A new exploit has been discovered for Unix-based systems that some experts are claiming could be more harmful than the SSL bug, Heartbleed, which was discovered earlier this year. This new exploit is called ‘the bash bug’ and allows users to take control of Bourne Again Shell (Bash), the software used to control the Unix command prompt on some systems.
This bug means that all systems using Mac OS X or Linux are potentially susceptible, the thing that makes the bash bug so dangerous though is that it only requires the user to copy and paste a single line of code in order for it to work. Afterwards, hackers can run their own malicious code and could potentially take complete control of your system.
Fire Eye Director of Threat Research, Darien Kindlund, briefly explained why the bash bug is so dangerous:
“This bug is horrible. It’s worse than Heartbleed, in that it affects servers that help manage huge volumes of Internet traffic. Conservatively, the impact is anywhere from 20 to 50 per cent of global servers supporting web pages. Specifically, this issue affects web servers using GNU bash to process traffic from the Internet. In addition, this bug covers almost all CGI-based web servers, which are generally older systems on the Internet.”
Patches for many software distros are already being sent out but the Department of Homeland Security has issued an advisory warning just in-case some users fail to take proper precautions.
According to Professor Alan Woodward from the University of Surrey, 50 per cent of active websites run on a web server called Apache, which in turn runs on Unix, making these sites potentially vulnerable. This means around 500 million active sites could potentially face problems, which is a lot worse than the 500,000 sites susceptible to the Heartbleed SSL bug.
He continued to say that while vendors are rushing out patches, it assumes that system owners know about the vulnerability, rather than prompting them to update. Many system owners may not even know that a version of Linux is running in the background, meaning that many home WiFi routers could remain exploitative.
Right now it is unknown as to just how many systems are affected overall but scans are already taking place in order to gain key statistics.
Discuss on our Facebook page, HERE.
KitGuru Says: Two horrible bug discoveries only months apart from each other. Hopefully this doesn’t become a huge problem and can be contained relatively quickly.
Source: The Inquirer