Thursday, 25 September 2014


"Bash Bug May Be Worse Than Heartbleed
Linux, Unix, and Internet of Things devices affected by critical vulnerability.
Though only disclosed this morning, proof-of-concept exploits are already available for a critical remote code execution vulnerability security experts say is more widespread than Heartbleed.
CVE-2014-6271, a vulnerability in the command shell Bash, affects many Linux- and UNIX-based systems. Although no exploits have yet been seen in the wild, the pervasiveness and ease of exploit have earned it a CVSS score of 10.
The bug makes remote code execution possible,

 even though Bash itself does not handle data from remote users. As Jim Reavis of Cloud Security Alliance wrote today:
Bash is a local shell, it doesn’t handle data supplied from remote users, sono big deal right? Wrong.
A large number of programs on Linux and other UNIX systems use Bash to setup environmental variables which are then used while executing other programs...
In short this vulnerability allows attackers to cause arbitrary command execution, remotely, for example by setting headers in a web request, or by setting weird mime types for example.
Like Heartbleed, the bug may affect a broad swath of systems -- including Apache servers, web servers running CGI scripts, and embedded systems in everything from control systems to medical devices to digital cameras." Continues

Special Free Announcements about Bitcoin, Litecon, Open-Transaction Cipher Assets, Crypto-Currency Trading, Mining, Minting and More!

This Weeks Top - Bitcoin Tutorial - Free!

SEND Bitcoin Beginners Tutorial What is Bitcoin Mining at Home

This Weeks Top - Bitcoin News - Latest Videos - The Playlist

Powered by Dailymotion

Source(s) included

No comments :

Post a comment

Only members (obviously) can comment; no moderation; direct to page.

Note: only a member of this blog may post a comment.