It is currently Thu Mar 23, 2017 4:16 pm



Welcome
Welcome to antiX-forum.

You are currently viewing our boards as a guest, which gives you limited access to view most discussions and access our other features. By joining our free community, you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content, and access many other special features. Registration is fast, simple, and absolutely free, so please, join our community today!


Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 24 posts ]  Go to page 1, 2  Next
Author Message
 Post subject: Remote Exploit Vulnerability Found In Bash
PostPosted: Thu Sep 25, 2014 8:40 am 
Offline
User avatar

Joined: Thu Jul 17, 2014 2:39 pm
Posts: 17
http://seclists.org/oss-sec/2014/q3/650
https://lists.debian.org/debian-securit ... 00220.html

Debian and other GNU/Linux vendors plan to disclose a critical,
remotely exploitable security vulnerability in bash this week, related
to the processing of environment variables. Stephane Chazelas
discovered it, and CVE-2014-6271 has been assigned to it.

_________________
My favorite animal is steak.


Top
 Profile  
 
 Post subject: Re: Remote Exploit Vulnerability Found In Bash
PostPosted: Thu Sep 25, 2014 4:21 pm 
I just read it here.

http://tinyurl.com/k744q7m

Quote:
It's been estimated that the bug has been present for at least a decade and most likely longer.


Top
  
 
 Post subject: Re: Remote Exploit Vulnerability Found In Bash
PostPosted: Thu Sep 25, 2014 4:42 pm 
Offline
Site Admin
User avatar

Joined: Tue Sep 11, 2007 4:55 pm
Posts: 5755
Location: Greece
Thanks for the links. bash got upgraded today on my box.

_________________
Philosophers have interpreted the world in many ways; the point is to change it.


Top
 Profile  
 
 Post subject: Re: Remote Exploit Vulnerability Found In Bash
PostPosted: Thu Sep 25, 2014 5:13 pm 
Mine too now I'm in antix :D


Top
  
 
 Post subject: Re: Remote Exploit Vulnerability Found In Bash
PostPosted: Thu Sep 25, 2014 11:32 pm 
Offline

Joined: Sun May 19, 2013 10:12 pm
Posts: 70
Better be vigilant and format the drive and reinstall...... every three months.

Lately I've been getting e-mails from people I know that contain links of web pages to visit.
Then, wham, infection........ so covert

What else is going on that we don't know about?


Top
 Profile  
 
 Post subject: Re: Remote Exploit Vulnerability Found In Bash
PostPosted: Fri Sep 26, 2014 1:17 am 
Offline
User avatar

Joined: Fri Feb 20, 2009 3:44 am
Posts: 3924
Location: Pecos, Texas
Code:
~$  env X="() { :;} ; echo vulnerable" /bin/sh -c "echo safe"
safe


I'm cool. 8)

_________________
Linux Registered User # 475019
Linux at Home courses
How to Search for AntiX solutions to your problems


Top
 Profile  
 
 Post subject: Re: Remote Exploit Vulnerability Found In Bash
PostPosted: Sat Sep 27, 2014 7:27 pm 
From
Quote:
https://lists.debian.org/debian-security-announce/2014/msg00220.html

I must have bash
Quote:
For the stable distribution (wheezy), this problem has been fixed in
version 4.2+dfsg-0.1+deb7u1

I have bash version : 4.2+dfsg-0.1+deb7u3 , so is it enough for security ?


Top
  
 
 Post subject: Re: Remote Exploit Vulnerability Found In Bash
PostPosted: Sat Sep 27, 2014 8:50 pm 
Offline

Joined: Fri Nov 04, 2011 3:50 pm
Posts: 306
Location: Chemnitz
worktowork wrote:
I have bash version : 4.2+dfsg-0.1+deb7u3 , so is it enough for security ?


http://en.wikipedia.org/wiki/Shellshock_(software_bug


Top
 Profile  
 
 Post subject: Re: Remote Exploit Vulnerability Found In Bash
PostPosted: Sun Sep 28, 2014 1:17 pm 
Roky gave us the code to check our systems. Just paste into Roxterm:

Code:
~$  env X="() { :;} ; echo vulnerable" /bin/sh -c "echo safe"


and if it gives you "Safe" then you're safe.


Top
  
 
 Post subject: Re: Remote Exploit Vulnerability Found In Bash
PostPosted: Sun Sep 28, 2014 2:06 pm 
Offline
User avatar

Joined: Fri Nov 01, 2013 6:43 pm
Posts: 647
Location: Lafayette, LA, USA
Hurrah for Roky!

_________________
Phear the Penguin.
I am not CrAzY. And I have a paper from the doctors to prove it!
MSI S6000 i5-460M 4 Gb ram

A great mind is something to get terribly wasted.
LRU# 563815


Top
 Profile  
 
 Post subject: Re: Remote Exploit Vulnerability Found In Bash
PostPosted: Sun Sep 28, 2014 5:18 pm 
Offline

Joined: Fri Nov 04, 2011 3:50 pm
Posts: 306
Location: Chemnitz
and what is with
Code:
$ env X='() { (a)=>\' sh -c "echo date"; cat echo

[quote="male"][/quote] :wink:
http://en.wikipedia.org/wiki/Shellshock ... -2014-7169


Top
 Profile  
 
 Post subject: Re: Remote Exploit Vulnerability Found In Bash
PostPosted: Wed Oct 01, 2014 11:10 pm 
Offline

Joined: Sat May 31, 2014 6:50 pm
Posts: 96
It does not as yet appear fixed in stable/Wheezy for MX-13 (no bash upgrades have shown up recently & the test code above fails)


Top
 Profile  
 
 Post subject: Re: Remote Exploit Vulnerability Found In Bash
PostPosted: Wed Oct 01, 2014 11:55 pm 
Offline

Joined: Thu Jan 21, 2010 12:36 am
Posts: 1035
Did you apt-get update or reload in synaptic?
If so maybe post your sources here... inxi -r maybe?

_________________
Computers are like air conditioners. They work fine until you start opening Windows. ~Author Unknown


Top
 Profile  
 
 Post subject: Re: Remote Exploit Vulnerability Found In Bash
PostPosted: Thu Oct 02, 2014 6:06 am 
Offline

Joined: Sat May 31, 2014 6:50 pm
Posts: 96
Yes, I did refresh & here are the sources:

deb http://antix.daveserver.info/stable stable main
deb http://ftp.us.debian.org/debian wheezy non-free contrib main
deb http://security.debian.org wheezy/updates non-free contrib main
deb-src http://ftp.us.debian.org/debian wheezy non-free contrib main
deb http://ftp.us.debian.org/debian wheezy-backports non-free contrib main
deb http://www.deb-multimedia.org wheezy non-free main


Top
 Profile  
 
 Post subject: Re: Remote Exploit Vulnerability Found In Bash
PostPosted: Thu Oct 02, 2014 1:49 pm 
Offline

Joined: Thu Jan 21, 2010 12:36 am
Posts: 1035
Well the only difference between my sources and yours are the deb-src, multimedia, and back ports are enabled.
Maybe try commenting them and reloading.

Other than that all I can think of is that you are still holding an old bash session and need to start a new session. I did a reboot to make sure everything was using a new session of bash.

Perhaps you could do a bash --version or dpkg --list | grep "bash" to find which bash version you have?

_________________
Computers are like air conditioners. They work fine until you start opening Windows. ~Author Unknown


Top
 Profile  
 
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 24 posts ]  Go to page 1, 2  Next


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
suspicion-preferred