<div dir="ltr"><p>So annoyed at this we spent all day patching some CentOS servers to then
find out CentOS said the patch did not fix the issue and they released a second
patch, back to the start we go.</p>
<p>I wonder what routers will be affected by this.</p></div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Sep 25, 2014 at 10:49 PM, Curtis Bayne <span dir="ltr"><<a href="mailto:curtis@bayne.com.au" target="_blank">curtis@bayne.com.au</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Along with most embedded devices, thank heavens.<div><br></div><div>If there is a busybox 0day of a similar ilk to this, it's going to be very interesting times for the internet. I hope that never, ever happens.</div><span class="HOEnZb"><font color="#888888"><div><br></div><div>-C</div></font></span></div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Sep 25, 2014 at 10:46 PM, Nathan Brookfield <span dir="ltr"><<a href="mailto:Nathan.Brookfield@simtronic.com.au" target="_blank">Nathan.Brookfield@simtronic.com.au</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="auto">
<div>VyOS and Vyatta, spot on! I think some of the Ubiquiti devices run BusyBox.<br>
<br>
<div>Kindest Regards,</div>
Nathan Brookfield
<div><br>
<div>Chief Executive Officer</div>
<div><span style="font-size:13pt">Simtronic Technologies Pty Ltd</span></div>
<div><span style="font-size:13pt"><br>
</span></div>
<div>Web: <a href="http://simtronic.com.au" target="_blank">http://simtronic.com.au</a></div>
<div>Phone: <a href="tel:1300%20592%20330" value="+611300592330" target="_blank">1300 592 330</a></div>
<div>Fax: <a href="tel:%2802%29%204749%204950" value="+61247494950" target="_blank">(02) 4749 4950</a></div>
</div>
</div><div><div>
<div><br>
On 25 Sep 2014, at 22:44, Ben Cooper <<a href="mailto:ben@zeno.io" target="_blank">ben@zeno.io</a>> wrote:<br>
<br>
</div>
</div></div><div><div><div>
<div dir="ltr">isnt VYoS *nix based? Debian even?
<div><br>
</div>
<div>Also those new Ubiqiti things are Debian based as well I think.</div>
</div>
</div></div><div class="gmail_extra"><br>
<div class="gmail_quote"><div><div>On Thu, Sep 25, 2014 at 10:06 PM, George Fong <span dir="ltr">
<<a href="mailto:george@lateralplains.com" target="_blank">george@lateralplains.com</a>></span> wrote:<br>
</div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<u></u>
<div link="#0000ff"><div><div>I've so far had no problems updating CENTos servers with a simple update of bash.<br>
<br>
I'm not sure how accurate this test is but the befores and afters seem to be consistent:<br>
<br>
<a href="https://community.qualys.com/blogs/securitylabs/2014/09/24/bash-remote-code-execution-vulnerability-cve-2014-6271" target="_blank">https://community.qualys.com/blogs/securitylabs/2014/09/24/bash-remote-code-execution-vulnerability-cve-2014-6271</a><br>
<br>
Right now I am most worried about Linux based border routers and VM hosts such as Proxmox. The latter is Debian based.<br>
<br>
Cheers<br>
g.
