Slashdot Mirror

← Back to Stories (view on slashdot.org)

Vulnerabilities Found (and Sought) In More Command-Line Tools

Posted by timothy on from the one-thing-at-a-time dept.

itwbennett writes The critical Shellshock vulnerabilities found last month in the Bash Unix shell have motivated security researchers to search for similar flaws in old, but widely used, command-line utilities. Two remote command execution vulnerabilities were patched this week in the popular wget download agent and tnftp client for Unix-like systems [also mentioned here]. This comes after a remote code execution vulnerability was found last week in a library used by strings, objdump, readelf and other command-line tools.

3 of 87 comments (clear)

  1. great news by Anonymous Coward · · Score: 5, Interesting

    hopefully any remaining bugs will be found and we end up with better products

  2. what happened to obscurity by ozduo · · Score: 1, Interesting

    Linux is getting too popular and too targeted!

    --
    I got to the chocolate box before you, that's why the hard ones have teeth marks.
  3. Am I paranoid? by BlackPignouf · · Score: 4, Interesting

    I don't know if I'm being paranoid, but I'm pretty sure there are backdoors in every major open source project : gcc, the linux kernel, ssh, gpg and bash to name a few.
    They've been either actively introduced by NSA/FSB/... or found and jealously kept secrets.
    It's not like recent history has proven this theory wrong. :-/