[Tfug] Do we need a new bash?
erich
erich1 at copper.net
Thu Sep 25 19:35:39 MST 2014
You know what this amounts to?
Any platform that can run commands from a prompt and is listening
on some port
is vulnerable. a coffemaker could have lots of serial inputs
(/dev/ttyxx) and
be listening on ports 21, 23, 80 that would make it a sitting duck. right?
Oh, and yes, its running a shell.
Erich
JD Rogers wrote:
> updates have been coming through..
> You can check your bash with:
> env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
>
> and update with your package manager if needed.. I would bet most
> dists have released the fixes by now. The coffee maker is another
> matter. So is my WD nas.
>
> On Thu, Sep 25, 2014 at 1:15 PM, erich <erich1 at copper.net
> <mailto:erich1 at copper.net>> wrote:
>
> They call it,
> "Shellshock" Yesterday I read that it affects internet
> "things" such
> as a coffeemaker or oven attached to the internet. Today it's anything
> with a bash shell. Bash is popular, but it's not the only shell. Why
> wouldn't other shells be vulnerable?
> I'd send internet links to show what I was talking about,
> but our
> listserve kicks them out. (We're pretty secure. Aren't we?)
>
> Erich
>
> _______________________________________________
> Tucson Free Unix Group - tfug at tfug.org <mailto:tfug at tfug.org>
> Subscription Options:
> http://www.tfug.org/mailman/listinfo/tfug_tfug.org
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Tucson Free Unix Group - tfug at tfug.org
> Subscription Options:
> http://www.tfug.org/mailman/listinfo/tfug_tfug.org
>
More information about the tfug
mailing list