Shellshock: a severity 10/10 Bash bug that allows attackers to execute arbitrary commands on web servers

You thought the heartbleed bug was bad? Today’s Bash vulnerability is much much worse

 

Concern over Bash vulnerability grows as exploit reported “in the wild”

“Shellshock” bug in common GNU shell could be “worm-able,” used to launch kernel exploits.

The vulnerability reported in the GNU Bourne Again Shell (Bash) yesterday, dubbed “Shellshock,” may already have been exploited in the wild to take over Web servers as part of a botnet. More security experts are now weighing in on the severity of the bug, expressing fears that it could be used for an Internet “worm” to exploit large numbers of public Web servers. And the initial fix for the issue still left Bash vulnerable to attack, according to a new US CERT National Vulnerability Database entry. A second vulnerability in Bash allows for an attacker to overwrite files on the targeted system.

Read the full article at Ars Technica