Linux's most serious vulnerabilities are more dangerous than "heartbleed"

Source: Internet
Author: User

Linux's most serious vulnerabilities are more dangerous than "heartbleed"

According to foreign media reports, network security experts warned on Wednesday that a frequently-used section "Bash" in open-source software Linux has recently discovered a security vulnerability, its threat to computer users may exceed the "Heartbleed" vulnerability in April this year.

Bash is a software used to control Linux computer command prompts. Network security experts said that hackers can use a security vulnerability in Bash to fully control the target computer system.

Dan Guido, Chief Executive Officer of Trail of Bits, a cyber security company, said: "compared with Heartbleed, the latter only allows hackers to snoop on computers, but does not allow hackers to gain control of computers."

He said: "The Bash vulnerability method is much simpler. You can cut and paste a line of software code to achieve good results ."

Gido also said that he is considering disconnecting non-essential servers of his company from the network to protect them from being attacked by the Bash vulnerability until he can fix the vulnerability.

Todd Beardsley, Engineering Manager of Network Security Company Rapid7, warned that the severity of the Bash vulnerability was rated as 10, which means it has the greatest influence, however, the exploitation difficulty is rated as "low", which means that hackers can easily use it to launch network attacks.

"Using this vulnerability, attackers may take over the entire operating system of a computer, access confidential information, and modify the system. Any computer system that uses Bash must be immediately patched ."

"Heartbleed" is a security vulnerability in OpenSSL, an open-source encryption software. It was discovered in April this year. Because 2/3 of the world's websites use OpenSSL, the "Heartbleed" vulnerability puts tens of millions of people at risk. This also forces dozens of tech companies to release security patches to block security vulnerabilities in hundreds of products that use OpenSSL.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.