[plug] Bash vulnerability

Chris Hoy Poy chris at hoypoy.id.au
Fri Sep 26 05:36:42 UTC 2014


http://www.itnews.com.au/News/396197,first-shellshock-botnet-attacks-akamai-us-dod-networks.aspx?eid=3&edate=20140926&utm_source=20140926_PM&utm_medium=newsletter&utm_campaign=daily_newsletter 


----- Original Message -----

From: "BillK" <billk at iinet.net.au> 
To: plug at plug.org.au 
Sent: Friday, 26 September, 2014 1:33:20 PM 
Subject: Re: [plug] Bash vulnerability 

Gentoo listed an advisory yesterday so I updated the bulk of machines and vm's. This morniing they reissued it with another version as it didn't properly fix the problem ... Have to do it all over again tonight :( 

Have not heard of an exploit in the wild yet ... 

On 26 September 2014 1:08:20 pm AWST, Brad Campbell <brad at fnarfbargle.com> wrote: 


On 25/09/14 11:00, Brad Campbell wrote: 

<blockquote>
So I did the right thing and went and ensured all our servers were 
appropriately patched, however I individually tested each one first. 

We are running various version of Debian and Ubuntu with some VM's 
dating back to Debian 5 and Ubuntu 10.04LTS all the way to current for 
both. None of these had a version of bash that responded at all to the 
test exploit being posted around. How odd. 

My western digital mybook is vulnerable however. 



Ok, so that is solved. 
I used this line from an article at Theregister.co.uk : 

env X="() { :;} ; echo busted" /bin/sh -c "echo stuff" 

Anyone see the obvious problem with it when used on Debian systems? 
That's right Freddie, Debian
has /bin/bash and /bin/sh and they are 
different interpreters. On my systems /bin/sh points to dash. 

Changing that to : 

env X="() { :;} ; echo busted" /bin/bash -c "echo stuff" 

shows my remaining unpatched systems are vulnerable. 

I'll put the brown paper bag on now. 



PLUG discussion list: plug at plug.org.au 
http://lists.plug.org.au/mailman/listinfo/plug 
Committee e-mail: committee at plug.org.au 
PLUG Membership: http://www.plug.org.au/membership 

</blockquote>


-- 
Sent from my Android phone with K-9 Mail. Please excuse my brevity. 
_______________________________________________ 
PLUG discussion list: plug at plug.org.au 
http://lists.plug.org.au/mailman/listinfo/plug 
Committee e-mail: committee at plug.org.au 
PLUG Membership: http://www.plug.org.au/membership 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.plug.org.au/pipermail/plug/attachments/20140926/1a8c4b99/attachment.html>


More information about the plug mailing list