It is currently Mon Apr 24, 2017 9:09 pm



Welcome
Welcome to antiX-forum.

You are currently viewing our boards as a guest, which gives you limited access to view most discussions and access our other features. By joining our free community, you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content, and access many other special features. Registration is fast, simple, and absolutely free, so please, join our community today!


Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 24 posts ]  Go to page Previous  1, 2
Author Message
 Post subject: Re: Remote Exploit Vulnerability Found In Bash
PostPosted: Thu Oct 02, 2014 2:26 pm 
Offline
User avatar

Joined: Fri Feb 20, 2009 3:44 am
Posts: 3957
Location: Pecos, Texas
male wrote:
and what is with
Code:
$ env X='() { (a)=>\' sh -c "echo date"; cat echo

male wrote:
:wink:
http://en.wikipedia.org/wiki/Shellshock ... -2014-7169


Code:
[email protected]:~
$ env X='() { (a)=>\' sh -c "echo date"; cat echo
date
cat: echo: No such file or directory


I'm cool. 8)

I'd worry more about a wireless printer getting hacked or a weak password on my wireless router. But then. There are no hackers here
in the boondocks, Or Linux repo servers.
Except for me. :twisted:

_________________
Linux Registered User # 475019
Linux at Home courses
How to Search for AntiX solutions to your problems


Top
 Profile  
 
 Post subject: Re: Remote Exploit Vulnerability Found In Bash
PostPosted: Thu Oct 02, 2014 6:53 pm 
Offline

Joined: Sat May 31, 2014 6:50 pm
Posts: 96
>dpkg --list | grep "bash"
ii bash 4.3-7 i386 GNU Bourne Again SHell
ii bash-completion 1:2.1-4 all programmable completion for the bash shell


Top
 Profile  
 
 Post subject: Re: Remote Exploit Vulnerability Found In Bash
PostPosted: Thu Oct 02, 2014 9:44 pm 
Offline

Joined: Thu Jan 21, 2010 12:36 am
Posts: 1040
Hmm you must have bash from one of the higher up repos, as stable / Wheezy should be at version 4.2. And you are at 4.3.7.... maybe try changing the repo to testing, update bash and jump back to stable... because I am sure purging and installing the stable version would cause issues, unless someone else knows how to force package installation of an older version?

_________________
Computers are like air conditioners. They work fine until you start opening Windows. ~Author Unknown


Top
 Profile  
 
 Post subject: Re: Remote Exploit Vulnerability Found In Bash
PostPosted: Thu Oct 02, 2014 11:24 pm 
Offline
User avatar

Joined: Fri Feb 20, 2009 3:44 am
Posts: 3957
Location: Pecos, Texas
More fun and games to run.

Code:
[email protected]:~
$ curl https://shellshocker.net/shellshock_test.sh | bash
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  2009  100  2009    0     0   2917      0 --:--:-- --:--:-- --:--:--  6630
CVE-2014-6271 (original shellshock): not vulnerable
bash: shellshocker: command not found
CVE-2014-6278 (Florian's patch): not vulnerable
CVE-2014-7169 (taviso bug): not vulnerable
CVE-2014-//// (exploit 3 on http://shellshocker.net/): not vulnerable
CVE-2014-7186 (redir_stack bug): not vulnerable
CVE-2014-7187 (nested loops off by one): not vulnerable

_________________
Linux Registered User # 475019
Linux at Home courses
How to Search for AntiX solutions to your problems


Top
 Profile  
 
 Post subject: Re: Remote Exploit Vulnerability Found In Bash
PostPosted: Sat Oct 04, 2014 12:59 am 
Offline

Joined: Sat May 31, 2014 6:50 pm
Posts: 96
Yep, I had originally used testing repos, lotz of dependency hell, with much effort got everything back right after switching to stable! I temporarily went back to testing & upgraded bash to latest in testing repo (4.3-9.2) and it seems to be fixed now! Thanks, Dave!


Top
 Profile  
 
 Post subject: Re: Remote Exploit Vulnerability Found In Bash
PostPosted: Sun Oct 05, 2014 3:16 pm 
Still more vulnerabilities in bash? Shellshock becomes whack-a-mole!

http://arstechnica.com/security/2014/09/still-more-vulnerabilities-in-bash-shellshock-becomes-whack-a-mole/


Top
  
 
 Post subject: Re: Remote Exploit Vulnerability Found In Bash
PostPosted: Mon Oct 06, 2014 9:54 am 
Offline
User avatar

Joined: Thu Jul 26, 2012 9:46 pm
Posts: 717
Location: Surrey/Hants Border UK
Quote:
All of this means that the Shellshock bug will likely require many older services to be simply shut off until patches are fully implemented and tested. And there are many devices in the field—embedded systems that run versions of the Linux operating system that don’t use a streamlined utility system such as BusyBox or some other shell—that will require attention as well.

So, if I was using BusyBox, or another shell, I am safe(?).

_________________
Linux (& BSD) since 1999.
(Now also ukuleles & harmonicas.)


Top
 Profile  
 
 Post subject: Re: Remote Exploit Vulnerability Found In Bash
PostPosted: Mon Oct 06, 2014 1:31 pm 
Considering that at any given moment, a spike in the power supply, say caused by a thunderstorm, could destroy your machine completely, you are probably relatively safe. Of course, bringing up probability, the probability of an event occurring was defined as number of cases favorable for the event, over the number of total outcomes possible in an equiprobable sample space.

Does that help :?: :? :twisted:


Top
  
 
 Post subject: Re: Remote Exploit Vulnerability Found In Bash
PostPosted: Tue Oct 07, 2014 9:22 am 
Offline
User avatar

Joined: Thu Jul 26, 2012 9:46 pm
Posts: 717
Location: Surrey/Hants Border UK
Yes, that makes perfect sense. :)
(As I don't run any root services, that I know of, & I don't keep the internet connected 24/7, I'm 'safe'.)

_________________
Linux (& BSD) since 1999.
(Now also ukuleles & harmonicas.)


Top
 Profile  
 
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 24 posts ]  Go to page Previous  1, 2


Who is online

Users browsing this forum: No registered users and 0 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
suspicion-preferred