"Shellshock" bash bug
Teo En Ming
singapore.mr.teo.en.ming at gmail.com
Fri Sep 26 22:18:48 UTC 2014
On 27/09/2014 05:41, Rashkae wrote:
> On 14-09-26 05:17 PM, Colin Law wrote:
>> On 26 September 2014 16:43, Kevin O'Gorman <kogorman at gmail.com> wrote:
>>
>>> There has been a code-injection vulnerability in bash for the last 22
>>> years, recently discovered and named "Shellshock". It's nasty.
>>> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271
>>>
>>
>> I don't fully understand the description. I have a system that
>> cannot be
>> updated that has an ssh port open to the internet, with access by keys
>> only. Is that system vulnerable to attack?
>>
>> Colin
>
>
> Not directly.... Although, with a hole that big, I wouldn't be
> surprise if people keeping finding new and clever ways to get at it.
>
> If you have ssh access, why can't you upload the bash .deb and install
> it? (dpkg -i whatever_package.deb) This one is much easier to patch
> than all those heartbleed problems.
>
>
>
I think you need to use the command "sudo dpkg -i
bash-shellshock-bug-update.deb". The use of sudo is necessary to install
software.
--
Yours sincerely,
Teo En Ming
Singapore
More information about the ubuntu-users
mailing list