[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FD] Critical bash vulnerability CVE-2014-6271

To: Philip Cheong <philip.cheong@xxxxxxxxx>
Subject: Re: [FD] Critical bash vulnerability CVE-2014-6271
From: Michal Zalewski <lcamtuf@xxxxxxxxxxx>
Date: Thu, 25 Sep 2014 08:55:05 -0700

> Worse that heartbleed?

In what way? It doesn't have a logo, so it's a bit better in my book.

But seriously, yup, it's probably worse - it likely affects more sites
and trivially gives you remote shell.

I have written down some technical details about the issue and the
problems with all the patches so far:

http://lcamtuf.blogspot.com/2014/09/quick-notes-about-bash-bug-its-impact.html

Most of the technical discussions seem to be happening on oss-security@.

/mz

_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Follow-Ups:
- Re: [FD] Critical bash vulnerability CVE-2014-6271
  - From: Tony Arcieri

References:
- [FD] Critical bash vulnerability CVE-2014-6271
  - From: Philip Cheong

Prev by Date: [FD] [TOOL] Hakabana release
Next by Date: Re: [FD] Critical bash vulnerability CVE-2014-6271
Previous by thread: [FD] Critical bash vulnerability CVE-2014-6271
Next by thread: Re: [FD] Critical bash vulnerability CVE-2014-6271
Index(es):
- Date
- Thread