While we're being OT here, can anyone explain this to me in practical terms?
Sally has a basic everyday Mac running unpatched OS X. It is connected to the Internet for Web browsing and e-mail, but she does not operate a Web server. Let's for argument's sake assume no firewall. Is Sally vulnerable to this? I am guessing that if she is vulnerable it is because someone can telnet to her machine, run the Bash shell, and trick OS X into executing arbitrary commands in some sort of su-type mode? Yes? No? If she's not vulnerable, what sort of *IX machine is? If this is too OT for your taste you could reply privately. Thanks, Charles -----Original Message----- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of John McKown Sent: Thursday, September 25, 2014 8:59 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: OT - Bash Vunerability Fairly new, as in just today. There are patches for SUSE and Redhat Linux on z. I have applied the equivalent on my RedHat Fedora 20 on Intel. I need to patch the BASH port on the CBTtape, but that is a future (hopefully near future) event. On Thu, Sep 25, 2014 at 10:44 AM, Lizette Koehler <stars...@mindspring.com> wrote: > I just saw this. Might be old news to some, but new to me. > > http://tinyurl.com/k5xevos > > > In Heartbleed's wake, Bash flaw puts Linux, Mac OS users at risk > > by Brandan Blevins, News Writer > Researchers say a 20-year-old vulnerability uncovered in the Bash > shell, found in Unix-based operating systems including Linux and Mac > OS, could lead to a dangerous worm outbreak unlike anything seen in more than > a decade. > Discovered by UK-based Unix expert Stéphane Chazelas, the Bash > vulnerability, also known as Shellshock or CVE-2014-6271, actually > dates back more than 20 years and is present in every shell version up to 4.3. > > US-CERT's National Vulnerability Database has rated the flaw's > severity as a "10.0", which is the highest possibly severity, based on ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN