- posted
9 years ago
Make sure you update linux and ios!
- Vote on answer
- posted
9 years ago
Subject: Re: Make sure you update linux and ios!
I think you mean MacOS.
Unless your computer provides some service available across the internet, such as a web server, there is no urgency.
Also, don't connect to any unknown wi-fi access points, but you weren't going to do that anyway.
-- Richard
- Vote on answer
- posted
9 years ago
and here's the test:
env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
If that prints "vulnerable" your bash is buggy.
But the first question is: do hackers have a method to exploit on your systems?
- Vote on answer
- posted
9 years ago
In message , Tim Watts writes
No, my first question is: If I have a Linux based router, does bash exist in it, and could someone use this to get inside it? Second question is where do I look for a patch if I need one? Nothing appeared in Mint today when I ran System Update.
I only do "stupid person" questions.
- Vote on answer
- posted
9 years ago
Usually such routers use busybox instead of bash, I doubt that busybox provides bug-for-bug compatibility in cases like this (not that I've checked).
Oh, you mean a self installed distro installed as a router, rather than a flash based openWRT type? almost certain you will have bash, but something needs remotely exploitable way to set a "hooky" environment variable before spawning out to something innocent ... still waiting for centOS to release fixes :-(
- Vote on answer
- posted
9 years ago
Yes. They're already trying. I've seen lots of intersting 'tests' so-far. e.g. trying to run the eject command - I'm sure some syadmins are going to find racks of servers with CD/DVD's wide open soon...
Gordon
- Vote on answer
- posted
9 years ago
En el artículo , Andy Burns escribió:
Patched all our CentOS systems today, from v5.10 to v6.5
hint: 'yum -q update bash'
- Vote on answer
- posted
9 years ago
Result of the above code is:- bash: warning: x: ignoring function definition attempt bash: error importing function definition for `x' this is a test
My openSUSE systems were patched yesterday, the 24th.
- Vote on answer
- posted
9 years ago
grannies and eggs ;-)
installed version is 3.2-25 latest available update is 3.2-32 fixed version is 3.2-33
- Vote on answer
- posted
9 years ago
I have 100 odd webservers - I have disabled mod_cgi* for tonight.
Nagios is not over screamy (odd service down). We don't have much CGI, mod_php is supposed to not be trivially vulnerable. Most of the systems we have are either tomcat or django, but the latter uses mod_wsgi and I am a little worried about that - need to construct some tests.
I'm not one for be over panicky but if something can be done quickly and easily to mitigate, I will.
I think in reality it's going to need a peculiar combinations of factors and attacks to yield fruit. If you think about it, the "worst" they can do on the surface is run a shell as the web user on your system. The question then is: "how much does that matter?"
In a world of reasonably written web apps that are installed correctly (ie not self-writable script directories) that do not have sensitive data, that might get a DOS at worst or leak some boring stuff.
However, a long long time ago, we had one somewhere I used to work at exactly the same time the ptrace bug came out - that web server got rooted. Very unlucky... So really bad things are not totally impossible.
- Vote on answer
- posted
9 years ago
Debian 7 is fine today too.
Bit annoyed that I have to go to the LTS repos for debian 6...
- Vote on answer
- posted
9 years ago
No, sorry to be unclear. I meant is a standalone router vulnerable, and separately is Mint vulnerabl?.
For the record, I ran the gui check for updates procedure yesterday and updated. I have just run the test code as referred to here and it prints vulnerable This is a test.
I am a complete idiot running Mint, CentOS and Ubuntu on various machines here. There will be others as dumb as me. I assume I have to work out how to patch Mint independently of the normal update procedure.
- Vote on answer
- posted
9 years ago
Embedded type router not likely to run bash, so unlikely
Mint - is the machine reachable from the net? (any ports 80,25,22 etc forwarded to it from your router?)
- Vote on answer
- posted
9 years ago
y
Does centos have sensible filesystem support now? Trying to use usbs on it with the usual FSes (nt, fat32, ext3, ext4) was a mare.
NT
- Vote on answer
- posted
9 years ago
Must be a lot of lagged mirrors out there, I'd done "yum clean all" about half a dozen times to let it try others, no joy, in the end went straight to mirrorservice.org to get the rpm .-)
- Vote on answer
- posted
9 years ago
Oops. Debian: 'We recommend that you upgrade your bash packages.' Yes, but how on debian based avlinux? Synaptic package manager doesn't show anything of interest, and avlinux info seems pretty much nonexistent. How to determine the version of debian on this?
NT
- Vote on answer
- posted
9 years ago
grepping the last few days access_log for "()" and ":;" only turned up three hits ... one looks whitehat probed us twice, its user agent refers to
another one is a bit less open about what it's doing and who's behind it, but still only seems to be trying to build a list of pings from vulnerable servers, rather than actually exploiting anything.
I don't know if our servers did ping them back or not, but they're patched now, technique seems to be bung the () { :; } function into various HTTP headers hoping they'll end up in environment variables and then some CGI etc spawns a shell ...
- Vote on answer
- posted
9 years ago
In message , Andy Burns writes
Dunno, but one of the IP cameras I'm working with is using port 80 for access.
To make the point again, I am not an expert. I am struggling to remember command line type things, so I rely on the gui implementations. The camera must be running a server of some sort internally. Might it be running Linux? Might I have accessible ports from the router on the machine or some piece of hardware on the system? What about people controlling home automation system from their iPhone - would any of these use specific ports and be running Linux?
I see someone here has queried AVLInux. I'm running that extensively here, too, although not for the last weeks.
- Vote on answer
- posted
9 years ago
If you make sure your apache and tomcat run in a nicely "jailed" environment, then you limit the damage that can be done quite a bit.
- Vote on answer
- posted
9 years ago
quite likely, but again, if it has any shell it's likely to be busybox, rather than bash - so not vulnerable
embedded systems (routers, thermostats, weather stations etc unlikelt to have bash on them)