[App_rpt-users] NEW Security Issues

Bob kk6ecm at gmail.com
Thu Sep 25 16:01:46 UTC 2014


I'm running the latest ACID build, and ran the tests recommended by
http://www.theregister.co.uk/2014/09/24/bash_shell_vuln/ to see if it is
vulnerable. The ACID build passed both tests... the bug was not detected.
See also,
https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environmen
t-variables-code-injection-attack/

 

This does not mean my routers are safe... still an open question for me.

 

Bob

kk6ecm

 

  _____  

From: app_rpt-users-bounces at ohnosec.org
[mailto:app_rpt-users-bounces at ohnosec.org] On Behalf Of mike at midnighteng.com
Sent: Thursday, September 25, 2014 8:06 AM
To: app_rpt-users at ohnosec.org
Subject: [App_rpt-users] NEW Security Issues

 

 

The increase in recent hack attempts are the result of the resent knowlage
of a fundamental bug in bash.

It was not a big deal till someone published the flaw before some patches
could be issued.

 

Some folks set-ups are vulnerable. If you run HTTP, you certainly are.

 

Just a FYI...

 

SHELLSHOCK  - this is bigger and older than heartbleed.

 

It is a very big deal for "all" linux systems running http.

 

http://seclists.org/oss-sec/2014/q3/650        

 

to check your version of bash, type

 

cd /bin

bash --version

 

our acid installs should be at 3.2 

Remote ssh devices are possibly at risk.

Current patches may not be entirely effective.

Much more to be known about this.

 

google shellshock for more info.

 

...mike/kb8jnm

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.keekles.org/pipermail/app_rpt-users/attachments/20140925/f423f48d/attachment.html>


More information about the App_rpt-users mailing list