Another bad vulnerability, check your linux-derivative devices, bug precent for 20 years...
http://soylentnews.org/article.pl?sid=14/09/25/0010205
Now the period comes that everyone was saying 20 years ago. Linux is only secure because not enough users to make it worthwhile to hack it. Now since every phone, server and router is running it, it's a very nice target.
Indeed :(
All those "safe" options are now just as open as all the others.
How can it affect devices or servers? You need to log in first, right?
Gesendet von meinem GT-N7100 mit Tapatalk
Depending on your setup you are either safe or it's enough with an HTTP request containing a few characters in the header to totally own your server. This is mostly a risk if you are running PHP under CGI on Apache. Most webservers aren't by default. However, if you anywhere in your scrips are calling a shell to do something, you might be in trouble.
This ofcourse goes for any program you run under Linux or windows that calls bash somewhere. Github for windows is apparently vulnerable for example.
Glad mint auto updates security patches :good:
Less happy that at least the first security patch only fixed the problem partly. There is still a way to get around it.
I'm seeing several attempts in the apache logs of scanners testing the vulnerability.