[AusNOG] bash bug !
James Hodgkinson
yaleman at ricetek.net
Fri Sep 26 02:59:45 EST 2014
Here's another good one - how many of us are running cygwin/busybox
environments on the PC's we use to maintain the fleet? MobaXterm is
vulnerable, and the latest version of the Git tools (installed last night)
is...
James
On 26 September 2014 01:43, James Andrewartha <trs80 at ucc.gu.uwa.edu.au>
wrote:
> On Thu, 25 Sep 2014, Nathan Gardiner wrote:
>
> > What's the particular concern with Debian based devices? Debian pushed
> bash 4.2+dfsg-0.1+deb7u1 for wheezy 14 hours ago and any
> > device which uses the Debian repositories would pick it up with a
> dist-upgrade/specific package upgrade. Proxmox VE 3.1 hosts
> > not only have the Debian repository but also have inbuilt package update
> functionality in the GUI which makes it quite easy to
> > update.
>
> Debian bash is still vulnerable, try this:
>
> dpkg -l bash | grep ^ii; rm -f echo; env X='() { (a)=>\' bash -c "echo
> date"; cat echo
>
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=762760
>
> --
> # TRS-80 trs80(a)ucc.gu.uwa.edu.au #/ "Otherwise Bub here
> will do \
> # UCC Wheel Member http://trs80.ucc.asn.au/ #| what squirrels do
> best |
> [ "There's nobody getting rich writing ]| -- Collect and hide
> your |
> [ software that I know of" -- Bill Gates, 1980 ]\ nuts." -- Acid Reflux
> #231 /
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20140926/15f2652f/attachment.html>
More information about the AusNOG
mailing list