Nasty bug discovered in Linux Bash shell

Read Hat security researchers announced the discovery of a dangerous security vulnerability in Bash, a UNIX-like shell that is perhaps one of the most widely installed utilities on any Linux system. The bug opens the door for a wide variety of attacks, it arises when environment variables with specially-crafted values are created before the shell is invoked.

The vulnerability has been present in Linux software for two decades, so patching every instance of it may be easier said than done. Errata Security expert Robert David Graham mentioned on Twitter that the "bash bug" is probably a bigger deal than Heartbleed. Graham wrote on his blog that an enormous percentage of Linux software interacts with the shell in some fashion and he believes it will be impossible to catalogue all software out there that is vulnerable to the bash bug.

It's being called the Bash bug, or Shellshock. When accessed properly, the bug allows for an attacker's code to be executed as soon as the shell is invoked, leaving the door open for a wide variety of attacks. Worse yet, it appears the bug has been present in enterprise Linux software for a long time, so patching every instance may be easier said than done. Red Hat and Fedora have already released patches for the bug. The bug also affects OS X, and while the company has yet to release an official fix, this Stack Exchange post contains details on how Mac users can check for the vulnerability and patch it once identified.

Source: The Verge