Bash To Require Further Patching, As More Shellshock Holes Found

Bismillah writes Google security researcher Michael 'lcamtuf' Zalewski says he's discovered a new remote code execution vulnerability in the Bash parser (CVE-2014-6278) that is essentially equivalent to the original Shellshock bug, and trival to exploit. "The first one likely permits remote code execution, but the attack would require a degree of expertise to carry out," Zalewski said. "The second one is essentially equivalent to the original flaw, trivially allowing remote code execution even on systems that deployed the fix for the initial bug," he added.

More bugs and exploits

[GeekWithAKnife]

Rejoice my brethren; finally linux is becoming popular, the year of the desktop is upon us!

Re:Soon to be patched

[indeterminator]

Nobody ever got fired for using Microsoft..

Seems like a management oversight. I would be shocked to find that I have to pay for upgrades every couple of years.

Re:There are no "remote" exploits for bash

Anyone can stand up a rouge DHCP server on most networks.

I tried to set up a rouge DHCP server once, but it left me marooned.

Re:Soon to be patched

[K.+S.+Kyosuke]

Apparently, it is not "Ubuntu" but rather "Anonymous Coward" that actually means "I can't configure Debian".

Richard Stallman protests the name Shellshock

You'd better call it the GNU/Shellshock security vulnerability!

Re:Soon to be patched

[NatasRevol]

The reason Windows doesn't have problems like this

HOLY

FUCKING

SHIT

Re:Nothing to do with language

The problem with bash is that even more than most shells (perhaps except for zsh), it's exceedingly obscure and baroque.

Of course it is baroque. That's why they are working hard to fix it.