<div dir="ltr">Sorry, that's my bad - busybox may not be vulnerable - typing when tired.<div><br></div><div>James</div></div><div class="gmail_extra"><br><div class="gmail_quote">On 26 September 2014 07:37, Paul Gear <span dir="ltr"><<a href="mailto:ausnog@libertysys.com.au" target="_blank">ausnog@libertysys.com.au</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
  
    
  
  <div bgcolor="#FFFFFF" text="#000000">
    <div>I haven't seen any reputable press yet
      that suggests that busybox is vulnerable - have I missed
      something?<span class="HOEnZb"><font color="#888888"><br>
      <br>
      Paul</font></span><span class=""><br>
      <br>
      On 26/09/14 02:59, James Hodgkinson wrote:<br>
    </span></div><span class="">
    <blockquote type="cite">
      
      <div dir="ltr">Here's another good one - how many of us are
        running cygwin/busybox environments on the PC's we use to
        maintain the fleet? MobaXterm is vulnerable, and the latest
        version of the Git tools (installed last night) is...
        <div><br>
        </div>
        <div>James</div>
      </div>
      <div class="gmail_extra"><br>
        <div class="gmail_quote">On 26 September 2014 01:43, James
          Andrewartha <span dir="ltr"><<a href="mailto:trs80@ucc.gu.uwa.edu.au" target="_blank">trs80@ucc.gu.uwa.edu.au</a>></span>
          wrote:<br>
          <blockquote class="gmail_quote"><span>On Thu, 25 Sep
              2014, Nathan Gardiner wrote:<br>
              <br>
              > What's the particular concern with Debian based
              devices? Debian pushed bash 4.2+dfsg-0.1+deb7u1 for wheezy
              14 hours ago and any<br>
              > device which uses the Debian repositories would pick
              it up with a dist-upgrade/specific package upgrade.
              Proxmox VE 3.1 hosts<br>
              > not only have the Debian repository but also have
              inbuilt package update functionality in the GUI which
              makes it quite easy to<br>
              > update.<br>
              <br>
            </span>Debian bash is still vulnerable, try this:<br>
            <br>
            dpkg -l bash | grep ^ii; rm -f echo; env X='() { (a)=>\'
            bash -c "echo date"; cat echo<br>
            <br>
            <a href="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=762760" target="_blank">https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=762760</a><br>
          </blockquote>
        </div>
      </div>
    </blockquote>
  </span></div>

<br>_______________________________________________<br>
AusNOG mailing list<br>
<a href="mailto:AusNOG@lists.ausnog.net">AusNOG@lists.ausnog.net</a><br>
<a href="http://lists.ausnog.net/mailman/listinfo/ausnog" target="_blank">http://lists.ausnog.net/mailman/listinfo/ausnog</a><br>
<br></blockquote></div><br></div>