 |
| Bash Running in Linux |
"In a nutshell, the Shellshock Bash bug is easy to exploit and yet still have severe consequences".
Bash is often used as the system shell in many distributions of Linux and Macs. IF an application calls a Bash command from the internet (Http) or through a common gateway interface (CGI) which will allow user to enter data, that system is open for attack. The vulnerability will affect thousands of applications across the board. Andy Ellis, the Chief Security Officer of Akamai Technologies, wrote: "This vulnerability may affect many applications that evaluate user input, and call other applications via a shell."
So have updates come out. In most cases your distribution should have updated bash packages for download. Certainly updates have happened at my end using Linux Mint and Fedora were quick to act too. The most shocking part of all this news is that it seems all companies have responded treating this "critical" bug as something to be addressed immediately, except Apple have done nothing. No patch has been released for Mac users. Also Apple have not said anything about releasing a patch immediately.
Crikey? Well how the hell do I know if it affects me. Well if you have not updated your computer in the last week....then it affects you. To be sure though you can copy and paste this into your Bash terminal to see if the vulnerability exists....
Are your computers vulnerable?
Open a terminal window and enter the following command at the $ prompt:
If your answer returns this:
ASSCOVERED
Then your good to go. You have been patched in an update.
No comments:
Post a Comment