[Cialug] Shellshock Bash Remote Code Execution Vulnerability

Will staticphantom at gmail.com
Thu Sep 25 12:22:06 CDT 2014 

All major OS's have had an update that was pushed out at the latest last
night according to my current local LUG group.

-Will C

On Thu, Sep 25, 2014 at 12:10 PM, David Champion <dchamp1337 at gmail.com>
wrote:

> Looks like CentOS has it patched as well.
>
> -dc
>
> On Thu, Sep 25, 2014 at 11:07 AM, Matt Stanton <matt at itwannabe.com> wrote:
>
> > I did notice that Ubuntu put out a bash (among other things) update
> within
> > the past couple of days.  I had one VPS that I hadn't updated in the past
> > week and another that I updated as soon as the update came out.  The
> > vulnerability test worked on the one that hadn't been updated, and failed
> > on the updated VPS (obviously I updated the first VPS after running that
> > test).  So it appears that Ubuntu's most recent update has theoretically
> > fixed the problem.
> >
> > -- Matt (N0BOX)
> >
> > Sent from my ASUS Transformer
> >
> > -----Original Message-----
> > From: Nicolai <nicolai-cialug at chocolatine.org>
> > To: Central Iowa Linux Users Group <cialug at cialug.org>
> > Sent: Thu, 25 Sep 2014 10:39 AM
> > Subject: Re: [Cialug] Shellshock Bash Remote Code Execution Vulnerability
> >
> > On Thu, Sep 25, 2014 at 09:34:39AM -0500, Sean Flattery wrote:
> > > If you haven't heard yet, yesterday they announced a huge bug in bash
> > that
> > > allows attacker to remotely execute any bash commands without
> > > authentication.  Any service that calls to Bash can be abused to run
> > > arbitrary commands.
> > >
> > > You can test this locally by running the following:
> > >
> > > env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
> >
> > This reminds me of a PHF bug from around ~95-96.  Pretty nasty.
> >
> > Nicolai
> > _______________________________________________
> > Cialug mailing list
> > Cialug at cialug.org
> > http://cialug.org/mailman/listinfo/cialug
> > _______________________________________________
> > Cialug mailing list
> > Cialug at cialug.org
> > http://cialug.org/mailman/listinfo/cialug
> >
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> http://cialug.org/mailman/listinfo/cialug
>

More information about the Cialug mailing list