Thread: Huge bash exploit CVE-2014-6271
View Single Post
Old 29-09-2014, 20:01   #23
Qtx
Inactive
 
Join Date: May 2012
Location: Probably outside the M25
Services: Sky Fibre Unlimited 40/10
Posts: 3,473
Qtx has a bronzed appealQtx has a bronzed appeal
Qtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appeal
Re: Huge bash exploit CVE-2014-6271
The first two patches do stop those holes being used but the new vulnerability found isn't much different yet does get through. They should really take the plunge and just release a patch which stops Bash parsing the data itself, even if breaks some setups. Not that hard for them to do it for the other versions too.

Bash is ancient so when made no one was thinking about security. Not even sure if the usual automatic fuzzing methods would have found these particular holes, not that they were about back then anyway.
Qtx is offline   Reply With Quote