| Be Excellent To Each Other https://www.beexcellenttoeachother.com/forum/ |
|
| Check your servers, IT folk https://www.beexcellenttoeachother.com/forum/viewtopic.php?f=3&t=10201 |
Page 1 of 1 |
| Author: | Grim... [ Thu Sep 25, 2014 10:47 ] |
| Post subject: | Check your servers, IT folk |
So there's a big old vulnerability in Bash, and it's been there 22 years. If you run a server that has Bash on, fire it up and try this command: Code: env X="() { :;} ; echo busted" /bin/sh -c "echo stuff" It will echo the word "stuff". If it also echos the word "busted", then you've just successfully exploited Bash, and you need to update it. More info once I'm finished doing my servers 
|
|
| Author: | zaphod79 [ Thu Sep 25, 2014 11:08 ] |
| Post subject: | Re: Check your servers, IT folk |
viewtopic.php?p=835895#p835895 :-) |
|
| Author: | ElephantBanjoGnome [ Thu Sep 25, 2014 11:18 ] |
| Post subject: | Re: Check your servers, IT folk |
My cpanel server patched itself overnight, and I did the ones at work this morning. I do so love a good new ancient bug revelation. |
|
| Author: | zaphod79 [ Thu Sep 25, 2014 11:24 ] |
| Post subject: | Re: Check your servers, IT folk |
ElephantBanjoGnome wrote: My cpanel server patched itself overnight, and I did the ones at work this morning. I do so love a good new ancient bug revelation. The news stories are on about how this will allow people to hack your system via a light bulb and other stuff - its amusing at times (the new series of NCIS started this week and they had a virus that used the power cable of a laptop to escape a Faraday cage and then infect their whole system) |
|
| Author: | Grim... [ Thu Sep 25, 2014 11:36 ] |
| Post subject: | Re: Check your servers, IT folk |
ElephantBanjoGnome wrote: My cpanel server patched itself overnight, and I did the ones at work this morning. I do so love a good new ancient bug revelation. Have you checked it? There's some talk about early patches not working. |
|
| Author: | Cras [ Thu Sep 25, 2014 11:37 ] |
| Post subject: | Re: Check your servers, IT folk |
The initial patch appears to patch the exploit, not the bug. If that makes sense. |
|
| Author: | Jem [ Thu Sep 25, 2014 12:16 ] |
| Post subject: | Re: Check your servers, IT folk |
Uh ohs, one of my servers is vulnerable. |
|
| Author: | GazChap [ Thu Sep 25, 2014 12:27 ] |
| Post subject: | Re: Check your servers, IT folk |
None of our servers are vulnerable. Woo to the yay. |
|
| Author: | TheVision [ Thu Sep 25, 2014 12:44 ] |
| Post subject: | Re: Check your servers, IT folk |
I don't have a server. I win! |
|
| Author: | Grim... [ Thu Sep 25, 2014 12:47 ] |
| Post subject: | Re: Check your servers, IT folk |
Do you have anything running OS/X? |
|
| Author: | ElephantBanjoGnome [ Thu Sep 25, 2014 13:06 ] |
| Post subject: | Re: Check your servers, IT folk |
Grim... wrote: ElephantBanjoGnome wrote: My cpanel server patched itself overnight, and I did the ones at work this morning. I do so love a good new ancient bug revelation. Have you checked it? There's some talk about early patches not working. Aye I've checked and it appears fine. The news is the RHEL patch doesn't cover every possible vector so they're working on it. Another update will be coming very shortly I imagine. |
|
| Author: | DavPaz [ Thu Sep 25, 2014 14:00 ] |
| Post subject: | Re: Check your servers, IT folk |
What's it actually doing? My bash-fu is weak |
|
| Author: | ElephantBanjoGnome [ Thu Sep 25, 2014 14:15 ] |
| Post subject: | Re: Check your servers, IT folk |
I read this earlier so I'm recalling from poor memory, but basically it allows for injection of code after a function definition which can be stated arbitrarily. Something like that. I expect Gaywood will pop along with a breakdown shortly. |
|
| Page 1 of 1 | All times are UTC [ DST ] |
| Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group http://www.phpbb.com/ |
|