Here we go again
Security researchers have discovered a major security bug in the Unix shell known as Bash (Bourne-again shell), one of the most commonly used utilities in Linux and one that could potentially affect a great number of Unix and Linux web servers. By exploiting the newly discovered vulnerability, an attacker can take complete control of the system and/or execute shell commands that could make a server vulnerable to even more threats.
The bug is such that an attacker would need a high level of system access to do any real damage, though according to Red Hat, remote attacks are possible through "certain services and applications." Patches are needed to fill in the security hole and eradicate the bug, but since it's been present in enterprise Linux software for so long, that's no easy task, The Verge reports. That said, Red Hat, Fedora, Ubuntu, and others have already released patches, and Apple is working on a fix for Mac OS X.
Some security experts, including Errata Security's Robert David Graham, have compared the Bash bug to Heartbleed. Graham went so far as to say it's "probably a bigger deal than Heartbleed" because of all the software out there that's vulnerable -- cataloging it all would be a nightmare, if not an impossible task.
Follow Paul on Google+, Twitter, and Facebook


More...