PeopleSoft and Shellshock September 29, 2014Posted by Duncan in Security, TW.
As many will have no doubt heard, there’s a new vulnerability that has been spotted, and there are already exploits for it in the wild.
The vulnerable systems are those running Bash – so Windows machines are safe, it’s just Unix/Linux and MacOSX.
Security Researcher Kasper Lindegaard from Secunia rates this as a bigger issue than the Heartbleed exploit discovered in April this year. “Heartbleed only enabled hackers to extract information, Bash enables hackers to execute commands to take over your servers and systems.”
The US government has rated this 10 out of 10 from severity point of view.
Oracle have been quick to react to this threat, and have issued a security alert here. It includes this chilling text:
This vulnerability may be remotely exploitable without authentication, i.e. it may be exploited over a network without the need for a username and password. A remote user can exploit this vulnerability to execute arbitrary code on systems that are running affected versions of Bash.