[Nottingham] Shellshock
Jason Irwin
jasonirwin73 at gmail.com
Sun Sep 28 19:55:25 UTC 2014
DASH is immune to this, yes. But as other dependencies /could/ bring BASH
in....always good to check.
J.
On 28 September 2014 18:13, Bob Marshall <kingsknight3 at gmx.com> wrote:
> Hello. I ran the following in a terminal window: *ls -l /bin/sh* and the
> reported shell was *DASH*, rather than *BASH*. I understand *DASH* has
> been used in DebIan/Ubuntu for quite a long time, and I can find no mention
> of vulnerability to Shellshock anywhere on the forums.
>
> Does anyone know if this is right or not?
>
> hedgehog
>
> *Sent:* Sunday, September 28, 2014 at 2:25 PM
> *From:* "Going It Alone" <reggaemaker at gmail.com>
> *To:* "Notts GNU/Linux Users Group" <nottingham at mailman.lug.org.uk>
> *Subject:* Re: [Nottingham] Shellshock
> Thanks.
>
> Here's a simple test to see if you are vulnerable.
>
>
> env 'x=() { :;}; echo vulnerable' 'BASH_FUNC_x()=() { :;}; echo vulnerable' bash -c "echo test"
>
> Source:
> http://www.linuxquestions.org/questions/mageia-97/bash-shellshock-cve-2014-6271-cve-2014-7169-protecting-yourself-from-shellshock-4175520323/
>
> On 28 September 2014 14:19, Jason Irwin <jasonirwin73 at gmail.com> wrote:
>
>> On 27/09/14 00:50, Going It Alone wrote:
>> > What implications does this have on routers?
>> Prolly not much, unless they have bash (or proxy to something that has
>> bash).
>>
>> A nice (simple!) explanation of the problem can be found here:
>> http://unix.stackexchange.com/a/157331
>>
>> --
>> ╔═════════════╦══════════════════════════════════════════╗
>> ║ Jason Irwin ║ OpenPGP (GPG/PGP) Public Key: 0xD0C592B1 ║
>> ║ ║ Import from hkp://pgp.mit.edu ║
>> ╚═════════════╩══════════════════════════════════════════╝
>>
>> _______________________________________________
>> Nottingham mailing list
>> Nottingham at mailman.lug.org.uk
>> https://mailman.lug.org.uk/mailman/listinfo/nottingham
>
>
>
>
> --
> Listen my stuff on:
>
> SoundCloud <https://soundcloud.com/going-it-alone-aka-g-i-a>
>
> Vimeo <http://vimeo.com/goingitalone>
> _______________________________________________ Nottingham mailing list
> Nottingham at mailman.lug.org.uk
> https://mailman.lug.org.uk/mailman/listinfo/nottingham
>
> _______________________________________________
> Nottingham mailing list
> Nottingham at mailman.lug.org.uk
> https://mailman.lug.org.uk/mailman/listinfo/nottingham
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.lug.org.uk/pipermail/nottingham/attachments/20140928/3476c136/attachment-0001.html>
More information about the Nottingham
mailing list