One critical security hole exist in Unix/Linux based system just got uncovered today. Bash is a Unix shell written by Brian Fox for the GNU Project as a free software replacement for the Bourne shell (sh). A security bug in Bash, could create a bigger threat to computer users than the “Heartbleed” bug in OpenSSL. For many Unix or Linux personal computer, this might not be a really big issue. For Unix or Linux based Web servers, it’s a critical problem. Most of the servers are using Linux system. “Shellshock” Bug detail: CVE-2014-6271 remote code execution through bash which allows unauthorized disclosure of information, unauthorized modification, and allows disruption of service. Vulnerability mostly is exploitable over the network. HTTP requests to CGI scripts have been identified as the major attack vector so far. How to fix/patch Bash? Ubuntu/Debian

Read More