Articles about bash

Cow photo via Shutterstock

Ubuntu Core Snaps door shut on Linux's new Dirty COWs

Canonical has released Ubuntu Core 16 for IoT, featuring Linux self-patching for a generation of users against future Bash or Dirty COWs. Ubuntu Core 16 features Snaps, a zip file concept Canonical says will streamline IoT device updates protecting against hackers and data loss. Snaps shipped in Ubuntu 16.10 but Ubuntu Core is …
Gavin Clarke, 3 Nov 2016

Solaris fix-it firm offers free Bash patch for legacy Oracle kit

A Solaris fix-it-firm being sued by Oracle over copyrighted code says it has stepped in to defend customers not protected by Larry Ellison's firm from Bash attacks. Terix has released a Bash fix for Solaris on SPARC and x86 that it claims goes further than Oracle’s own recent Bash patch. Bash, vulnerability CVE-2014-7169, …
Gavin Clarke, 16 Oct 2014
Marissa Mayer working from home?

Yahoo servers? SHELLSHOCKED? by Bash?

Updated Yahoo! said "a handful" of its servers fell to hackers who may have been trying to exploit the Shellshock vulnerability in Bash. The miscreants took control of the web servers to build a botnet out of them, it is claimed. "As soon as we became aware of the issue, we began patching our systems and have been closely monitoring …
Iain Thomson, 6 Oct 2014

Bored hackers flick Shellshock button to OFF as payloads shrink

Malicious and benign attacks against systems vulnerable to Shellshock had halved by Sunday after peaking three days following the bug's disclosure, Akamai researchers say. The variety of payloads targeting vulnerable sites increased dramatically over the same period before tapering off, in a possible sign that hackers were …
Darren Pauli, 3 Oct 2014

VMWare virtually in control of Shellshock

VMware is plugging away at Shellshock holes in 37 virtual appliance products, but has so far shipped clean code for just a handful of appliances. The company released a fix for cloud analytics kit vCenter Log Insight and offered updates on four others. The advisory said a variety of VMware appliances shipped with Shellshock- …
Darren Pauli, 2 Oct 2014

Bash bug flung against NAS boxes

Hackers are attempting to exploit the BASH remote code injection vulnerability against Network Attached Storage (NAS) systems. Miscreants are actively exploiting the time-to-patch window in targeting embedded devices, security firm FireEye warns. We have evidence that attackers are actively exploiting the time-to-patch window …
John Leyden, 1 Oct 2014

OpenVPN open to pre-auth Bash Shellshock bug – researcher

The Shellshock Bash bug, the gift that just keeps on taking, could also sting OpenVPN users, according to researcher Fredrick Stromberg. Pre-authentication vectors affect communication through the popular and formerly secure VPN platform, he says. Shellshock affected the crucial and ubiquitous *nix component Bash up to and …
Darren Pauli, 30 Sep 2014

Third patch brings more admin Shellshock for the battered and Bashed

A third patch, from Red Hat engineer Florian Weimer, has been released for the vulnerable Bash Unix command-line interpreter, closing off flaws found in two previous fixes. Weimer's unofficial fix was adopted upstream by Bash project maintainer Chet Ramey and released as Bash-4.3 Official Patch 27 (bash43-027) which addressed …
Darren Pauli, 30 Sep 2014
Bug bounties

Apple finally patches Bash Shellshock vuln that WAS NOT A WORRY, OK?

Apple and F5 are the latest big-name vendors to post responses to the “Shellshock” vulnerability in Bash. Just days after saying “the vast majority of OS X users are not at risk”, Cupertino has posted Bash fixes for OS X Lion, Mountain Lion, and Mavericks. The fix is now available in OS X users' Software Update. It would, …

Shellshock: 'Larger scale attack' on its way, warn securo-bods

The Shellshock vulnerability has already become the focus for malicious scanning and at least one botnet but crooks are still testing the waters with the vulnerability and much worse could follow, security watchers warn. Net security firm FireEye said it has seen all manner of overtly malicious traffic leveraging the Bash bug …
John Leyden, 29 Sep 2014
Bug bounties

SMASH the Bash bug! Apple and Red Hat scramble for patch batches

A fresh dump of Shellshock patches were released on Friday night in the latest move to stamp out the Bash shell security vuln that has the potential to blight millions of Linux, Unix and Mac OS X machines. Red Hat said in a blog post that the threat from Shellshock was receding now that patches had been issued for most …
Team Register, 28 Sep 2014
Regina Egbert, El Reg's virtual news anchor

Regina Eggbert gives her signature rundown of the week's tech news

Vid Youtube Video Tune in for a brief rundown of the week's eggiest tech tales from The Reg's avatar news anchor Regina Eggbert. Then find out more about this week's stories, including shell-shocked Bash, PC abandonment issues and bent mobes – here, here and here. ® Regina Egbert, El Reg's virtual news anchor

Oracle SHELLSHOCKER - data titan lists unpatchables

Oracle has confirmed that at least 32 of its products are affected by the vulnerability recently discovered in the Bash command-line interpreter – aka the "Shellshock" bug – including some of the company's pricey integrated hardware systems. The database giant issued a security alert regarding the issue on Friday, warning that …
Neil McAllister, 27 Sep 2014

Stunned by Shellshock Bash bug? Patch all you can – or be punished

Updated The UK's privacy watchdog is urging organisations to protect their systems against the infamous Shellshock vulnerability in Bash – even though the full scope of the security bug remains unclear. The Shellshock flaw affects Bash up to and including version 4.3. It's a vital component of many Linux and Unix systems, as well as …
John Leyden, 26 Sep 2014

Bad boy builds beastly Bash bug botnet, boxen battered

Mere hours after its discovery, the Shell Shock Bash vulnerability was exploited by an attacker to build a botnet. The bot was discovered by researcher known as Yinette, who reported it on her Github account and said it appeared to be remotely controlled by miscreants. Rapid 7 researcher Jen Ellis noted in a blog the …
Darren Pauli, 26 Sep 2014
Now you've done it...

Hackers thrash Bash Shellshock bug: World races to cover hole

Sysadmins and users have been urged to patch the severe Shellshock vulnerability in Bash on Linux and Unix systems – as hackers ruthlessly exploit the flaw to compromise or crash computers. But as "millions" of servers, PCs and devices lay vulnerable or are being updated, it's emerged the fix is incomplete. The flaw affects …
John Leyden, 25 Sep 2014

Bash bug: Shellshocked yet? You will be ... when this goes WORM

Much of the impact of the Shellshock vulnerability is unknown and will surface in the coming months as researchers, admins and attackers (natch) find new avenues of exploitation. The vulnerability, called Shellshock by researcher Robert Graham, existed in the Bash command interpreter up to version 4.3 and affected scores of …
Darren Pauli, 25 Sep 2014

Patch Bash NOW: 'Shellshock' bug blasts OS X, Linux systems wide open

Updated A bug discovered in the widely used Bash command interpreter poses a critical security risk to Unix and Linux systems – and, thanks to their ubiquity, the internet at large. It lands countless websites, servers, PCs, OS X Macs, various home routers, and more, in danger of hijacking by hackers. The vulnerability is present in …
John Leyden, 24 Sep 2014

Create a news alert about bash, or find more stories about bash.

Biting the hand that feeds IT © 1998–2018