[GLLUG] Bash Bug
James Roberts
j.roberts at stabilys.com
Thu Sep 25 15:25:48 UTC 2014
On 25/09/14 10:14, Sunny Aujla wrote:
> Thought I'd share this with everyone.
>
> https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/
I've just about finished checking all our systems and so far it's a Red
Hat/CentOS only issue and there's a (possibly transitional but at least
working for now) patch.
BusyBox does not seem to be vulnerable so far.
So I guess there's going to be a whole slew of elderly intermediate
network equipment (Home/SMB/SME) that has Bash variants implementing CGI
and no updates that may be a biggish problem, rather than the higher stuff.
http://blog.erratasec.com/2014/09/bash-shellshock-scan-of-internet.html#.VCQxKh9jNDF
MeJ
--
Stabilys Ltd www.stabilys.com
244 Kilburn Lane
LONDON
W10 4BA
0845 838 5370
More information about the GLLUG
mailing list