[App_rpt-users] NEW Security Issues

Wayne wayne at anywherehost.net
Fri Sep 26 15:47:39 UTC 2014


Here is how you should check to see if you are vulnerable and odds are you
ARE.

 

~# env x='() { :;}; echo vulnerable' bash -c "echo this is a test"

If the system is vulnerable, the output is:

vulnerable
this is a test
 
It is far easier to upgrade bash and all OS distros now have a patch.
 
Wayne
http://hamradiohost.net

 

  _____  

From: app_rpt-users-bounces at ohnosec.org
[mailto:app_rpt-users-bounces at ohnosec.org] On Behalf Of kk6ecm
Sent: Thursday, September 25, 2014 3:11 PM
To: Tim Sawyer
Cc: app_rpt-users at ohnosec.org
Subject: Re: [App_rpt-users] NEW Security Issues

 

Cool. I'll give it a go before a reload. Whenever I do a server build, I
take copious notes so I can duplicate all the steps,.. just time.

Thanks much!

Bob

kk6ecm

 

Sent from iPad

 


On Sep 25, 2014, at 1:41 PM, Tim Sawyer <tim.sawyer at mac.com> wrote:

This should fix your update.

http://docs.allstarlink.org/drupal/node/111



--
Tim
:wq

 

On Sep 25, 2014, at 1:02 PM, Bob <kk6ecm at gmail.com> wrote:





I performed the yum update... killed asterisk... lots of errors, repeater
down. looks like I should have just updated bash (sigh!) need to rebuild
ACID unless there is a way to "undo" the yum update. (sigh!)

 


  _____  


From: app_rpt-users-bounces at ohnosec.org
[mailto:app_rpt-users-bounces at ohnosec.org] On Behalf Of Doug Crompton
Sent: Thursday, September 25, 2014 11:38 AM
To: app_rpt-users at ohnosec.org
Subject: Re: [App_rpt-users] NEW Security Issues

 

Sorry I did not qualify that. The way to update centos is 

yum update bash

The current update is:

Updated:
  bash.i386 0:3.2-33.el5.1

This should not require any recompiles. If you have any current bash jobs
running you would have to stop and restart them to use the new code or just
reboot.

73 Doug
WA3DSP
http://www.crompton.com/hamradio





  _____  


From: doug at crompton.com
To: mike at midnighteng.com
Date: Thu, 25 Sep 2014 12:27:42 -0400
CC: app_rpt-users at ohnosec.org
Subject: Re: [App_rpt-users] NEW Security Issues

Information on Centos Bash update -

http://centosnow.blogspot.com/2014/09/critical-bash-updates-for-centos-5.htm
l

73 Doug
WA3DSP
http://www.crompton.com/hamradio





  _____  


From: mike at midnighteng.com
To: app_rpt-users at ohnosec.org
Date: Thu, 25 Sep 2014 08:06:13 -0700
Subject: [App_rpt-users] NEW Security Issues

 

The increase in recent hack attempts are the result of the resent knowlage
of a fundamental bug in bash.

It was not a big deal till someone published the flaw before some patches
could be issued.

 

Some folks set-ups are vulnerable. If you run HTTP, you certainly are.

 

Just a FYI...

 

SHELLSHOCK  - this is bigger and older than heartbleed.

 

It is a very big deal for "all" linux systems running http.

 

http://seclists.org/oss-sec/2014/q3/650       

 

to check your version of bash, type

 

cd /bin

bash --version

 

our acid installs should be at 3.2

Remote ssh devices are possibly at risk.

Current patches may not be entirely effective.

Much more to be known about this.

 

google shellshock for more info.

 

...mike/kb8jnm

 

 


_______________________________________________ App_rpt-users mailing list
App_rpt-users at ohnosec.org
http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users To unsubscribe
from this list please visit
http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users and scroll down to
the bottom of the page. Enter your email address and press the "Unsubscribe
or edit options button" You do not need a password to unsubscribe, you can
do it via email confirmation. If you have trouble unsubscribing, please send
a message to the list detailing the problem.


_______________________________________________ App_rpt-users mailing list
App_rpt-users at ohnosec.org
http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users To unsubscribe
from this list please visit
http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users and scroll down to
the bottom of the page. Enter your email address and press the "Unsubscribe
or edit options button" You do not need a password to unsubscribe, you can
do it via email confirmation. If you have trouble unsubscribing, please send
a message to the list detailing the problem.

_______________________________________________
App_rpt-users mailing list
App_rpt-users at ohnosec.org
http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users

To unsubscribe from this list please visit
http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users and scroll down to
the bottom of the page. Enter your email address and press the "Unsubscribe
or edit options button"
You do not need a password to unsubscribe, you can do it via email
confirmation. If you have trouble unsubscribing, please send a message to
the list detailing the problem.

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.keekles.org/pipermail/app_rpt-users/attachments/20140926/a1420869/attachment.html>


More information about the App_rpt-users mailing list