[Rustington] Linux BASH Security Warning !

Paul Willis phwillis at gmail.com
Thu Oct 2 19:11:59 UTC 2014


I had a similar warning from Draytel who provide most of my voip
service. Apart from saying what they had done for their machines, they
included this:
------------------------------------------------------
What you should do:

Become familiar with the issue. This blog post provides an excellent
breakdown of the vulnerability.
Scan your own infrastructure for the below vulnerability by executing
the guidance suggested by The Register in your default shell. If you
see the word “exposed” you are at risk.
env X="() { :;} ; echo exposed" /bin/sh -c "echo stuff"
---------------------------------------------------

I ran that command and got the response: stuff
so I reckon I'm OK :)

The blog referred was:
http://www.troyhunt.com/2014/09/everything-you-need-to-know-about.html?m=1

You can find The Register for yourselves

Paul

On 2 October 2014 12:40, Stuart McFadyen
<stuart.624mcfadyen at btinternet.com> wrote:
> I receive a Technical Newsletter from the USA each week and the following
> LINKS will give you details of a possible Linux threat involving BASH
> Command Line Editor.
>
> http://windowssecrets.com/top-story/what-shellshock-means-to-you-and-me/
>
> http://bobcares.com/blog/how-to-fix-bash-vulnerability-in-centos-redhat-fedora-cloudlinux-ubuntu-debian-or-opensuse-linux-servers-resolving-cve-2014-6217-bash-shell-shock-vulnerability/
>
> Problem possibly more related to Servers than Desktop Users, but interesting
> all the same ?
>
> Stuart.
>
>
>
>
> _______________________________________________
> %(Rustington LUG)s mailing list
> %(Rustington LUG)s@%(http://www.rustington.lug.org.uk)s
> %(https://mailman.lug.org.uk/mailman/listinfo/rustington)slistinfo/rustington
>



More information about the Rustington mailing list