Remote Exploit Vulnerability Found In Bash

← Back to Stories (view on slashdot.org)

Remote Exploit Vulnerability Found In Bash

Posted by Soulskill on Wednesday September 24, 2014 @05:12AM from the don't-bash-bash dept.

kdryer39 sends this news from CSO: A remotely exploitable vulnerability has been discovered by Stephane Chazelas in bash on Linux, and it is unpleasant. The vulnerability has the CVE identifier CVE-2014-6271. This affects Debian as well as other Linux distributions. The major attack vectors that have been identified in this case are HTTP requests and CGI scripts. Another attack surface is OpenSSH through the use of AcceptEnv variables. Also through TERM and SSH_ORIGINAL_COMMAND. An environmental variable with an arbitrary name can carry a nefarious function which can enable network exploitation.

12 of 399 comments (clear)

Min score:

Reason:

Sort:

So now it's the year of the Linux desktop by Anonymous Coward · 2014-09-24 05:17 · Score: 5, Funny

Because we've finally become popular enough to warrant script kiddies finding holes in our toys!
Captcha: Outcry
1. Re:So now it's the year of the Linux desktop by flyingfsck · 2014-09-24 05:55 · Score: 4, Funny
  
  Oh my, that's torn it. Now I'll have to switch to Minix.
  
  --
  Excuse me, but please get off my Pennisetum Clandestinum, eh!
Missing in windows? by Anonymous Coward · 2014-09-24 05:21 · Score: 5, Funny

I can't find the bash icon in the Start menu. Anyone know where it is so I can remove it and avoid this exploit?
Thanks.
1. Re:Missing in windows? by flyingfsck · 2014-09-24 05:50 · Score: 4, Funny
  
  It's because there is no start menu in Windows anymore, you dum dum...
  
  --
  Excuse me, but please get off my Pennisetum Clandestinum, eh!
2. Re:Missing in windows? by clovis · 2014-09-24 06:22 · Score: 4, Funny
  
  I can't find the bash icon in the Start menu. Anyone know where it is so I can remove it and avoid this exploit?
  Thanks.
  You seem to have asked a question about removing the Start Menu.
  Upgrade to Windows 8, but do not do the Win8.1 upgrade.
  Thank you for using our products in the future.
3. Re:Missing in windows? by Anonymous Coward · 2014-09-24 08:13 · Score: 5, Funny
  
  Um, that's not a shell that I know of. Citation needed?
4. Re:Missing in windows? by Anonymous Coward · 2014-09-24 09:05 · Score: 1, Funny
  
  Bash is fairly new to Windows. You'll only find it in the Windows 8 start menu.
  NEW TO WINDOWS?! Some people here bash Windows since forever dude.
Thanks god by Anonymous Coward · 2014-09-24 05:33 · Score: 4, Funny

Thanks god I am using windows.
1. Re:Thanks god by msauve · 2014-09-24 06:00 · Score: 4, Funny
  
  Your god makes you use Windows? You have a vengeful god.
  
  --
  "National Security is the chief cause of national insecurity." - Celine's First Law
Re:Dangerous by flyingfsck · 2014-09-24 05:51 · Score: 4, Funny

Awww, come on, don't bash Bash when it is down...

--
Excuse me, but please get off my Pennisetum Clandestinum, eh!
Re:Dangerous by jhantin · 2014-09-24 07:30 · Score: 5, Funny

ksh
Pfffft. I should have expected Korny jokes. (Ba-dum-csh.)

--
...when you're writing a game...tweak the difficulty of "Easy" to something [your mother] can cope with. -- onion2k
Re:Dangerous by Culture20 · 2014-09-24 10:36 · Score: 4, Funny

Bash has always felt a bit dangerous...
POUND! BANG! SLASH! bin SLASH! BASH!
#!/bin/bash