Xerox Security Bulletin XRX14-006 V1.1 (PDF 1M)

Xerox Security Bulletin XRX14-006
Bash Shellshock Command Line Interpreter Vulnerability

A vulnerability has been discovered in the Bash command shell that can allow attackers to remotely execute commands on a target system. Even systems that don’t allow remote command shell connections may still use Bash to execute commands in the Apache web server and other network-facing applications. Unix and Unix-derived systems like Linux and Mac OS X are vulnerable to these attacks since they use Bash as the default command shell.

A Bash Shellshock document addressing this vulnerability has been posted to the Xerox Security Site.