Do we know if this is **strictly** bash or if ZSH is vulnerable as well? On Thu, Sep 25, 2014 at 5:38 PM, John F. Eldredge <[email protected]> wrote: > Or was that a Freudian slip, where you accidentally say what you were > thinking? > > On September 25, 2014 3:15:14 PM "Bruce W. Martin" <[email protected]> > wrote: >> >> Is it fumble fingers or bad auto correct? I actually “shut" down the >> debian server. >> >> Bruce >> >> On Sep 25, 2014, at 2:58 PM, Bruce W. Martin <[email protected]> wrote: >> >> I am a bit confused about this bug. What is the vector to exploit this? If >> I turn off the web server daemon is the only vector then from those who can >> log in with appropriate credentials? I have an old RHEL server that no >> longer gets updates and a debian server that suddenly apt-get does not seem >> to work. I have shit down the debian server and turned off the web server >> daemon on the old RHEL box. Does that make it safe as long as no miscreant >> can log in via ssh (no telnet daemon in decades)? The press seems all >> sensational and says this is worse than Heartbleed but beyond that there is >> not much substance in what I have found so far. I have updated all of my >> RHEL/CentOS 5 & 6 boxes and run the test and it says I am clean, for now. >> For my MacOS I guess I have to wait for Apple. Can I tell my Mac users to >> turn off the web server and wait for the patch from Apple. Not that I think >> any of my mac users have turned on the web server but it is the only thing >> that I have seen as a vector short of a login. >> >> Comments? >> >> Bruce >> >> >> On Sep 25, 2014, at 9:22 AM, Tim O'Guin <[email protected]> wrote: >> >> How it can be exploited: >> >> >> http://security.stackexchange.com/questions/68122/what-is-a-specific-example-of-how-the-shellshock-bash-bug-could-be-exploited/68130#68130 >> >> Patched all our systems yesterday in a few seconds with Config Management >> Tool of Choice (TM). >> >> >> On Thu, Sep 25, 2014 at 9:17 AM, Holland Griffis >> <[email protected]> wrote: >>> >>> Meh, already patched. >>> >>> On Sep 25, 2014 9:14 AM, "Howard White" <[email protected]> wrote: >>>> >>>> Customer sent me email asking about ShellShock/bash bug vulnerability. >>>> rut roh! >>>> >>>> The first post I see says Fedora/Red Hat put up fixes. >>>> >>>> So much for not updating systems for years and years... >>>> >>>> Howard >>>> >>>> -- >> >> -- >> >> >> >> -- >> -- >> You received this message because you are subscribed to the Google Groups >> "NLUG" group. >> To post to this group, send email to [email protected] >> To unsubscribe from this group, send email to >> [email protected] >> For more options, visit this group at >> http://groups.google.com/group/nlug-talk?hl=en >> >> --- >> You received this message because you are subscribed to the Google Groups >> "NLUG" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> For more options, visit https://groups.google.com/d/optout. > > -- > -- > You received this message because you are subscribed to the Google Groups > "NLUG" group. > To post to this group, send email to [email protected] > To unsubscribe from this group, send email to > [email protected] > For more options, visit this group at > http://groups.google.com/group/nlug-talk?hl=en > > --- > You received this message because you are subscribed to the Google Groups > "NLUG" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout.
-- -- You received this message because you are subscribed to the Google Groups "NLUG" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/nlug-talk?hl=en --- You received this message because you are subscribed to the Google Groups "NLUG" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
