UBNT not vulnerable as AirOS doesn't have bash, it uses busybox (already
tested this myself).
EdgeRouters all vulnerable. You can either download bash fromdebian
stable/security, or wait for an incoming patch.
Josh Reynolds, Chief Information Officer
SPITwSPOTS, www.spitwspots.com <http://www.spitwspots.com>
On 09/25/2014 12:04 PM, Ty Featherling via Af wrote:
Yeah I am trying to figure out what else I may be operating that is
vulnerable. UBNT? Mikrotik? Cisco?
-Ty
On Thu, Sep 25, 2014 at 3:00 PM, Josh Baird via Af <[email protected]
<mailto:[email protected]>> wrote:
It can be exposed by anything that invokes bash - which is a ton
of stuff typically on Linux systems.
On Thu, Sep 25, 2014 at 2:25 PM, Peter Kranz via Af <[email protected]
<mailto:[email protected]>> wrote:
PS.. This vulnerability can be exploited via HTTP/Apache
attack vectors, so you need to patch any vulnerable system
running Apache.
Peter Kranz
Founder/CEO - Unwired Ltd
www.UnwiredLtd.com <http://www.UnwiredLtd.com>
Desk: 510-868-1614 x100 <tel:510-868-1614%20x100>
Mobile: 510-207-0000 <tel:510-207-0000>
[email protected] <mailto:[email protected]>
-----Original Message-----
From: Af [mailto:af-bounces+pkranz
<mailto:af-bounces%2Bpkranz>[email protected]
<mailto:[email protected]>] On Behalf Of Matt via Af
Sent: Thursday, September 25, 2014 10:27 AM
To: [email protected] <mailto:[email protected]>
Subject: [AFMUG] Bash specially-crafted environment variables
code injection attack
Bash specially-crafted environment variables code injection attack
https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/
