Shellshock, the bug in Bash that threatens the Web – Italian Notebook

After Heartbleed, the server world are threatened by a new bug. It’s called Bug Bash, or Shellshock, and undermines the server based on Linux, UNIX, and OS X. We recommend you install the patch immediately.

A few days ago on the web runs a story that has startled those who own a server or whoever handles one. Bash (which stands for Bourne Again Shell), a text-based shell that anyone who has ever used operating systems Unix and Unix-like systems (especially Linux) knows and has used, has a vulnerability. And it is a critical flaw, that “jargon” indicates the highest level of dangerousness. The Bash Bug , or Shellshock as it has been dubbed, is not to be underestimated so that “insiders” have already ranked as the successor of Heartbleed, even a challenge even more difficult, since it covers very wide spectrum of systems ranging from Linux to Mac OS X.

Technically, Bash is an evolved clone of the standard Unix shell (/ bin / sh.) . In practice it is a command interpreter that allows a user to communicate with the operating system through a set of predefined functions or run programs. And this is the key function of “infection.” The vulnerability allows anyone to insert malicious code remotely via specially crafted environment variables. This code is executed by the command interpreter, and given that the number of Bash scripts that are executed on a daily basis is huge, it is a flaw brought immeasurable.

It is as if, after years of development of security computer will suddenly come back to the origin, it is as if decades of research were to be erased at once, and with them our certainties.

security experts are aware of this and Tod Beardsley, interviewed by CNET, summarizes the situation: “Bash is widely spoken and used, so anyone can use this vulnerability to execute code from remote devices and web servers. With this flaw, anyone could potentially take control of the operating system, have access to information confidential or change some settings … “. Then all those who use Bash for their systems, should install the patch immediately.

The publication of critical bug, as it always does not coincide with its discovery. It is likely that unscrupulous crackers were using this vulnerability by time or that it was also used by some government agency, we can not exclude any hypothesis. What is certain is that just happens to publish a hole so wide spread immediately rootkits are able to take advantage of it, and then close attention to security updates and install them as soon as possible.

may also be interested ..