Bash bug was probably present since 1992 By Joost Schellevis




The vulnerability in a system allows Bash attackers to take over, it’s probably been present since 1992. So says the developer responsible for the shell. All this time the bug if known gone unnoticed.

Chet Ramey, the volunteer who is responsible for Bash, said told The New York Times that he probably introduced the bug. accidentally in 1992 Ramey notes that he does not know for sure, because he then still kept no detailed logs. Until September 12 the bug at least for Ramey himself remained unnoticed when he was tipped off about the existence of the security issue.

The bug is easy to exploit but offers far-reaching access to the system: an attacker to run code on a system. It is not excluded that the security problem in the past 24 years has been noted by researchers who have chosen to keep the leak under the cap and example to sell. Has previously Companies like French VUPEN specialize in finding and selling so-called zero-day -beveiligingsproblemen.

The bug has now been largely crushed, though still apparent in some cases it possible to perform. their own code A system can also only be protected if a patch is available. The problem is that user devices like routers, NAS systems and even wireless webcams with an embedded Web server patching is often slower than a desktop operating system, and therefore, may be vulnerable. Many years

According to security researcher Robert Graham is the underlying code of Bash seriously outdated. The Bash-bug, also known as Shell Shock is called, according to him no more than a warning that more bugs will follow. “The cause is not a programmer who has made a mistake, but a systemic failure in the code,” writes Graham, who will know that there are already three similar bugs have been found. “The code is outdated and written to the standards of 1984 instead of 2014”

The vulnerability could be exploited by a number of characters, followed by code, adding to an environment variable. Once then bash session is opened, the code appears to be running. Any application that relies on the Bash shell is potentially vulnerable. This involves, among other things webservers, every garden can be guided with HTTP requests. Also dhcp clients potentially vulnerable: a DHCP server could run code on a PC. For example, that is a problem on public Wi-Fi hotspots.


In: Technology & Gadgets Asked By: [15464 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »