[AusNOG] bash bug !
Paul Gear
ausnog at libertysys.com.au
Fri Sep 26 07:35:43 EST 2014
VyOS & Vyatta core don't expose any web services that could use bash by
default, so exposure should be zero, unless you do something silly like
allowing ssh access to the world by default (in which case ssh bots are
already a risk), or adding shell scripts into snmpd.conf and exposing
that to the world.
Paul
On 25/09/14 22:46, Nathan Brookfield wrote:
> VyOS and Vyatta, spot on! I think some of the Ubiquiti devices run
> BusyBox.
> ...
>
> On 25 Sep 2014, at 22:44, Ben Cooper <ben at zeno.io
> <mailto:ben at zeno.io>> wrote:
>
> isnt VYoS *nix based? Debian even?
>
> Also those new Ubiqiti things are Debian based as well I think.
>
> On Thu, Sep 25, 2014 at 10:06 PM, George Fong
> <george at lateralplains.com <mailto:george at lateralplains.com>> wrote:
>
> I've so far had no problems updating CENTos servers with a simple
> update of bash.
>
> I'm not sure how accurate this test is but the befores and afters
> seem to be consistent:
>
> https://community.qualys.com/blogs/securitylabs/2014/09/24/bash-remote-code-execution-vulnerability-cve-2014-6271
>
> Right now I am most worried about Linux based border routers and
> VM hosts such as Proxmox. The latter is Debian based.
>
> Cheers
> g.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20140926/38678deb/attachment.html>
More information about the AusNOG
mailing list