Skip to content

September 28, 2014

The Shellshock command security flaw isn’t really fixed yet

by John_A

Shellshock flaw test

Don’t get too comfy just because companies are rolling out patches for the Shellshock security bug — as it turns out, even updated websites and devices remain at risk. Developers are reporting that they can still run any code they like (and thus hijack systems) through the bash command shell simply by using instructions that aren’t covered by existing safeguards. You can use a common variable like “cat” (concatenate) to bypass the defenses, for instance. The only surefire fix may be a fundamental change to how the shell handles variables, which could break legions of apps and services. You still don’t have much reason to worry about your home Mac or Linux PC, but it’s now considerably less likely that the sites and connected gadgets you use will will be truly immune to Shellshock-based attacks.

[Image credit: Robert Graham, Twitter]

Filed under: ,

Comments

Via: Ars Technica

Source: Seclists.org, GNU.org

.CPlase_panel display:none;

Read more from News

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Note: HTML is allowed. Your email address will never be published.

Subscribe to comments

%d bloggers like this: