[AusNOG] bash bug !
Paul Gear
ausnog at libertysys.com.au
Fri Sep 26 07:37:29 EST 2014
I haven't seen any reputable press yet that suggests that busybox is
vulnerable - have I missed something?
Paul
On 26/09/14 02:59, James Hodgkinson wrote:
> Here's another good one - how many of us are running cygwin/busybox
> environments on the PC's we use to maintain the fleet? MobaXterm is
> vulnerable, and the latest version of the Git tools (installed last
> night) is...
>
> James
>
> On 26 September 2014 01:43, James Andrewartha <trs80 at ucc.gu.uwa.edu.au
> <mailto:trs80 at ucc.gu.uwa.edu.au>> wrote:
>
> On Thu, 25 Sep 2014, Nathan Gardiner wrote:
>
> > What's the particular concern with Debian based devices? Debian
> pushed bash 4.2+dfsg-0.1+deb7u1 for wheezy 14 hours ago and any
> > device which uses the Debian repositories would pick it up with
> a dist-upgrade/specific package upgrade. Proxmox VE 3.1 hosts
> > not only have the Debian repository but also have inbuilt
> package update functionality in the GUI which makes it quite easy to
> > update.
>
> Debian bash is still vulnerable, try this:
>
> dpkg -l bash | grep ^ii; rm -f echo; env X='() { (a)=>\' bash -c
> "echo date"; cat echo
>
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=762760
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20140926/8013ad9a/attachment-0001.html>
More information about the AusNOG
mailing list