I wouldn't expect for that to take too long in my distro of choice, Gentoo, patches have already been released for multiple versions of the Bash shell.īecause of the severity, anyone administrating a Linux server would be wise to continually check for updates - or, if you're well-versed enough, switch over to a different shell for the time-being.
#MAC SHELL SHOCKED FOR MAC OS#
For Mac OS X, users will have to wait for Apple to issue a patch for Linux, users will have to wait for an update to become available. An initial patch has already been released, but it's being said that it's not perfect yet. Certain services and applications allow remote unauthenticated attackers to provide environment variables, allowing them to exploit this issue."Īs Shellshock is being treated as a severe threat, Red Hat is actively working on issuing a proper patch. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. " A flaw was found in the way Bash evaluated certain specially crafted environment variables.
The bug was reported to Red Hat last week and published just yesterday. While you'll be in a Bash environment whenever you open up a terminal, there are many cases where Bash will run in the background as well - such as with SSH, which constantly listens for connections. The bug is tied to the Bash Unix shell, one that's pretty much de facto in Linux, and can be found in all Mac OS X releases. It's being called a worse threat than Heartbleed, but unlike Heartbleed, "Shellshock" can affect home users just as well as servers.