Linked by Thom Holwerda on Fri 26th Sep 2014 05:00 UTC
Privacy, Security, Encryption

By now you may have heard about a new bug found in the Bash shell. And unless you're a programmer or security expert, you're probably wondering if you should really worry. The short answer is: Don't panic, but you should definitely learn more about it, because you may be in contact with vulnerable devices.

This bug, baptized "Shellshock" by Security Researchers, affects the Unix command shell "Bash," which happens to be one of the most common applications in those systems. That includes any machine running Mac OS X or Linux.

A very simple and straightforward explanation of this major new security issue. The OSNews servers were updated yesterday.

Permalink for comment 596971
To read all comments associated with this story, please click here.
RE[2]: Routers
by snorkel2 on Fri 26th Sep 2014 16:56 UTC in reply to "RE: Routers"
snorkel2
Member since:
2007-03-06

The CGI scripts have to be written in bash or another language that spawns a bash shell.
They can't exploit this without a bash script already being present in the cgi-bin directory.
If they have already gained access to put a script in cgi-bin you have bigger problems.

They are making this into a bigger deal than it really is.

Reply Parent Score: 5