A bug in the Bash software used to control the command prompt in many Unix computers could be a bigger threat than the Heartbleed OpenSSL bug, security experts have warned.
They have urged any organisation running Unix-based computers should install the security update immediately.
Hackers could exploit the flaw in Bash (Bourne Again Shell) to take complete control of a targeted system, prompting the UK Computer Emergency Response Team (CERT-UK) to issue an alert.
According to the alert, the Bash bug affects Unix-based operating systems, including Linux. However, CERT-UK said it is not yet clear whether other Unix-based systems, such as Apple’s Mac OS X, Google’s Android and other embedded systems in internet of things (IoT) devices, are affected.
To test if a system is vulnerable, CERT-UK said users can enter the command:
env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
If the system is vulnerable, the output will be: vulnerable this is a test
An unaffected (or patched) system will output: bash: warning: x: ignoring function definition attempt bash: error importing function definition for `x' this is a test
More info: Bash bug could be bigger threat than Heartbleed
They have urged any organisation running Unix-based computers should install the security update immediately.
Hackers could exploit the flaw in Bash (Bourne Again Shell) to take complete control of a targeted system, prompting the UK Computer Emergency Response Team (CERT-UK) to issue an alert.
According to the alert, the Bash bug affects Unix-based operating systems, including Linux. However, CERT-UK said it is not yet clear whether other Unix-based systems, such as Apple’s Mac OS X, Google’s Android and other embedded systems in internet of things (IoT) devices, are affected.
To test if a system is vulnerable, CERT-UK said users can enter the command:
env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
If the system is vulnerable, the output will be: vulnerable this is a test
An unaffected (or patched) system will output: bash: warning: x: ignoring function definition attempt bash: error importing function definition for `x' this is a test
More info: Bash bug could be bigger threat than Heartbleed