will be published soon.
The key thing to understand is that the vulnerability is not bound to a specific service, for example Apache or nginx. Rather, the vulnerability lies in the bash shell interpreter and allows an attacker to append system level commands to the bash environment variables.
There is more info on this all over on-line, but this article seemed the least nerd or geek oriented, so easier for everyone to understand. There is a patch available for Linux servers that reduces but does not eliminate the vulnerability. But there was a patch for Heartbleed, & there are still servers on-line that never installed it, so the fact a patch is available should not cause anyone to become complacent.
This vulnerability is being actively exploited to target servers hosted on the Internet. Even some workstations running Linux and OSX are vulnerable, but an attacker would still need to find an attack vector that will work remotely against your desktop.The vulnerability is not targeting individuals, but servers hosted on the Internet. This means that if, for example, your favorite e-commerce or banking website were vulnerable, the attackers could, in theory, compromise that server and gain access to your personal information, including maybe banking information.
At the time of writing its very difficult to say exactly what platforms might be vulnerable and might have been targeted, but I would recommend that you do not actively use your credit card or share a lot of sensitive information for the next couple of days, until security researchers have been able to find out more information about this situation.
In a nutshell, a great many web servers were or are vulnerable to takeover. Once a web server is compromised don't count on simple things like defacing web pages -- think more along the lines of mal-ware distribution. Instead of figuring out how to get you to visit a malicious site, your favorite site(s) turn malicious instead.