[AusNOG] bash bug !

Curtis Bayne curtis at bayne.com.au
Thu Sep 25 22:49:49 EST 2014 

Along with most embedded devices, thank heavens.

If there is a busybox 0day of a similar ilk to this, it's going to be very
interesting times for the internet. I hope that never, ever happens.

-C

On Thu, Sep 25, 2014 at 10:46 PM, Nathan Brookfield <
Nathan.Brookfield at simtronic.com.au> wrote:

>  VyOS and Vyatta, spot on! I think some of the Ubiquiti devices run
> BusyBox.
>
> Kindest Regards,
> Nathan Brookfield
>
> Chief Executive Officer
> Simtronic Technologies Pty Ltd
>
>  Web: http://simtronic.com.au
> Phone: 1300 592 330
> Fax: (02) 4749 4950
>
> On 25 Sep 2014, at 22:44, Ben Cooper <ben at zeno.io> wrote:
>
>  isnt VYoS *nix based? Debian even?
>
>  Also those new Ubiqiti things are Debian based as well I think.
>
> On Thu, Sep 25, 2014 at 10:06 PM, George Fong <george at lateralplains.com>
> wrote:
>
>>  I've so far had no problems updating CENTos servers with a simple
>> update of bash.
>>
>> I'm not sure how accurate this test is but the befores and afters seem to
>> be consistent:
>>
>>
>> https://community.qualys.com/blogs/securitylabs/2014/09/24/bash-remote-code-execution-vulnerability-cve-2014-6271
>>
>> Right now I am most worried about Linux based border routers and VM hosts
>> such as Proxmox. The latter is Debian based.
>>
>> Cheers
>> g.
>>
>>
>>
>> On Thu, 2014-09-25 at 16:32 +1000, Pinkerton, Eric (AU Sydney) wrote:
>>
>> Heads up, shellshock botnet payloads are already hitting honeypots..
>>
>>
>>
>> https://gist.github.com/anonymous/929d622f3b36b00c0be1
>>
>>
>>
>>
>>
>>  *From:* AusNOG [mailto:ausnog-bounces at lists.ausnog.net] *On Behalf Of *Alex
>> Samad - Yieldbroker
>> *Sent:* Thursday, 25 September 2014 2:59 PM
>> *To:* Kush, Nishchal
>> *Cc:* ausnog at lists.ausnog.net
>> *Subject:* Re: [AusNOG] bash bug !
>>
>>
>>
>>
>> I believe the initial released patch was incomplete
>>
>> https://bugzilla.redhat.com/show_bug.cgi?id=1146319
>>
>>
>>
>>
>>
>> A
>>
>>
>>
>>  *From:* Kush, Nishchal [mailto:kush at kush.com.fj <kush at kush.com.fj>]
>> *Sent:* Thursday, 25 September 2014 3:03 PM
>> *To:* Alex Samad - Yieldbroker
>> *Cc:* ausnog at lists.ausnog.net
>> *Subject:* Re: [AusNOG] bash bug !
>>
>>
>>
>>
>> Hi
>>
>>
>>
>>
>>  Most Linux distributions have released patches. Unfortunately you still
>> need to recompile your own for Apple’s Mac OS X
>>
>>
>>
>>
>>
>>  Cheers
>>
>>
>>  --
>> Kush, Nishchal
>> kush at kush.com.fj
>>
>>
>>
>>
>>
>>
>>
>>  On 25 Sep 2014, at 2:40 pm, Alex Samad - Yieldbroker <
>> Alex.Samad at yieldbroker.com> wrote:
>>
>>
>>
>>
>>
>> http://www.smh.com.au/it-pro/security-it/shell-shock-bash-bug-labelled-largest-ever-to-hit-the-internet-20140925-10ltx1.html
>>
>>
>> https://www.us-cert.gov/ncas/current-activity/2014/09/24/Bourne-Again-Shell-Bash-Remote-Code-Execution-Vulnerability
>>
>> _______________________________________________
>> AusNOG mailing list
>> AusNOG at lists.ausnog.net
>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>
>>
>>
>>
>>
>>  Please consider the environment before printing this email. This
>> message should be regarded as confidential. If you have received this email
>> in error please notify the sender and destroy it immediately. Statements of
>> intent shall only become binding when confirmed in hard copy by an
>> authorised signatory. The contents of this email may relate to dealings
>> with other companies under the control of BAE Systems Applied Intelligence
>> Limited, details of which can be found at
>> http://www.baesystems.com/Businesses/index.htm.
>>
>> _______________________________________________
>> AusNOG mailing listAusNOG at lists.ausnog.nethttp://lists.ausnog.net/mailman/listinfo/ausnog
>>
>>
>>    --
>> <george-2014.png>
>>
>>
>> GPG Fingerprint: 8BAF 3175 A1C8 BF5F 3631 BEF4 727C 784A 218B 4CE4
>> Just remember, wherever you go ........ there you are.
>>
>> _______________________________________________
>> AusNOG mailing list
>> AusNOG at lists.ausnog.net
>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>
>>
>
>
>  --
>  --
> Ben Cooper
> CEO
> Zeno Holdings PTY LTD
>  P: +61 7 3503 8553
> M: 0410411301
> E: ben at zeno.io
> W: *http://zeno.io <http://zeno.io>*
>   _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20140925/776b8650/attachment.html>

More information about the AusNOG mailing list