[AusNOG] bash bug !

Thu Sep 25 22:47:56 EST 2014

>From my understanding, Debian derivatives should be using Almquist, not
Bash (if an apt-get dist-upgrade has been run in recent memory) and thus
should not be vulnerable.

On Thu, Sep 25, 2014 at 10:43 PM, Ben Cooper <ben at zeno.io> wrote:

> isnt VYoS *nix based? Debian even?
>
> Also those new Ubiqiti things are Debian based as well I think.
>
> On Thu, Sep 25, 2014 at 10:06 PM, George Fong <george at lateralplains.com>
> wrote:
>
>>  I've so far had no problems updating CENTos servers with a simple
>> update of bash.
>>
>> I'm not sure how accurate this test is but the befores and afters seem to
>> be consistent:
>>
>>
>> https://community.qualys.com/blogs/securitylabs/2014/09/24/bash-remote-code-execution-vulnerability-cve-2014-6271
>>
>> Right now I am most worried about Linux based border routers and VM hosts
>> such as Proxmox. The latter is Debian based.
>>
>> Cheers
>> g.
>>
>>
>>
>> On Thu, 2014-09-25 at 16:32 +1000, Pinkerton, Eric (AU Sydney) wrote:
>>
>> Heads up, shellshock botnet payloads are already hitting honeypots..
>>
>>
>>
>> https://gist.github.com/anonymous/929d622f3b36b00c0be1
>>
>>
>>
>>
>>
>>  *From:* AusNOG [mailto:ausnog-bounces at lists.ausnog.net] *On Behalf Of *Alex
>> Samad - Yieldbroker
>> *Sent:* Thursday, 25 September 2014 2:59 PM
>> *To:* Kush, Nishchal
>> *Cc:* ausnog at lists.ausnog.net
>> *Subject:* Re: [AusNOG] bash bug !
>>
>>
>>
>>
>> I believe the initial released patch was incomplete
>>
>> https://bugzilla.redhat.com/show_bug.cgi?id=1146319
>>
>>
>>
>>
>>
>> A
>>
>>
>>
>>  *From:* Kush, Nishchal [mailto:kush at kush.com.fj <kush at kush.com.fj>]
>> *Sent:* Thursday, 25 September 2014 3:03 PM
>> *To:* Alex Samad - Yieldbroker
>> *Cc:* ausnog at lists.ausnog.net
>> *Subject:* Re: [AusNOG] bash bug !
>>
>>
>>
>>
>> Hi
>>
>>
>>
>>
>>  Most Linux distributions have released patches. Unfortunately you still
>> need to recompile your own for Apple’s Mac OS X
>>
>>
>>
>>
>>
>>  Cheers
>>
>>
>>  --
>> Kush, Nishchal
>> kush at kush.com.fj
>>
>>
>>
>>
>>
>>
>>
>>  On 25 Sep 2014, at 2:40 pm, Alex Samad - Yieldbroker <
>> Alex.Samad at yieldbroker.com> wrote:
>>
>>
>>
>>
>>
>> http://www.smh.com.au/it-pro/security-it/shell-shock-bash-bug-labelled-largest-ever-to-hit-the-internet-20140925-10ltx1.html
>>
>>
>> https://www.us-cert.gov/ncas/current-activity/2014/09/24/Bourne-Again-Shell-Bash-Remote-Code-Execution-Vulnerability
>>
>> _______________________________________________
>> AusNOG mailing list
>> AusNOG at lists.ausnog.net
>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>
>>
>>
>>
>>
>>  Please consider the environment before printing this email. This
>> message should be regarded as confidential. If you have received this email
>> in error please notify the sender and destroy it immediately. Statements of
>> intent shall only become binding when confirmed in hard copy by an
>> authorised signatory. The contents of this email may relate to dealings
>> with other companies under the control of BAE Systems Applied Intelligence
>> Limited, details of which can be found at
>> http://www.baesystems.com/Businesses/index.htm.
>>
>> _______________________________________________
>> AusNOG mailing listAusNOG at lists.ausnog.nethttp://lists.ausnog.net/mailman/listinfo/ausnog
>>
>>
>>   --
>>
>>
>>
>> GPG Fingerprint: 8BAF 3175 A1C8 BF5F 3631 BEF4 727C 784A 218B 4CE4
>> Just remember, wherever you go ........ there you are.
>>
>> _______________________________________________
>> AusNOG mailing list
>> AusNOG at lists.ausnog.net
>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>
>>
>
>
> --
> --
> Ben Cooper
> CEO
> Zeno Holdings PTY LTD
> P: +61 7 3503 8553
> M: 0410411301
> E: ben at zeno.io
> W: *http://zeno.io <http://zeno.io>*
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20140925/23567f6c/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: george-2014.png
Type: image/png
Size: 20375 bytes
Desc: not available
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20140925/23567f6c/attachment-0001.png>