[AusNOG] bash bug !
James Hodgkinson
yaleman at ricetek.net
Fri Sep 26 08:40:13 EST 2014
Sorry, that's my bad - busybox may not be vulnerable - typing when tired.
James
On 26 September 2014 07:37, Paul Gear <ausnog at libertysys.com.au> wrote:
> I haven't seen any reputable press yet that suggests that busybox is
> vulnerable - have I missed something?
>
> Paul
>
> On 26/09/14 02:59, James Hodgkinson wrote:
>
> Here's another good one - how many of us are running cygwin/busybox
> environments on the PC's we use to maintain the fleet? MobaXterm is
> vulnerable, and the latest version of the Git tools (installed last night)
> is...
>
> James
>
> On 26 September 2014 01:43, James Andrewartha <trs80 at ucc.gu.uwa.edu.au>
> wrote:
>
>> On Thu, 25 Sep 2014, Nathan Gardiner wrote:
>>
>> > What's the particular concern with Debian based devices? Debian pushed
>> bash 4.2+dfsg-0.1+deb7u1 for wheezy 14 hours ago and any
>> > device which uses the Debian repositories would pick it up with a
>> dist-upgrade/specific package upgrade. Proxmox VE 3.1 hosts
>> > not only have the Debian repository but also have inbuilt package
>> update functionality in the GUI which makes it quite easy to
>> > update.
>>
>> Debian bash is still vulnerable, try this:
>>
>> dpkg -l bash | grep ^ii; rm -f echo; env X='() { (a)=>\' bash -c "echo
>> date"; cat echo
>>
>> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=762760
>>
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20140926/e2c6e747/attachment.html>
More information about the AusNOG
mailing list