[kwlug-disc] Vulnerability in bash
B.S.
bs27975 at yahoo.ca
Thu Sep 25 16:35:09 EDT 2014
On Thu, 25 Sep 2014 12:12:01 -0400
Khalid Baheyeldin <kb at 2bits.com> wrote:
> On Thu, Sep 25, 2014 at 11:55 AM, CrankyOldBugger
> <crankyoldbugger at gmail.com
> > wrote:
>
> > And now "some experts" are referring to this as the "Shellshock"
> > vulnerability.
> >
> > Commence Public Mass Hysteria in three, two, one...
> >
>
> Well, this one is real scary.
>
> If requests via the web server can execute arbitrary shell commands,
> it is scary.
>
> What is more scary is that a 25 year old mature piece of software can
> have such a gaping hole in it exploitable remotely.
>
> What about non-mature, less tested software, specially new comers
> that are being widely adopted (systemd ...)
Perhaps this speaks more to advancements in testing tools, testing
regimen, or more eyeballs? (All bugs being shallow ... eventually?)
More information about the kwlug-disc
mailing list