Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Vulnerabilities found in more command-line tools, wget and tnftp get patches

Lucian Constantin | Oct. 31, 2014
The critical Shellshock vulnerabilities found last month in the Bash Unix shell have motivated security researchers to search for similar flaws in old, but widely used, command-line utilities.

The flaws found this year in OpenSSL, Bash, strings and now wget and tnftp indicate a trend of new bugs being found in old code, said Rob VandenBrink, an incident handler at the SANS Internet Storm Centert, in a blog post Thursday. "Coders who wrote stuff in C back in the day didn't always write code that knew how much was too much of a good thing. Now that we're all looking at problems with bounds checking on input data, expect to see at least a couple more of these!"

The danger is that these flaws are found in utilities that a lot of people use every day. As VandenBrink puts it they "are part of our standard, trusted toolkit."

 

Previous Page  1  2 

Sign up for CIO Asia eNewsletters.