Want to Join Us ?

you'll be able to discuss, share and send private messages.

NEW Worse than Heartbleed? Today's Bash bug could break security for years

Discussion in 'Reverse engineering' started by storm shadow, Sep 25, 2014.

Share This Page

  1. storm shadow

    Techbliss Owner Admin Ida Pro Expert Developer

    There have been sightet a bug in Centos system , and should be worse than Heartbleed

    Linux users got a nasty surprise today, as a security team at Red Hat uncovered a subtle but dangerous bug in the Bash shell, one of the most versatile and widely used utilities in Linux. It's being called the Bash bug, or Shellshock. When accessed properly, the bug allows for an attacker's code to be executed as soon as the shell is invoked, leaving the door open for a wide variety of attacks. Worse yet, it appears the bug has been present in enterprise Linux software for a long time, so patching every instance may be easier said than done. Red Hat and Fedora have already released patches for the bug.
    The bug also affects OS X, and while the company has yet to release an official fix, this Stack Exchange post contains details on how Mac users can check for the vulnerability and patch it once identified.

    Errata Security's Robert David Graham has already compared the bug to Heartbleed, for its broad and potentially longterm effect on system security. "An enormous percentage of software interacts with the shell in some fashion," Graham wrote in a blog post. "We'll never be able to catalogue all the software out there that is vulnerable to the bash bug." Reached by The Verge, Berkeley ICSI researcher Nicholas Weaver agreed with the pessimism, saying, "It's subtle, ugly, and will be with us for years."
    source http://www.theverge.com/2014/9/24/6...odays-bash-bug-could-be-breaking-security-for

    also look at http://www.kernelmode.info/forum/viewtopic.php?f=16&t=3505#p239874
    source mailwaremustdie Twitter
    Rip Cord and computerline like this.
  2. storm shadow

    Techbliss Owner Admin Ida Pro Expert Developer

    Rip Cord likes this.