It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Some features of ATS will be disabled while you continue to use an ad-blocker.
HACKERS HAVE DISCOVERED an exploit for Unix-based systems that some experts claim could be more serious than the Heartbleed SSL bug uncovered in April.
The bash bug, as implied by its name, is a vulnerability that allows unscrupulous users to take control of Bourne Again Shell (bash), the software used to control the Unix command prompt on some Unix-like systems. This means that systems running Mac OS X and Linux are all potentially susceptible.
"Conservatively, the impact is anywhere from 20 to 50 [percent] of global servers supporting web pages. Specifically, this issue affects web servers using GNU bash to process traffic from the internet. In addition, this bug covers almost all CGI-based web servers, which are generally older systems on the internet."
"Unlike Heartbleed, which only affected a specific version of OpenSSL, this bash bug has been around for a long, long time," Graham wrote. "That means there are lots of old devices on the network vulnerable to this bug. The number of systems needing to be patched, but which won't be, is much larger than Heartbleed."
The bug was discovered by French software developer Stéphane Chazelas and patched today by Chet Ramey, official maintainer of the Bash shell, whose day job is as a network manager at Case Western Reserve University in Cleveland. The patch fixes Bash 3.0 through 4.3, and links for network administrators to fix the patches can be found on the SecLists mailing-list archive.