Xerox Security Bulletin XRX14-005 V1.2 (PDF 1M)

Xerox Security Bulletin XRX14-005
Bash Shellshock Command Line Interpreter Vulnerability
v1.2
10/28/14

Background
A vulnerability has been discovered in the Bash command shell that can allow attackers to remotely execute commands on a target system. Even systems that don’t allow remote command shell connections may still use Bash to execute commands in the Apache web server and other network-facing applications. Unix and Unix-derived systems like Linux and Mac OS X are vulnerable to these attacks since they use Bash as the default command shell.

A Bash Shellshock document addressing this vulnerability has been posted to the Xerox Security Site.