
<html>

  <head>

    <meta content="text/html; charset=windows-1252"

      http-equiv="Content-Type">

  </head>

  <body bgcolor="#FFFFFF" text="#000000">

    <div class="moz-cite-prefix">VyOS & Vyatta core don't expose any

      web services that could use bash by default, so exposure should be

      zero, unless you do something silly like allowing ssh access to

      the world by default (in which case ssh bots are already a risk),

      or adding shell scripts into snmpd.conf and exposing that to the

      world.<br>

      <br>

      Paul<br>

      <br>

      On 25/09/14 22:46, Nathan Brookfield wrote:<br>

    </div>

    <blockquote

      cite="mid:966B6E04-A50A-4F0B-8877-F834AA390D28@simtronic.com.au"

      type="cite">

      <meta http-equiv="Context-Type" content="text/html;

        charset=Windows-1252">

      <div>VyOS and Vyatta, spot on! I think some of the Ubiquiti

        devices run BusyBox.<br>

        ...</div>

      <div><br>

        On 25 Sep 2014, at 22:44, Ben Cooper <<a

          moz-do-not-send="true" href="mailto:ben@zeno.io">ben@zeno.io</a>>

        wrote:<br>

        <br>

      </div>

      <div>

        <div dir="ltr">isnt VYoS *nix based? Debian even? 

          <div><br>

          </div>

          <div>Also those new Ubiqiti things are Debian based as well I

            think.</div>

        </div>

        <div class="gmail_extra"><br>

          <div class="gmail_quote">On Thu, Sep 25, 2014 at 10:06 PM,

            George Fong <span dir="ltr">

              <<a moz-do-not-send="true"

                href="mailto:george@lateralplains.com" target="_blank">george@lateralplains.com</a>></span>

            wrote:<br>

            <blockquote class="gmail_quote">

              <div>I've so far had no problems updating CENTos servers

                with a simple update of bash.<br>

                <br>

                I'm not sure how accurate this test is but the befores

                and afters seem to be consistent:<br>

                <br>

                <a moz-do-not-send="true"

href="https://community.qualys.com/blogs/securitylabs/2014/09/24/bash-remote-code-execution-vulnerability-cve-2014-6271"

                  target="_blank">https://community.qualys.com/blogs/securitylabs/2014/09/24/bash-remote-code-execution-vulnerability-cve-2014-6271</a><br>

                <br>

                Right now I am most worried about Linux based border

                routers and VM hosts such as Proxmox. The latter is

                Debian based.<br>

                <br>

                Cheers<br>

                g.<br>

              </div>

            </blockquote>

          </div>

        </div>

      </div>

    </blockquote>

  </body>

</html>