[ALERT] – Oracle products affected by Shellshock Bash Bug
This Security Alert addresses CVE-2014-7169 (initially identified as CVE-2014-6271), a publicly disclosed vulnerability affecting GNU Bash. GNU Bash is a popular open source command line shell incorporated into Linux and other widely used operating systems. This vulnerability affects multiple Oracle products. This vulnerability may be remotely exploitable without authentication, i.e. it may be exploited over a network without the need for a username and password. A remote user can exploit this vulnerability to execute arbitrary code on systems that are running affected versions of Bash.
Some of the affected products are;
- Oracle Audit Vault and Database Firewall
- All Oracle Engineered Systems
Systems that are public facing SHOULD be patched immediately.
Please refer to this link.