Full Disclosure mailing list archives
Re: Critical bash vulnerability CVE-2014-6271
From: Michal Zalewski <lcamtuf () coredump cx>
Date: Thu, 25 Sep 2014 08:55:05 -0700
Worse that heartbleed?
In what way? It doesn't have a logo, so it's a bit better in my book. But seriously, yup, it's probably worse - it likely affects more sites and trivially gives you remote shell. I have written down some technical details about the issue and the problems with all the patches so far: http://lcamtuf.blogspot.com/2014/09/quick-notes-about-bash-bug-its-impact.html Most of the technical discussions seem to be happening on oss-security@. /mz _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- Critical bash vulnerability CVE-2014-6271 Philip Cheong (Sep 25)
- Re: Critical bash vulnerability CVE-2014-6271 Michal Zalewski (Sep 25)
- Re: Critical bash vulnerability CVE-2014-6271 Tony Arcieri (Sep 25)
- Re: Critical bash vulnerability CVE-2014-6271 (slightly OT logo discussion) Ben Lincoln (F7EFC8C9 - FD) (Sep 26)
- Re: Critical bash vulnerability CVE-2014-6271 Matt Hazinski (Sep 26)
- Re: Critical bash vulnerability CVE-2014-6271 Tony Arcieri (Sep 25)
- Re: Critical bash vulnerability CVE-2014-6271 Michal Zalewski (Sep 25)
- Re: Critical bash vulnerability CVE-2014-6271 Paul Vixie (Sep 25)
- Re: Critical bash vulnerability CVE-2014-6271 Yvan Janssens (Sep 25)
- Re: Critical bash vulnerability CVE-2014-6271 g () 1337 io (Sep 25)
- Re: Critical bash vulnerability CVE-2014-6271 Evan Teitelman (Sep 25)
- Re: Critical bash vulnerability CVE-2014-6271 Godin, Erik (Sep 25)
- Re: Critical bash vulnerability CVE-2014-6271 Tim (Sep 25)
- Re: Critical bash vulnerability CVE-2014-6271 Paul Vixie (Sep 25)