Re: CERT/NIST reveal level 10 bash alert today, 24 September 2014

bug-bash

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CERT/NIST reveal level 10 bash alert today, 24 September 2014

From:	Thad Floryan
Subject:	Re: CERT/NIST reveal level 10 bash alert today, 24 September 2014
Date:	Thu, 25 Sep 2014 18:02:50 -0700
User-agent:	Thunderbird 2.0.0.24 (Windows/20100228)

On 9/24/2014 6:07 PM, Thad Floryan wrote:
> I caught the newsflash at Reuters earlier todat and a
> search found the other URLs below.  This seemed the only
> relevant bash group available for subscription at the
> eternal-september NNTP server.
> 
> Articles:
> 
> New 'Bash' software bug may pose bigger threat than 'Heartbleed'
> http://www.reuters.com/article/2014/09/24/us-cybersecurity-bash-idUSKCN0HJ2FQ20140924
> http://uk.reuters.com/article/2014/09/24/us-cybersecurity-bash-idUKKCN0HJ2FQ20140924
> 
> Vulnerability Summary for CVE-2014-6271 - NVD - Detail
> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271
> 
> Bourne Again Shell (Bash) Remote Code Execution Vulnerability
> https://www.us-cert.gov/ncas/current-activity/2014/09/24/Bourne-Again-Shell-Bash-Remote-Code-Execution-Vulnerability
> 
> Bourne Again Shell (Bash) Remote Code Execution ...
> http://www.pcisecuritypolicies.com/bourne-again-shell-bash-remote-code-execution-vulnerability/

There was another Reuters news update a short while ago today:

Hackers exploit 'Shellshock' bug with worms in early attacks
By Jim Finkle, Boston, Thu Sep 25, 2014 6:34pm EDT

http://www.reuters.com/article/2014/09/25/us-cybersecurity-shellshock-idUSKCN0HK23Y20140925

(Reuters) - Hackers have begun exploiting the newly identified
"Shellshock" computer bug, using fast-moving worm viruses to scan for
vulnerable systems and then infect them, researchers warned on Thursday.

"Shellshock" is the first major Internet threat to emerge since the
discovery in April of "Heartbleed," which affected OpenSSL encryption
software that is used in about two-thirds of all web servers, along with
hundreds of technology products for consumers and businesses.

The latest bug has been compared to "Heartbleed" partly because the
software at the heart of the "Shellshock" bug, known as Bash, is also
widely used in web servers and other types of computer equipment.

The problem is unlikely to affect as many systems as Heartbleed because
not all computers running Bash can be exploited, according to security
experts. Still, they said "Shellshock" has the potential to wreak more
havoc because it enables hackers to gain complete control of an infected
machine, which could allow hackers to destroy data, shut down networks
or launch attacks on websites, experts said.

The "Heartbleed" bug only allowed them to steal data.

The industry is rushing to determine which systems can be remotely
compromised by hackers, but there are currently no estimates on the
number of vulnerable systems.
[...]

{ article continues at above URL }

Thad

[Prev in Thread]

Current Thread

[Next in Thread]

CERT/NIST reveal level 10 bash alert today, 24 September 2014, Thad Floryan, 2014/09/25
- Re: CERT/NIST reveal level 10 bash alert today, 24 September 2014, Thad Floryan <=
- CERT/NIST reveal level 10 bash alert today, 24 September 2014, Alexandre Ferrieux, 2014/09/25
  - Re: CERT/NIST reveal level 10 bash alert today, 24 September 2014, Eric Blake, 2014/09/25
    - Re: CERT/NIST reveal level 10 bash alert today, 24 September 2014, Alexandre FERRIEUX - SOFT/LAN, 2014/09/25
    - Re: CERT/NIST reveal level 10 bash alert today, 24 September 2014, Steve Simmons, 2014/09/25

Prev by Date: Re: Bash-4.3 Official Patch 25
Next by Date: Re: Bash security issue
Previous by thread: CERT/NIST reveal level 10 bash alert today, 24 September 2014
Next by thread: CERT/NIST reveal level 10 bash alert today, 24 September 2014
Index(es):
- Date
- Thread