"Shellshock" bash bug
Rashkae
ubuntu at tigershaunt.com
Fri Sep 26 21:41:15 UTC 2014
On 14-09-26 05:17 PM, Colin Law wrote:
> On 26 September 2014 16:43, Kevin O'Gorman <kogorman at gmail.com> wrote:
>
>> There has been a code-injection vulnerability in bash for the last 22
>> years, recently discovered and named "Shellshock". It's nasty.
>> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271
>>
>
> I don't fully understand the description. I have a system that cannot be
> updated that has an ssh port open to the internet, with access by keys
> only. Is that system vulnerable to attack?
>
> Colin
Not directly.... Although, with a hole that big, I wouldn't be surprise
if people keeping finding new and clever ways to get at it.
If you have ssh access, why can't you upload the bash .deb and install
it? (dpkg -i whatever_package.deb) This one is much easier to patch
than all those heartbleed problems.
More information about the ubuntu-users
mailing list