Be Excellent To Each Other

And, you know, party on. Dude.

All times are UTC [ DST ]




Reply to topic  [ 13 posts ] 
Author Message
 Post subject: Check your servers, IT folk
PostPosted: Thu Sep 25, 2014 10:47 
SupaMod
User avatar
Est. 1978

Joined: 27th Mar, 2008
Posts: 69502
Location: Your Mum
So there's a big old vulnerability in Bash, and it's been there 22 years.

If you run a server that has Bash on, fire it up and try this command:
Code:
env X="() { :;} ; echo busted" /bin/sh -c "echo stuff"

It will echo the word "stuff". If it also echos the word "busted", then you've just successfully exploited Bash, and you need to update it.

More info once I'm finished doing my servers :)

_________________
Grim... wrote:
I wish Craster had left some girls for the rest of us.


Top
 Profile  
 
 Post subject: Re: Check your servers, IT folk
PostPosted: Thu Sep 25, 2014 11:08 
8-Bit Champion
User avatar
Two heads are better than one

Joined: 16th Apr, 2008
Posts: 14483
viewtopic.php?p=835895#p835895

:-)


Top
 Profile  
 
 Post subject: Re: Check your servers, IT folk
PostPosted: Thu Sep 25, 2014 11:18 
User avatar
Legendary Boogeyman

Joined: 22nd Dec, 2010
Posts: 8175
My cpanel server patched itself overnight, and I did the ones at work this morning. I do so love a good new ancient bug revelation.

_________________
Mr Kissyfur wrote:
Pretty much everyone agrees with Gnomes, really, it's just some are too right on to admit it. :)


Top
 Profile  
 
 Post subject: Re: Check your servers, IT folk
PostPosted: Thu Sep 25, 2014 11:24 
8-Bit Champion
User avatar
Two heads are better than one

Joined: 16th Apr, 2008
Posts: 14483
ElephantBanjoGnome wrote:
My cpanel server patched itself overnight, and I did the ones at work this morning. I do so love a good new ancient bug revelation.


The news stories are on about how this will allow people to hack your system via a light bulb and other stuff - its amusing at times

(the new series of NCIS started this week and they had a virus that used the power cable of a laptop to escape a Faraday cage and then infect their whole system)


Top
 Profile  
 
 Post subject: Re: Check your servers, IT folk
PostPosted: Thu Sep 25, 2014 11:36 
SupaMod
User avatar
Est. 1978

Joined: 27th Mar, 2008
Posts: 69502
Location: Your Mum
ElephantBanjoGnome wrote:
My cpanel server patched itself overnight, and I did the ones at work this morning. I do so love a good new ancient bug revelation.

Have you checked it? There's some talk about early patches not working.

_________________
Grim... wrote:
I wish Craster had left some girls for the rest of us.


Top
 Profile  
 
 Post subject: Re: Check your servers, IT folk
PostPosted: Thu Sep 25, 2014 11:37 
SupaMod
User avatar
Commander-in-Cheese

Joined: 30th Mar, 2008
Posts: 49232
The initial patch appears to patch the exploit, not the bug. If that makes sense.

_________________
GoddessJasmine wrote:
Drunk, pulled Craster's pork, waiting for brdyime story,reading nuts. Xz


Top
 Profile  
 
 Post subject: Re: Check your servers, IT folk
PostPosted: Thu Sep 25, 2014 12:16 
User avatar
sneering elitist

Joined: 25th May, 2014
Posts: 3991
Location: Broseley
Uh ohs, one of my servers is vulnerable.

_________________
i make websites


Top
 Profile  
 
 Post subject: Re: Check your servers, IT folk
PostPosted: Thu Sep 25, 2014 12:27 
User avatar

Joined: 30th Mar, 2008
Posts: 14130
Location: Shropshire, UK
None of our servers are vulnerable. Woo to the yay.


Top
 Profile  
 
 Post subject: Re: Check your servers, IT folk
PostPosted: Thu Sep 25, 2014 12:44 
SupaMod
User avatar
"Praisebot"

Joined: 30th Mar, 2008
Posts: 17013
Location: Parts unknown
I don't have a server. I win!


Top
 Profile  
 
 Post subject: Re: Check your servers, IT folk
PostPosted: Thu Sep 25, 2014 12:47 
SupaMod
User avatar
Est. 1978

Joined: 27th Mar, 2008
Posts: 69502
Location: Your Mum
Do you have anything running OS/X?

_________________
Grim... wrote:
I wish Craster had left some girls for the rest of us.


Top
 Profile  
 
 Post subject: Re: Check your servers, IT folk
PostPosted: Thu Sep 25, 2014 13:06 
User avatar
Legendary Boogeyman

Joined: 22nd Dec, 2010
Posts: 8175
Grim... wrote:
ElephantBanjoGnome wrote:
My cpanel server patched itself overnight, and I did the ones at work this morning. I do so love a good new ancient bug revelation.

Have you checked it? There's some talk about early patches not working.

Aye I've checked and it appears fine. The news is the RHEL patch doesn't cover every possible vector so they're working on it. Another update will be coming very shortly I imagine.

_________________
Mr Kissyfur wrote:
Pretty much everyone agrees with Gnomes, really, it's just some are too right on to admit it. :)


Top
 Profile  
 
 Post subject: Re: Check your servers, IT folk
PostPosted: Thu Sep 25, 2014 14:00 
User avatar
Unpossible!

Joined: 27th Jun, 2008
Posts: 38439
What's it actually doing? My bash-fu is weak


Top
 Profile  
 
 Post subject: Re: Check your servers, IT folk
PostPosted: Thu Sep 25, 2014 14:15 
User avatar
Legendary Boogeyman

Joined: 22nd Dec, 2010
Posts: 8175
I read this earlier so I'm recalling from poor memory, but basically it allows for injection of code after a function definition which can be stated arbitrarily. Something like that.

I expect Gaywood will pop along with a breakdown shortly.

_________________
Mr Kissyfur wrote:
Pretty much everyone agrees with Gnomes, really, it's just some are too right on to admit it. :)


Top
 Profile  
 
Display posts from previous:  Sort by  
Reply to topic  [ 13 posts ] 

All times are UTC [ DST ]


Who is online

Users browsing this forum: No registered users and 0 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search within this thread:
You are using the 'Ted' forum. Bill doesn't really exist any more. Bogus!
Want to help out with the hosting / advertising costs? That's very nice of you.
Are you on a mobile phone? Try http://beex.co.uk/m/
RIP, Owen. RIP, MrC.

Powered by a very Grim... version of phpBB © 2000, 2002, 2005, 2007 phpBB Group.