Gianmarco Giovannelli
2014-09-26 07:00:10 UTC
>A "deadly serious" bug potentially affecting hundreds of millions of
>computers, servers and devices has been discovered.
>
>The flaw has been found in a software component known as Bash, which
>is a part of many Linux systems as well as Apple's Mac operating system.
>
>The bug, dubbed Shellshock, can be used to remotely take control of
>almost any system using Bash, researchers said.
>
>Experts said it was more serious than the Heartbleed bug discovered in April.
>
>"Whereas something like Heartbleed was all about sniffing what was
>going on, this was about giving you direct access to the system," Prof
>Alan Woodward, a security researcher from the University of Surrey,
>told the BBC.
>
>"The door's wide open."
>
>Some 500,000 machines worldwide were thought to have been vulnerable
>to Heartbleed. But early estimates, which experts said were
>conservative, suggest that Shellshock could hit at least 500
million machines.
>
>The problem is particularly serious given that many web servers are
>run using the Apache system, software which includes the Bash component.
Fonti varie sul web:
https://www.us-cert.gov/ncas/current-activity/2014/09/24/Bourne-Again-Shell-Bash-Remote-Code-Execution-Vulnerability
http://www.troyhunt.com/2014/09/everything-you-need-to-know-about.html
Io uso tcsh e non mi tange, pero' sembra che affligga anche altri
componenti third party (tipo apache, che non uso comunque :-)
Best Regards,
Gianmarco Giovannelli , "Unix expert since yesterday"
http://utenti.gufi.org/~gmarco/
>computers, servers and devices has been discovered.
>
>The flaw has been found in a software component known as Bash, which
>is a part of many Linux systems as well as Apple's Mac operating system.
>
>The bug, dubbed Shellshock, can be used to remotely take control of
>almost any system using Bash, researchers said.
>
>Experts said it was more serious than the Heartbleed bug discovered in April.
>
>"Whereas something like Heartbleed was all about sniffing what was
>going on, this was about giving you direct access to the system," Prof
>Alan Woodward, a security researcher from the University of Surrey,
>told the BBC.
>
>"The door's wide open."
>
>Some 500,000 machines worldwide were thought to have been vulnerable
>to Heartbleed. But early estimates, which experts said were
>conservative, suggest that Shellshock could hit at least 500
million machines.
>
>The problem is particularly serious given that many web servers are
>run using the Apache system, software which includes the Bash component.
Fonti varie sul web:
https://www.us-cert.gov/ncas/current-activity/2014/09/24/Bourne-Again-Shell-Bash-Remote-Code-Execution-Vulnerability
http://www.troyhunt.com/2014/09/everything-you-need-to-know-about.html
Io uso tcsh e non mi tange, pero' sembra che affligga anche altri
componenti third party (tipo apache, che non uso comunque :-)
Best Regards,
Gianmarco Giovannelli , "Unix expert since yesterday"
http://utenti.gufi.org/~gmarco/