Bash Widespread Vulnerability Discovered

Previous topic - Next topic

Moru

Another bad vulnerability, check your linux-derivative devices, bug precent for 20 years...

http://soylentnews.org/article.pl?sid=14/09/25/0010205

Now the period comes that everyone was saying 20 years ago. Linux is only secure because not enough users to make it worthwhile to hack it. Now since every phone, server and router is running it, it's a very nice target.

Ian Price

Indeed :(

All those "safe" options are now just as open as all the others.
I came. I saw. I played.

Kitty Hello

How can it affect devices or servers? You need to log in first, right?

Gesendet von meinem GT-N7100 mit Tapatalk


Moru

Depending on your setup you are either safe or it's enough with an HTTP request containing a few characters in the header to totally own your server. This is mostly a risk if you are running PHP under CGI on Apache. Most webservers aren't by default. However, if you anywhere in your scrips are calling a shell to do something, you might be in trouble.

This ofcourse goes for any program you run under Linux or windows that calls bash somewhere. Github for windows is apparently vulnerable for example.

Hemlos

Glad mint auto updates security patches :good:
Bing ChatGpt is pretty smart :O

Moru

Less happy that at least the first security patch only fixed the problem partly. There is still a way to get around it.

I'm seeing several attempts in the apache logs of scanners testing the vulnerability.