Most Critical Linux Vulnerability: Shellshock bug/BASH
Linux Bash: Dangerous security hole discover
The popular Linux and UNIX shell has a very serious security problem that means real danger for many web servers. The major thing about the Bash bug environment variables, a hacker could use this hole to execute shell commands. When you talk about the Bash it is the default interactive shell in Ubuntu. When you are interfacing with the terminal either through the terminal emulator, over a tty, or ssh, you are generally typing commands which bash will read, and execute. Even if you do not use the terminal at all, you still have Bash.
How does thread affect me?
Bash and the OS monitor environment variables that describe the current logged-on user, on the hard disk where to look for program, and many other same functions, by designing an environment variable with a specific design, the hacker can be able to execute code next time when Bash starts its work.
How to set an environment variable
Producing another program to set an environment variable to have that created value. For example, you might have a webserver and script that needs to set an environment variable with specific user content. Even if that script creates its own, and doesn’t touch other environment variables, it’s enough. A single environment variable with any name and a crafted value is enough for the activity to succeed.
How to stay away Linux bash bug
Linux users should be aware of these new vulnerabilities and make sure they have latest information of latest patches and updates from their respective Linux vendors.
