Is it fumble fingers or bad auto correct? I actually "shut" down the debian server.
Bruce On Sep 25, 2014, at 2:58 PM, Bruce W. Martin <[email protected]> wrote: > I am a bit confused about this bug. What is the vector to exploit this? If I > turn off the web server daemon is the only vector then from those who can log > in with appropriate credentials? I have an old RHEL server that no longer > gets updates and a debian server that suddenly apt-get does not seem to work. > I have shit down the debian server and turned off the web server daemon on > the old RHEL box. Does that make it safe as long as no miscreant can log in > via ssh (no telnet daemon in decades)? The press seems all sensational and > says this is worse than Heartbleed but beyond that there is not much > substance in what I have found so far. I have updated all of my RHEL/CentOS 5 > & 6 boxes and run the test and it says I am clean, for now. For my MacOS I > guess I have to wait for Apple. Can I tell my Mac users to turn off the web > server and wait for the patch from Apple. Not that I think any of my mac > users have turned on the web server but it is the only thing that I have seen > as a vector short of a login. > > Comments? > > Bruce > > > On Sep 25, 2014, at 9:22 AM, Tim O'Guin <[email protected]> wrote: > >> How it can be exploited: >> >> http://security.stackexchange.com/questions/68122/what-is-a-specific-example-of-how-the-shellshock-bash-bug-could-be-exploited/68130#68130 >> >> Patched all our systems yesterday in a few seconds with Config Management >> Tool of Choice (TM). >> >> >> On Thu, Sep 25, 2014 at 9:17 AM, Holland Griffis <[email protected]> >> wrote: >> Meh, already patched. >> >> On Sep 25, 2014 9:14 AM, "Howard White" <[email protected]> wrote: >> Customer sent me email asking about ShellShock/bash bug vulnerability. rut >> roh! >> >> The first post I see says Fedora/Red Hat put up fixes. >> >> So much for not updating systems for years and years... >> >> Howard >> >> -- >> -- > -- -- You received this message because you are subscribed to the Google Groups "NLUG" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/nlug-talk?hl=en --- You received this message because you are subscribed to the Google Groups "NLUG" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
