<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">VyOS & Vyatta core don't expose any
web services that could use bash by default, so exposure should be
zero, unless you do something silly like allowing ssh access to
the world by default (in which case ssh bots are already a risk),
or adding shell scripts into snmpd.conf and exposing that to the
world.<br>
<br>
Paul<br>
<br>
On 25/09/14 22:46, Nathan Brookfield wrote:<br>
</div>
<blockquote
cite="mid:966B6E04-A50A-4F0B-8877-F834AA390D28@simtronic.com.au"
type="cite">
<meta http-equiv="Context-Type" content="text/html;
charset=Windows-1252">
<div>VyOS and Vyatta, spot on! I think some of the Ubiquiti
devices run BusyBox.<br>
...</div>
<div><br>
On 25 Sep 2014, at 22:44, Ben Cooper <<a
moz-do-not-send="true" href="mailto:ben@zeno.io">ben@zeno.io</a>>
wrote:<br>
<br>
</div>
<div>
<div dir="ltr">isnt VYoS *nix based? Debian even?
<div><br>
</div>
<div>Also those new Ubiqiti things are Debian based as well I
think.</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Thu, Sep 25, 2014 at 10:06 PM,
George Fong <span dir="ltr">
<<a moz-do-not-send="true"
href="mailto:george@lateralplains.com" target="_blank">george@lateralplains.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote">
<div>I've so far had no problems updating CENTos servers
with a simple update of bash.<br>
<br>
I'm not sure how accurate this test is but the befores
and afters seem to be consistent:<br>
<br>
<a moz-do-not-send="true"
href="https://community.qualys.com/blogs/securitylabs/2014/09/24/bash-remote-code-execution-vulnerability-cve-2014-6271"
target="_blank">https://community.qualys.com/blogs/securitylabs/2014/09/24/bash-remote-code-execution-vulnerability-cve-2014-6271</a><br>
<br>
Right now I am most worried about Linux based border
routers and VM hosts such as Proxmox. The latter is
Debian based.<br>
<br>
Cheers<br>
g.<br>
</div>
</blockquote>
</div>
</div>
</div>
</blockquote>
</body>
</html>