[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] bash vulnerability

To: "list@xxxxxxxxxxxxx" <list@xxxxxxxxxxxxx>
Subject: Re: [LUG] bash vulnerability
From: "Tremayne, Steve" <steven.tremayne@xxxxxxxxxxxxx>
Date: Fri, 26 Sep 2014 11:01:57 +0000
Accept-language: en-US
Authentication-results: spf=neutral (sender IP is 199.64.221.174) smtp.mailfrom=steven.tremayne@xxxxxxxxxxxxx;
Content-language: en-US
Delivered-to: dclug@xxxxxxxxxxxxxxxxxxxxx
Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=dcglug.org.uk; s=1396810045; h=Sender:Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post:List-Unsubscribe:List-Id:Reply-To:Subject:MIME-Version:In-Reply-To:References:Message-ID:Date:To:From; bh=+mGfKbxC1SIdxl96F+acNNqL/StITQCFKx4BQ0oEk0w=; b=KrVfBHm2VBaVHCKv1OU64+wg/sp3xdlcR6CQt9YHzXWUYifh15KfbKzTld/iz+C+qIm3MC+FM97ApzM5qwQOmTy43BOeb0vkXDvfMHtD7+XkifpQkIAQRM82H36NYpORxflMUMIg+/7yLR+/5rG3lqln359fxYnQrnsOhAunOpU=;
Thread-index: AQHP2JdHiJttvo5ln0aLM1un7KTtg5wSBe2AgABDLACAAAQOgIAAidSAgAAhI4CAAALyAIAAD5MAgAABZQCAAC7TIA==
Thread-topic: [LUG] bash vulnerability

>> 
>> Even in a C program, system() uses /bin/sh.
>> 
>> And it turns out a lot of Linux systems just link /bin/sh to /bin/bash. Game over.
>> 

>humm - yes ....bollox ... its going to be a busy weekend. 
Ah... my thoughts too.



I've got a NAS running OpenMediaVault (which is based on Debian squeeze) and whilst 
my desktop PC running Bodhi has an updated bash, the NAS doesn't.

And that's the one with an internet facing apache installation...

Poo.


Looks like I'd better start paying attention to those logs more closely...

grep '{' *.log doesn't appear to show anything (so far...) :)


> already patching my first compromised router - a Cisco Linksys ... when awol lunch 
> time yesterday after 5 years of solid service... 

Hmm.. not thought of that.

OpenWRT & pfSense seem ok...



-- 
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/listfaq

References:
- [LUG] bash vulnerability
  - From: Tom
- Re: [LUG] bash vulnerability
  - From: Matt Stevenson
- Re: [LUG] bash vulnerability
  - From: Eion MacDonald
- Re: [LUG] bash vulnerability
  - From: Roland Tarver
- Re: [LUG] bash vulnerability
  - From: Tom
- Re: [LUG] bash vulnerability
  - From: Gordon Henderson
- Re: [LUG] bash vulnerability
  - From: Jay Bennie
- Re: [LUG] bash vulnerability
  - From: Gordon Henderson
- Re: [LUG] bash vulnerability
  - From: Jay Bennie

Prev by Date: Re: [LUG] bash vulnerability
Next by Date: Re: [LUG] bash vulnerability
Previous by thread: Re: [LUG] bash vulnerability
Next by thread: Re: [LUG] bash vulnerability
Index(es):
- Date
- Thread