5 Replies - 7942 Views - Last Post: 25 September 2014 - 10:33 AM

#1 macosxnerd101   User is offline

  • Games, Graphs, and Auctions
  • member icon




Reputation: 12769
  • View blog
  • Posts: 45,954
  • Joined: 27-December 08

Bash Command Flaw Leaves Linux/OSX Vulnerable

Post icon  Posted 25 September 2014 - 06:31 AM

Quote

Apparently, the internet has more deep-seated security bugs to worry about than Heartbleed. Researchers have discovered a longstanding flaw in a common Unix command shell (bash) for Linux and Macs that lets attackers run any code they want as soon as the shell starts running. They can effectively get control of any networked device that runs bash, even if there are limits on the commands remote users can try. That's a big problem when a large chunk of the internet relies on the shell for everyday tasks -- many web servers will call on it when they're running scripts, for example...

Apparently, the internet has more deep-seated security bugs to worry about than Heartbleed. Researchers have discovered a longstanding flaw in a common Unix command shell (bash) for Linux and Macs that lets attackers run any code they want as soon as the shell starts running. They can effectively get control of any networked device that runs bash, even if there are limits on the commands remote users can try. That's a big problem when a large chunk of the internet relies on the shell for everyday tasks -- many web servers will call on it when they're running scripts, for example.

There are already patches for multiple Linux variants (CentOS, Debian, Redhat), and big internet services like Akamai have already taken action. However, the age and sheer ubiquity of the exploit means that there are some older servers and other internet-connected devices that won't (and in some cases, can't) be fixed. In other words, there's a chance that everything from poorly maintained websites to your home security camera will remain vulnerable.


http://www.engadget....-security-flaw/

Is This A Good Question/Topic? 4
  • +

Replies To: Bash Command Flaw Leaves Linux/OSX Vulnerable

#2 modi123_1   User is online

  • Suitor #2
  • member icon



Reputation: 15806
  • View blog
  • Posts: 63,313
  • Joined: 12-June 08

Re: Bash Command Flaw Leaves Linux/OSX Vulnerable

Posted 25 September 2014 - 06:43 AM

Ha.. I heard about that this morning via this whimsical picture of the #langsec cat. Ugh. I may be pulled into help patching and testing said patch.

Spoiler

Was This Post Helpful? 0
  • +
  • -

#3 no2pencil   User is offline

  • Professor Snuggly Pants
  • member icon

Reputation: 6878
  • View blog
  • Posts: 31,672
  • Joined: 10-May 07

Re: Bash Command Flaw Leaves Linux/OSX Vulnerable

Posted 25 September 2014 - 06:45 AM

lol, 13 minutes ago I was reading this & updating for myself. Thanks for sharing!
Was This Post Helpful? 0
  • +
  • -

#4 TheMightyUch   User is offline

  • D.I.C Head

Reputation: 24
  • View blog
  • Posts: 189
  • Joined: 05-September 14

Re: Bash Command Flaw Leaves Linux/OSX Vulnerable

Posted 25 September 2014 - 08:15 AM

I saw this on my news feed earlier today. Hackers have really been getting their way way when it comes to the internet lately. Good to see another exploit exposed
Was This Post Helpful? 0
  • +
  • -

#5 astonecipher   User is offline

  • Enterprise Software Architect
  • member icon

Reputation: 3151
  • View blog
  • Posts: 11,956
  • Joined: 03-December 12

Re: Bash Command Flaw Leaves Linux/OSX Vulnerable

Posted 25 September 2014 - 09:07 AM

I was made aware of this when I first got in the office, without much explanation. Glad I can come here to get the info I need to correct it.
Was This Post Helpful? 0
  • +
  • -

#6 BetaWar   User is offline

  • #include "soul.h"
  • member icon

Reputation: 1651
  • View blog
  • Posts: 8,523
  • Joined: 07-September 06

Re: Bash Command Flaw Leaves Linux/OSX Vulnerable

Posted 25 September 2014 - 10:33 AM

Yeah, saw this on the forums this morning and figured I'd update my machines. Luckily I am not an IT Admin or anything of that nature so I was able to just update my personal machines (VMs, and my custom install of bash on the work servers (since they are dumb and don't keep it updated by default)).
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1