|
|
| Author |
Message |
| UnknownStuntm... |
This post is not being displayed .
|
UnknownStuntm...
World Chat Champion
Joined: 13 Sep 2007
Karma :  
|
 Posted: 16:23 - 25 Sep 2014  Post subject: BASH vulnerability |
 |
|
Oh cock.
https://www.theregister.co.uk/2014/09/24/bash_shell_vuln/
This means I have to actually work for a while. Worst bit is all the smug Windows users I've been telling 'Unix is inherrently more secure....' blah blah shootmyselfintheface blah... |
|
| Back to top |
  |
You must be logged in to rate posts |
|
 |
| Rogerborg |
This post is not being displayed .
|
Rogerborg
nimbA
Joined: 26 Oct 2010
Karma : 
|
| Posted: 19:22 - 25 Sep 2014 Post subject: |
|
|
Mmm, fun times today explaining the concept that your primary application vendor isn't your OS support monkey.
Going to be a powerful lot of systems that never get patched.
Oh noes, my Rasperry Pi!  
____________________
Biking is 1/20th as dangerous as horse riding.
GONE: HN125-8, LF-250B, GPz 305, GPZ 500S, Burgman 400 // RIDING: F650GS (800 twin), Royal Enfield Bullet Electra 500 AVL, Ninja 250R because racebike |
|
| Back to top |
| |
You must be logged in to rate posts |
|
|
| CaNsA |
This post is not being displayed .
|
CaNsA
Super Spammer
Joined: 02 Jan 2008
Karma : 
|
|
| Back to top |
| |
You must be logged in to rate posts |
|
|
| Pigeon |
This post is not being displayed .
|
Pigeon
World Chat Champion
Joined: 27 Sep 2012
Karma :
|
Posted: 20:21 - 25 Sep 2014  Post subject: |
|
|
"You can check if you're vulnerable by running the following lines in your default shell, which on many systems will be Bash. If you see the words "busted", then you're at risk. If not, then either your Bash is fixed or your shell is using another interpreter."
| Code: |
pigeon@theroost:~$ env X="() { :;} ; echo busted" /bin/sh -c "echo completed"
completed
pigeon@theroost:~$ env X="() { :;} ; echo busted" `which bash` -c "echo completed"
/bin/bash: warning: X: ignoring function definition attempt
/bin/bash: error importing function definition for `X'
completed
pigeon@theroost:~$
|
"Ubuntu and other Debian-derived systems that use Dash exclusively are not at risk" |
|
| Back to top |
| |
You must be logged in to rate posts |
|
|
| Rogerborg |
This post is not being displayed .
|
Rogerborg
nimbA
Joined: 26 Oct 2010
Karma :
|
| Posted: 21:01 - 25 Sep 2014 Post subject: |
|
|
I'm iron like a lion in Zion now too. 
No haxxorzing my minecraft server. 
____________________
Biking is 1/20th as dangerous as horse riding.
GONE: HN125-8, LF-250B, GPz 305, GPZ 500S, Burgman 400 // RIDING: F650GS (800 twin), Royal Enfield Bullet Electra 500 AVL, Ninja 250R because racebike |
|
| Back to top |
| |
You must be logged in to rate posts |
|
|
| CaNsA |
This post is not being displayed .
|
CaNsA
Super Spammer
Joined: 02 Jan 2008
Karma :
|
| Posted: 21:23 - 25 Sep 2014 Post subject: |
|
|
NobKitten, NobCat and the pi are all well secure n shit 
Cheers pigeon |
|
| Back to top |
| |
You must be logged in to rate posts |
|
 |
Old Thread Alert!
The last post was made 11 years, 161 days ago. Instead of replying here, would creating a new thread be more useful? |
 |
|
|
Help & FAQs
Search BCF
Members
Groups
Events Calendar
rating
rating