<div>
<div><br>
<br>
<br>
On Thu, 2014-09-25 at 16:32 +1000, Pinkerton, Eric (AU Sydney) wrote:
<blockquote type="CITE">Heads up, shellshock botnet payloads are already hitting honeypots..<br>
<br>
<br>
<br>
<a href="https://gist.github.com/anonymous/929d622f3b36b00c0be1" target="_blank">https://gist.github.com/anonymous/929d622f3b36b00c0be1</a><br>
<br>
<br>
<br>
<br>
<br>
</blockquote>
<blockquote type="CITE"><b>From:</b> AusNOG [mailto:<a href="mailto:ausnog-bounces@lists.ausnog.net" target="_blank">ausnog-bounces@lists.ausnog.net</a>]
<b>On Behalf Of </b>Alex Samad - Yieldbroker<br>
<b>Sent:</b> Thursday, 25 September 2014 2:59 PM<br>
<b>To:</b> Kush, Nishchal<br>
<b>Cc:</b> <a href="mailto:ausnog@lists.ausnog.net" target="_blank">ausnog@lists.ausnog.net</a><br>
<b>Subject:</b> Re: [AusNOG] bash bug !<br>
<br>
<br>
</blockquote>
<blockquote type="CITE"> <br>
<br>
I believe the initial released patch was incomplete<br>
<br>
<a href="https://bugzilla.redhat.com/show_bug.cgi?id=1146319" target="_blank">https://bugzilla.redhat.com/show_bug.cgi?id=1146319</a><br>
<br>
<br>
<br>
<br>
<br>
A<br>
<br>
<br>
<br>
</blockquote>
<blockquote type="CITE"><b>From:</b> Kush, Nishchal [<a href="mailto:kush@kush.com.fj" target="_blank">mailto:kush@kush.com.fj</a>]
<br>
<b>Sent:</b> Thursday, 25 September 2014 3:03 PM<br>
<b>To:</b> Alex Samad - Yieldbroker<br>
<b>Cc:</b> <a href="mailto:ausnog@lists.ausnog.net" target="_blank">ausnog@lists.ausnog.net</a><br>
<b>Subject:</b> Re: [AusNOG] bash bug !<br>
<br>
<br>
</blockquote>
<blockquote type="CITE"> <br>
<br>
Hi <br>
<br>
</blockquote>
<blockquote type="CITE"> <br>
<br>
<br>
</blockquote>
<blockquote type="CITE">Most Linux distributions have released patches. Unfortunately you still need to recompile your own for Apple’s Mac OS X<br>
<br>
<br>
</blockquote>
<blockquote type="CITE"> <br>
<br>
<br>
</blockquote>
<blockquote type="CITE">Cheers<br>
<br>
<br>
</blockquote>
<blockquote type="CITE">--<br>
Kush, Nishchal<br>
<a href="mailto:kush@kush.com.fj" target="_blank">kush@kush.com.fj</a><br>
<br>
<br>
<br>
<br>
<br>
</blockquote>
<blockquote type="CITE"> <br>
<br>
</blockquote>
<blockquote type="CITE">On 25 Sep 2014, at 2:40 pm, Alex Samad - Yieldbroker <<a href="mailto:Alex.Samad@yieldbroker.com" target="_blank">Alex.Samad@yieldbroker.com</a>> wrote:<br>
<br>
<br>
</blockquote>
<blockquote type="CITE"> <br>
<br>
<a href="http://www.smh.com.au/it-pro/security-it/shell-shock-bash-bug-labelled-largest-ever-to-hit-the-internet-20140925-10ltx1.html" target="_blank">http://www.smh.com.au/it-pro/security-it/shell-shock-bash-bug-labelled-largest-ever-to-hit-the-internet-20140925-10ltx1.html</a><br>
<br>
<a href="https://www.us-cert.gov/ncas/current-activity/2014/09/24/Bourne-Again-Shell-Bash-Remote-Code-Execution-Vulnerability" target="_blank">https://www.us-cert.gov/ncas/current-activity/2014/09/24/Bourne-Again-Shell-Bash-Remote-Code-Execution-Vulnerability</a><br>
<br>
_______________________________________________<br>
AusNOG mailing list<br>
<a href="mailto:AusNOG@lists.ausnog.net" target="_blank">AusNOG@lists.ausnog.net</a><br>
<a href="http://lists.ausnog.net/mailman/listinfo/ausnog" target="_blank">http://lists.ausnog.net/mailman/listinfo/ausnog</a><br>
<br>
<br>
</blockquote>
<blockquote type="CITE"> <br>
<br>
<br>
</blockquote>
<blockquote type="CITE">Please consider the environment before printing this email. This message should be regarded as confidential. If you have received this email in error please notify the sender and destroy it immediately. Statements of intent shall only
become binding when confirmed in hard copy by an authorised signatory. The contents of this email may relate to dealings with other companies under the control of BAE Systems Applied Intelligence Limited, details of which can be found at
<a href="http://www.baesystems.com/Businesses/index.htm" target="_blank">http://www.baesystems.com/Businesses/index.htm</a>.
