"Shellshock" bash bug
Teo En Ming
singapore.mr.teo.en.ming at gmail.com
Fri Sep 26 16:38:10 UTC 2014
I have just found that my Ubuntu 14.04 LTS installation is vulnerable to
the Shellshock Bash vulnerability. Patching my Ubuntu 14.04 LTS
installation now.
$ sudo apt-get update
$ sudo apt-get upgrade
--
Yours sincerely,
Teo En Ming
Singapore
On 27/09/2014 00:04, Teo En Ming wrote:
> I have already made sure that my cPanel server is safe from the
> Shellshock Bash vulnerability. Now I am trying to confirm my wireless
> router is safe from the shellshock bug, which is also based on Linux.
>
> Link for further reading:
>
> http://seclists.org/snort/2014/q3/976
>
> Thanks for the information.
>
> --
> Yours sincerely,
>
> Teo En Ming
> Singapore
>
>
> On 26/09/2014 23:43, Kevin O'Gorman wrote:
>> There has been a code-injection vulnerability in bash for the last 22
>> years, recently discovered and named "Shellshock". It's nasty.
>> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271
>>
>> Here's a quick one-liner to see if you're vulnerable:
>> $ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
>> vulnerable
>> this is a test
>> $
>>
>> If you get that result, update your bash from the repositories, and
>> all should be well:
>> $ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
>> bash: warning: x: ignoring function definition attempt
>> bash: error importing function definition for `x'
>> this is a test
>> $
>>
>> Safe computing to all
>>
>>
>> --
>> Kevin O'Gorman
>> #define QUESTION ((bb) || (!b)) /* Shakespeare */
>>
>> Please consider the environment before printing this email.
>>
>>
>>
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20140927/2a75c921/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 441 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20140927/2a75c921/attachment.gif>
More information about the ubuntu-users
mailing list