Slashdot Mirror

← Back to Stories (view on slashdot.org)

Bash To Require Further Patching, As More Shellshock Holes Found

Posted by samzenpus on from the protect-ya-neck dept.

Bismillah writes Google security researcher Michael 'lcamtuf' Zalewski says he's discovered a new remote code execution vulnerability in the Bash parser (CVE-2014-6278) that is essentially equivalent to the original Shellshock bug, and trival to exploit. "The first one likely permits remote code execution, but the attack would require a degree of expertise to carry out," Zalewski said. "The second one is essentially equivalent to the original flaw, trivially allowing remote code execution even on systems that deployed the fix for the initial bug," he added.

2 of 329 comments (clear)

  1. Soon to be patched by Anonymous Coward · · Score: 0, Troll

    At least on Linux. Sorry, Mactards!

    1. Re:Soon to be patched by Kythe · · Score: 1, Troll

      Exactly. My goodness, Windows is legendary not only for having severe holes, but for Microsoft taking a long time to fix them.

      --

      Kythe