<pre>_______________________________________________
AusNOG mailing list
<a href="mailto:AusNOG@lists.ausnog.net" target="_blank">AusNOG@lists.ausnog.net</a>
<a href="http://lists.ausnog.net/mailman/listinfo/ausnog" target="_blank">http://lists.ausnog.net/mailman/listinfo/ausnog</a>
</pre>
</blockquote>
<br>
</div>
</div>
</div></div><span><font color="#888888"><span><font color="#888888">
</font></span><span><font color="#888888">
</font></span><span><font color="#888888">
</font></span><span><font color="#888888">
</font></span><table cellspacing="0" cellpadding="0" width="100%"><tbody><tr><td><span><font color="#888888">-- <br>
<george-2014.png></font></span><span><br>
<br>
<br>
GPG Fingerprint: 8BAF 3175 A1C8 BF5F 3631 BEF4 727C 784A 218B 4CE4 <br>
Just remember, wherever you go ........ there you are. </span></td>
</tr>
</tbody>
</table>
</font></span></div><span>
<br>
_______________________________________________<br>
AusNOG mailing list<br>
<a href="mailto:AusNOG@lists.ausnog.net" target="_blank">AusNOG@lists.ausnog.net</a><br>
<a href="http://lists.ausnog.net/mailman/listinfo/ausnog" target="_blank">http://lists.ausnog.net/mailman/listinfo/ausnog</a><br>
<br>
</span></blockquote>
</div><span>
<br>
<br clear="all">
<div><br>
</div>
-- <br>
<div dir="ltr">
<div>--</div>
<div>Ben Cooper</div>
<div>CEO</div>
<div>Zeno Holdings PTY LTD<br>
</div>
<div>P: <span style="color:rgb(51,51,51);font-family:'lucida grande',tahoma,verdana,arial,sans-serif;font-size:11px;line-height:14.079999923706055px"><a href="tel:%2B61%207%203503%208553" value="+61735038553" target="_blank">+61 7 3503 8553</a></span></div>
<div>M: <a href="tel:0410411301" value="+61410411301" target="_blank">0410411301</a></div>
<div>E: <a href="mailto:ben@zeno.io" target="_blank">ben@zeno.io</a></div>
<div>W: <u><a href="http://zeno.io" target="_blank">http://zeno.io</a></u></div>
</div>
</span></div>
</div><span>
<div><span>_______________________________________________</span><br>
<span>AusNOG mailing list</span><br>
<span><a href="mailto:AusNOG@lists.ausnog.net" target="_blank">AusNOG@lists.ausnog.net</a></span><br>
<span><a href="http://lists.ausnog.net/mailman/listinfo/ausnog" target="_blank">http://lists.ausnog.net/mailman/listinfo/ausnog</a></span><br>
</div>
</span></div>
<br>_______________________________________________<br>
AusNOG mailing list<br>
<a href="mailto:AusNOG@lists.ausnog.net" target="_blank">AusNOG@lists.ausnog.net</a><br>
<a href="http://lists.ausnog.net/mailman/listinfo/ausnog" target="_blank">http://lists.ausnog.net/mailman/listinfo/ausnog</a><br>
<br></blockquote></div><br></div>
</div></div><br>_______________________________________________<br>
AusNOG mailing list<br>
<a href="mailto:AusNOG@lists.ausnog.net">AusNOG@lists.ausnog.net</a><br>
<a href="http://lists.ausnog.net/mailman/listinfo/ausnog" target="_blank">http://lists.ausnog.net/mailman/listinfo/ausnog</a><br>
<br></blockquote></div><br></div>