BOTNET ATTACK IN THE WILD
SHELLSHOCK vs THE INTERNET
"It's things like CGI scripts that are vulnerable, deep within a website (like CPanel's /cgi-sys/defaultwebpage.cgi)," Graham wrote in a blog post. "Getting just the root page is the thing least likely to be vulnerable. Spidering the site and testing well-known CGI scripts (like the CPanel one) would give a lot more results—at least 10x."
In addition, Graham said, "this thing is clearly wormable and can easily worm past firewalls and infect lots of systems. One key question is whether Mac OS X and iPhone DHCP service is vulnerable—once the worm gets behind a firewall and runs a hostile DHCP server, that would be 'game over' for large networks."
32 ORACLE PRODUCTS VULNERABLE
Oracle has also confirmed that over 32 of its products are affected by the "Shellshock" vulnerability including some expensive integrated hardware systems of the company. The company warned its users to wait a bit longer for the complete patch, by issuing a security alert regarding the Bash bug on Friday.
"Oracle is still investigating this issue and will provide fixes for affected products as soon as they have been fully tested and determined to provide effective mitigation against the vulnerability," the company said.PATCH ISSUED, BUT INCOMPLETE
Patches were released from most of the Linux distributions, but Red Hat has updated an advisory warning that the patch is incomplete, the same issue that was also raised by infosec community on Twitter.
"Red Hat has become aware that the patches shipped for this issue are incomplete," said Red Hat security engineer Huzaifa Sidhpurwala. "An attacker can provide specially-crafted environment variables containing arbitrary commands that will be executed on vulnerable systems under certain conditions The new issue has been assigned CVE-2014-7169."