Wow - another massive vulnerability in the supposedly more secure *nix and OSX operating systems... Patch, Patch, Patch folks.... Amazing that this vulberability could have existed for 25 years....
Quote:
A bug discovered in the widely used Bash command interpreter poses a critical security risk to Unix and Linux systems – and, thanks to their ubiquity, the internet at large.
It lands countless websites, servers, PCs, OS X Macs, various home routers, and more, in danger of hijacking by hackers.
The vulnerability is present in Bash up to and including version 4.3, and was discovered by Stephane Chazelas. It puts Apache web servers, in particular, at risk of compromise: CGI scripts that use or invoke Bash in any way – including any child processes spawned by the scripts – are vulnerable to remote-code injection. OpenSSH and some DHCP clients are also affected on machines that use Bash.
Ubuntu and other Debian-derived systems that use Dash exclusively are not at risk – Dash isn't vulnerable, but busted versions of Bash may well be present on the systems anyway. It's essential you check the shell interpreters you're using, and any Bash packages you have installed, and patch if necessary.
|
http://www.theregister.co.uk/2014/09...sh_shell_vuln/
It's definately not everyday you can say this:
Quote:
“The only people who don’t have to worry about it are people who are running Windows consumers PCs or devices that are smaller than five centimetres by five centimetres,” Prof. Skillicorn said.
“Absolutely everything in between is almost certainly affected.”
|
http://www.theglobeandmail.com/techn...board/follows/