Full Disclosure mailing list archives

Re: Critical bash vulnerability CVE-2014-6271

From: Michal Zalewski <lcamtuf () coredump cx>
Date: Thu, 25 Sep 2014 08:55:05 -0700

Worse that heartbleed?


In what way? It doesn't have a logo, so it's a bit better in my book.

But seriously, yup, it's probably worse - it likely affects more sites
and trivially gives you remote shell.

I have written down some technical details about the issue and the
problems with all the patches so far:

http://lcamtuf.blogspot.com/2014/09/quick-notes-about-bash-bug-its-impact.html

Most of the technical discussions seem to be happening on oss-security@.

/mz

_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Current thread:

Critical bash vulnerability CVE-2014-6271 Philip Cheong (Sep 25)
- Re: Critical bash vulnerability CVE-2014-6271 Michal Zalewski (Sep 25)
  - Re: Critical bash vulnerability CVE-2014-6271 Tony Arcieri (Sep 25)
    - Re: Critical bash vulnerability CVE-2014-6271 (slightly OT logo discussion) Ben Lincoln (F7EFC8C9 - FD) (Sep 26)
    - Re: Critical bash vulnerability CVE-2014-6271 Matt Hazinski (Sep 26)
- Re: Critical bash vulnerability CVE-2014-6271 Paul Vixie (Sep 25)
  - Re: Critical bash vulnerability CVE-2014-6271 Yvan Janssens (Sep 25)
  - Re: Critical bash vulnerability CVE-2014-6271 g () 1337 io (Sep 25)
- Re: Critical bash vulnerability CVE-2014-6271 Evan Teitelman (Sep 25)
  - Re: Critical bash vulnerability CVE-2014-6271 Godin, Erik (Sep 25)
  - Re: Critical bash vulnerability CVE-2014-6271 Tim (Sep 25)
    - Re: Critical bash vulnerability CVE-2014-6271 Paul Vixie (Sep 25)

(Thread continues...)