[AusNOG] bash bug !

Nathan Gardiner ngardiner at gmail.com
Thu Sep 25 23:06:48 EST 2014


What's the particular concern with Debian based devices? Debian pushed bash
4.2+dfsg-0.1+deb7u1 for wheezy 14 hours ago and any device which uses the
Debian repositories would pick it up with a dist-upgrade/specific package
upgrade. Proxmox VE 3.1 hosts not only have the Debian repository but also
have inbuilt package update functionality in the GUI which makes it quite
easy to update.

Openwrt uses ash by default and requires bash to be installed explicitly,
VyOS 1.0.4 "vbash" shell I just tested to be vulnerable without an update:

vyos at r03:~$ show version
Version:      VyOS 1.0.4
Description:  VyOS 1.0.4 (hydrogen)

vyos at r03:~$ env x='() { :;}; echo vulnerable'  bash -c "echo this is a test"
vulnerable
this is a test


Nathan

On Thu, Sep 25, 2014 at 8:43 PM, Ben Cooper <ben at zeno.io> wrote:

> isnt VYoS *nix based? Debian even?
>
> Also those new Ubiqiti things are Debian based as well I think.
>
> On Thu, Sep 25, 2014 at 10:06 PM, George Fong <george at lateralplains.com>
> wrote:
>
>>  I've so far had no problems updating CENTos servers with a simple
>> update of bash.
>>
>> I'm not sure how accurate this test is but the befores and afters seem to
>> be consistent:
>>
>>
>> https://community.qualys.com/blogs/securitylabs/2014/09/24/bash-remote-code-execution-vulnerability-cve-2014-6271
>>
>> Right now I am most worried about Linux based border routers and VM hosts
>> such as Proxmox. The latter is Debian based.
>>
>> Cheers
>> g.
>>
>>
>>
>> On Thu, 2014-09-25 at 16:32 +1000, Pinkerton, Eric (AU Sydney) wrote:
>>
>> Heads up, shellshock botnet payloads are already hitting honeypots..
>>
>>
>>
>> https://gist.github.com/anonymous/929d622f3b36b00c0be1
>>
>>
>>
>>
>>
>>  *From:* AusNOG [mailto:ausnog-bounces at lists.ausnog.net] *On Behalf Of *Alex
>> Samad - Yieldbroker
>> *Sent:* Thursday, 25 September 2014 2:59 PM
>> *To:* Kush, Nishchal
>> *Cc:* ausnog at lists.ausnog.net
>> *Subject:* Re: [AusNOG] bash bug !
>>
>>
>>
>>
>> I believe the initial released patch was incomplete
>>
>> https://bugzilla.redhat.com/show_bug.cgi?id=1146319
>>
>>
>>
>>
>>
>> A
>>
>>
>>
>>  *From:* Kush, Nishchal [mailto:kush at kush.com.fj <kush at kush.com.fj>]
>> *Sent:* Thursday, 25 September 2014 3:03 PM
>> *To:* Alex Samad - Yieldbroker
>> *Cc:* ausnog at lists.ausnog.net
>> *Subject:* Re: [AusNOG] bash bug !
>>
>>
>>
>>
>> Hi
>>
>>
>>
>>
>>  Most Linux distributions have released patches. Unfortunately you still
>> need to recompile your own for Apple’s Mac OS X
>>
>>
>>
>>
>>
>>  Cheers
>>
>>
>>  --
>> Kush, Nishchal
>> kush at kush.com.fj
>>
>>
>>
>>
>>
>>
>>
>>  On 25 Sep 2014, at 2:40 pm, Alex Samad - Yieldbroker <
>> Alex.Samad at yieldbroker.com> wrote:
>>
>>
>>
>>
>>
>> http://www.smh.com.au/it-pro/security-it/shell-shock-bash-bug-labelled-largest-ever-to-hit-the-internet-20140925-10ltx1.html
>>
>>
>> https://www.us-cert.gov/ncas/current-activity/2014/09/24/Bourne-Again-Shell-Bash-Remote-Code-Execution-Vulnerability
>>
>> _______________________________________________
>> AusNOG mailing list
>> AusNOG at lists.ausnog.net
>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>
>>
>>
>>
>>
>>  Please consider the environment before printing this email. This
>> message should be regarded as confidential. If you have received this email
>> in error please notify the sender and destroy it immediately. Statements of
>> intent shall only become binding when confirmed in hard copy by an
>> authorised signatory. The contents of this email may relate to dealings
>> with other companies under the control of BAE Systems Applied Intelligence
>> Limited, details of which can be found at
>> http://www.baesystems.com/Businesses/index.htm.
>>
>> _______________________________________________
>> AusNOG mailing listAusNOG at lists.ausnog.nethttp://lists.ausnog.net/mailman/listinfo/ausnog
>>
>>
>>   --
>>
>>
>>
>> GPG Fingerprint: 8BAF 3175 A1C8 BF5F 3631 BEF4 727C 784A 218B 4CE4
>> Just remember, wherever you go ........ there you are.
>>
>> _______________________________________________
>> AusNOG mailing list
>> AusNOG at lists.ausnog.net
>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>
>>
>
>
> --
> --
> Ben Cooper
> CEO
> Zeno Holdings PTY LTD
> P: +61 7 3503 8553
> M: 0410411301
> E: ben at zeno.io
> W: *http://zeno.io <http://zeno.io>*
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20140925/1516eb9e/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: george-2014.png
Type: image/png
Size: 20375 bytes
Desc: not available
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20140925/1516eb9e/attachment.png>


More information about the AusNOG mailing list