BASH security vulnerability

Andre Rodovalho andre.rodovalho at
Wed Oct 8 20:35:53 UTC 2014

Jesus, people are comparing Win7 security with Linux?

Tell those guys not to worry, in case of doubt, hire a serious security
consulting agency...

2014-10-08 16:57 GMT-03:00 Lars Noodén <lars.nooden at>:

> > The Shellshock vulnerability.
> Desktops were largely unaffected.  The machines that were vulnerable
> were primarily servers that met three conditions:
> a. running publicly available scripts
> b. those scripts were shell scripts, which is in itself rare as perl,
> python, php are common.
> c. those shell scripts were running bash instead of sh, ash or dash
> (ubuntu's default for scripts), which is rare for even for public shell
> scripts.
> However, given the large number of servers potentially affected, there
> were some that turned out to be vulnerable.  I'm not sure if the dhcp
> client specific to (L)Ubuntu was potentially affected or not.  But for
> the most part, despite having bash, desktops are not vulnerable because
> they are not set up to offer bash (or any other) scripts to outsiders.
> About the patching.  Ubuntu patched quickly and a normal update fixes
> the problem(s).
> There's not a proper date-time stamp on Ubuntu's announcements above,
> but the first one at least was right quick more or less concurrent with
> the public announcement.  Yes, CVE-2014-6271 and co were a big deal due
> to a really unfortunate misfeature but part of the visibility is due to
> media's enthusiasm for man-bites-dog stories combined with other
> interested marketing the heck out of said bugs.
> Lastly, extreme bugs like this and the previous server bug have been
> rare which is part of the reason antagonists go out and market the bugs
> under a brand name.  The other one even had a company go out and
> register a web site and hire a web developer to prepare promotional
> materials prior to announcing the bug.
> So given the visibility I understand the concern.
> Regards,
> /Lars
> --
> Lubuntu-users mailing list
> Lubuntu-users at
> Modify settings or unsubscribe at:
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Lubuntu-users mailing list