Researchers on Thursday discovered
proof-of-concept code that could take advantage of unpatched computer
systems, and found evidence of attacks exploiting the BASH Shellshockbug in the wild.
Shellshock, which came to light on Wednesday, could become a major threat to Linux/Unix and Apple operating systems if published patches to BASH are not applied before an attacker cashes in. However, there's some concern that the current patches may not be complete.
The United States Computer Emergency Readiness Team, or US-CERT, on Thursday issued a warning about the vulnerability.
BASH, the GNU Project's Bourne-Again SHell, is named after computer scientist Stephen Bourne, who wrote the original Shell code.
"BASH is easier to exploit than Heartbleed in the sense that it doesn't require technical knowledge as deep. It is probably installed in more places and on more systems than OpenSSH. So in that sense, the available attack surface is larger," BASH maintainer Chet Ramey told TechNewsWorld.
No comments:
Post a Comment