[AusNOG] bash bug !

Paul Gear ausnog at libertysys.com.au
Fri Sep 26 07:37:29 EST 2014


I haven't seen any reputable press yet that suggests that busybox is
vulnerable - have I missed something?

Paul

On 26/09/14 02:59, James Hodgkinson wrote:
> Here's another good one - how many of us are running cygwin/busybox
> environments on the PC's we use to maintain the fleet? MobaXterm is
> vulnerable, and the latest version of the Git tools (installed last
> night) is...
>
> James
>
> On 26 September 2014 01:43, James Andrewartha <trs80 at ucc.gu.uwa.edu.au
> <mailto:trs80 at ucc.gu.uwa.edu.au>> wrote:
>
>     On Thu, 25 Sep 2014, Nathan Gardiner wrote:
>
>     > What's the particular concern with Debian based devices? Debian
>     pushed bash 4.2+dfsg-0.1+deb7u1 for wheezy 14 hours ago and any
>     > device which uses the Debian repositories would pick it up with
>     a dist-upgrade/specific package upgrade. Proxmox VE 3.1 hosts
>     > not only have the Debian repository but also have inbuilt
>     package update functionality in the GUI which makes it quite easy to
>     > update.
>
>     Debian bash is still vulnerable, try this:
>
>     dpkg -l bash | grep ^ii; rm -f echo; env X='() { (a)=>\' bash -c
>     "echo date"; cat echo
>
>     https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=762760
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20140926/8013ad9a/attachment-0001.html>


More information about the AusNOG mailing list