Or was that a Freudian slip, where you accidentally say what you were thinking?
On September 25, 2014 3:15:14 PM "Bruce W. Martin" <[email protected]> wrote:
Is it fumble fingers or bad auto correct? I actually "shut" down the debian
server.
Bruce
On Sep 25, 2014, at 2:58 PM, Bruce W. Martin <[email protected]> wrote:
> I am a bit confused about this bug. What is the vector to exploit this?
If I turn off the web server daemon is the only vector then from those who
can log in with appropriate credentials? I have an old RHEL server that no
longer gets updates and a debian server that suddenly apt-get does not seem
to work. I have shit down the debian server and turned off the web server
daemon on the old RHEL box. Does that make it safe as long as no miscreant
can log in via ssh (no telnet daemon in decades)? The press seems all
sensational and says this is worse than Heartbleed but beyond that there is
not much substance in what I have found so far. I have updated all of my
RHEL/CentOS 5 & 6 boxes and run the test and it says I am clean, for now.
For my MacOS I guess I have to wait for Apple. Can I tell my Mac users to
turn off the web server and wait for the patch from Apple. Not that I think
any of my mac users have turned on the web server but it is the only thing
that I have seen as a vector short of a login.
>
> Comments?
>
> Bruce
>
>
> On Sep 25, 2014, at 9:22 AM, Tim O'Guin <[email protected]> wrote:
>
>> How it can be exploited:
>>
>>
http://security.stackexchange.com/questions/68122/what-is-a-specific-example-of-how-the-shellshock-bash-bug-could-be-exploited/68130#68130
>>
>> Patched all our systems yesterday in a few seconds with Config
Management Tool of Choice (TM).
>>
>>
>> On Thu, Sep 25, 2014 at 9:17 AM, Holland Griffis
<[email protected]> wrote:
>> Meh, already patched.
>>
>> On Sep 25, 2014 9:14 AM, "Howard White" <[email protected]> wrote:
>> Customer sent me email asking about ShellShock/bash bug vulnerability.
rut roh!
>>
>> The first post I see says Fedora/Red Hat put up fixes.
>>
>> So much for not updating systems for years and years...
>>
>> Howard
>>
>> --
>> --
>
--
--
You received this message because you are subscribed to the Google Groups
"NLUG" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/nlug-talk?hl=en
---
You received this message because you are subscribed to the Google Groups
"NLUG" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to [email protected].
For more options, visit https://groups.google.com/d/optout.
--
--
You received this message because you are subscribed to the Google Groups
"NLUG" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/nlug-talk?hl=en
---
You received this message because you are subscribed to the Google Groups "NLUG" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
