[Cialug] Shellshock Bash Remote Code Execution Vulnerability

Will staticphantom at gmail.com
Thu Sep 25 13:21:13 CDT 2014


All major distro's pushed the change. The respective package managers have
it out for Arch, Debian, Fedora, Gentoo, and Suse (and derivatives).

On Thu, Sep 25, 2014 at 2:19 PM, Hawkins <ng0g at mchsi.com> wrote:

> Gang,
>
> My Fedora 20 w/Mate was vulnerable.  yum update fixed that.
>
> Steve
>
>
> On 9/25/14, 9:34 AM, Sean Flattery wrote:
>
>> If you haven't heard yet, yesterday they announced a huge bug in bash that
>> allows attacker to remotely execute any bash commands without
>> authentication.  Any service that calls to Bash can be abused to run
>> arbitrary commands.
>>
>> You can test this locally by running the following:
>>
>> env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
>>
>> If Bash echoes out the word vulnerable, you're at risk.  For a good
>> writeup
>> see this article:
>> http://www.troyhunt.com/2014/09/everything-you-need-to-know-about.html
>>
>>
>> Thanks,
>> Sean Flattery
>> _______________________________________________
>> Cialug mailing list
>> Cialug at cialug.org
>> http://cialug.org/mailman/listinfo/cialug
>>
>>
>
> --
> Stephen Hawkins NG0G
> ng0g at mchsi.com
> 73 49 111 01001001
>
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> http://cialug.org/mailman/listinfo/cialug
>


More information about the Cialug mailing list