Shellshock

Shellshock’d CVE-2014-6271 and CVE-2014-7169

Much like heartbleed before it, if you operate in the open source world you have probably heard about shellshock by now and dedicated a large portion of the last 24 hours trying to mitigate it. In the unlikely event that you somehow missed the massive bash security vulnerability you can find more information here: http://www.csoonline.com/article/2687265/application-security/remote-exploit-in-bash-cve-2014-6271.html the tldr version of the bug is that any application allows a remote entity to populate an environment variable allows the attacker to execute a bash function on the target server.