[plug] Bash vulnerability

BillK billk at iinet.net.au
Fri Sep 26 06:32:27 UTC 2014


Autoupdate is ok if you dont care for an occasional disaster - I do because most of the machines are heavily customised and I want to supervise - plus gentoo is not redhat or ubuntu thank goodness.

On 26 September 2014 2:12:53 pm AWST, Jason Nicholls <jason at mindsocket.com.au> wrote:
>Is there some reason people aren't doing automatic security updates?
>RHEL
>and Ubuntu already released updates and all my systems fixed
>themselves.
>I've also gone in to verify and it seems to be good.
>
>I also did some testing through the product I work on which is based on
>Tomcat. We don't use CGI and it's disabled by default but some of our
>customers turn it on. So I enabled it, wrote a trivial shell script and
>found I was able to exploit it on a vulnerable system. Now that's
>pretty
>scary!
>
>
>
>
>On Fri, Sep 26, 2014 at 1:36 PM, Chris Hoy Poy <chris at hoypoy.id.au>
>wrote:
>
>>
>>
>http://www.itnews.com.au/News/396197,first-shellshock-botnet-attacks-akamai-us-dod-networks.aspx?eid=3&edate=20140926&utm_source=20140926_PM&utm_medium=newsletter&utm_campaign=daily_newsletter
>>
>>
>> ------------------------------
>> *From: *"BillK" <billk at iinet.net.au>
>> *To: *plug at plug.org.au
>> *Sent: *Friday, 26 September, 2014 1:33:20 PM
>> *Subject: *Re: [plug] Bash vulnerability
>>
>>
>> Gentoo listed an advisory yesterday so I updated the bulk of machines
>and
>> vm's. This morniing they reissued it with another version as it
>didn't
>> properly fix the problem ... Have to do it all over again tonight :(
>>
>> Have not heard of an exploit in the wild yet ...
>>
>> On 26 September 2014 1:08:20 pm AWST, Brad Campbell
><brad at fnarfbargle.com>
>> wrote:
>>>
>>> On 25/09/14 11:00, Brad Campbell wrote:
>>>
>>>>  So I did the right thing and went and ensured all our servers were
>>>>  appropriately patched, however I individually tested each one
>first.
>>>>
>>>>  We are running various version of Debian and Ubuntu with some VM's
>>>>  dating back to Debian 5 and Ubuntu 10.04LTS all the way to current
>for
>>>>  both. None of these had a version of bash that responded at all to
>the
>>>>  test exploit being posted around. How odd.
>>>>
>>>>  My western digital mybook is vulnerable however.
>>>>
>>>
>>> Ok, so that is solved.
>>> I used this line from an article at Theregister.co.uk :
>>>
>>> env X="() { :;} ; echo busted" /bin/sh -c "echo stuff"
>>>
>>> Anyone see the obvious problem with it when used on Debian systems?
>>> That's right Freddie, Debian
>>> has /bin/bash and /bin/sh and they are
>>> different interpreters. On my systems /bin/sh points to dash.
>>>
>>> Changing that to :
>>>
>>> env X="() { :;} ; echo busted" /bin/bash -c "echo stuff"
>>>
>>> shows my remaining unpatched systems are vulnerable.
>>>
>>> I'll put the brown paper bag on now.
>>>
>>> ------------------------------
>>>
>>> PLUG discussion list: plug at plug.org.au
>>> http://lists.plug.org.au/mailman/listinfo/plug
>>> Committee e-mail: committee at plug.org.au
>>> PLUG Membership: http://www.plug.org.au/membership
>>>
>>>
>> --
>> Sent from my Android phone with K-9 Mail. Please excuse my brevity.
>> _______________________________________________
>> PLUG discussion list: plug at plug.org.au
>> http://lists.plug.org.au/mailman/listinfo/plug
>> Committee e-mail: committee at plug.org.au
>> PLUG Membership: http://www.plug.org.au/membership
>>
>>
>> _______________________________________________
>> PLUG discussion list: plug at plug.org.au
>> http://lists.plug.org.au/mailman/listinfo/plug
>> Committee e-mail: committee at plug.org.au
>> PLUG Membership: http://www.plug.org.au/membership
>>
>
>
>
>-- 
>Jason Nicholls
>jason at mindsocket.com.au
>0430 314 857
>
>
>------------------------------------------------------------------------
>
>_______________________________________________
>PLUG discussion list: plug at plug.org.au
>http://lists.plug.org.au/mailman/listinfo/plug
>Committee e-mail: committee at plug.org.au
>PLUG Membership: http://www.plug.org.au/membership

-- 
Sent from my Android phone with K-9 Mail. Please excuse my brevity.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.plug.org.au/pipermail/plug/attachments/20140926/c115027c/attachment.html>


More information about the plug mailing list