nevermind. http://superuser.com/questions/816622/does-the-shellshock-bug-affect-zsh nice. safe for now.
On Thu, Sep 25, 2014 at 6:50 PM, andrew mcelroy <[email protected]> wrote: > Do we know if this is **strictly** bash or if ZSH is vulnerable as well? > > On Thu, Sep 25, 2014 at 5:38 PM, John F. Eldredge <[email protected]> wrote: >> Or was that a Freudian slip, where you accidentally say what you were >> thinking? >> >> On September 25, 2014 3:15:14 PM "Bruce W. Martin" <[email protected]> >> wrote: >>> >>> Is it fumble fingers or bad auto correct? I actually “shut" down the >>> debian server. >>> >>> Bruce >>> >>> On Sep 25, 2014, at 2:58 PM, Bruce W. Martin <[email protected]> wrote: >>> >>> I am a bit confused about this bug. What is the vector to exploit this? If >>> I turn off the web server daemon is the only vector then from those who can >>> log in with appropriate credentials? I have an old RHEL server that no >>> longer gets updates and a debian server that suddenly apt-get does not seem >>> to work. I have shit down the debian server and turned off the web server >>> daemon on the old RHEL box. Does that make it safe as long as no miscreant >>> can log in via ssh (no telnet daemon in decades)? The press seems all >>> sensational and says this is worse than Heartbleed but beyond that there is >>> not much substance in what I have found so far. I have updated all of my >>> RHEL/CentOS 5 & 6 boxes and run the test and it says I am clean, for now. >>> For my MacOS I guess I have to wait for Apple. Can I tell my Mac users to >>> turn off the web server and wait for the patch from Apple. Not that I think >>> any of my mac users have turned on the web server but it is the only thing >>> that I have seen as a vector short of a login. >>> >>> Comments? >>> >>> Bruce >>> >>> >>> On Sep 25, 2014, at 9:22 AM, Tim O'Guin <[email protected]> wrote: >>> >>> How it can be exploited: >>> >>> >>> http://security.stackexchange.com/questions/68122/what-is-a-specific-example-of-how-the-shellshock-bash-bug-could-be-exploited/68130#68130 >>> >>> Patched all our systems yesterday in a few seconds with Config Management >>> Tool of Choice (TM). >>> >>> >>> On Thu, Sep 25, 2014 at 9:17 AM, Holland Griffis >>> <[email protected]> wrote: >>>> >>>> Meh, already patched. >>>> >>>> On Sep 25, 2014 9:14 AM, "Howard White" <[email protected]> wrote: >>>>> >>>>> Customer sent me email asking about ShellShock/bash bug vulnerability. >>>>> rut roh! >>>>> >>>>> The first post I see says Fedora/Red Hat put up fixes. >>>>> >>>>> So much for not updating systems for years and years... >>>>> >>>>> Howard >>>>> >>>>> -- >>> >>> -- >>> >>> >>> >>> -- >>> -- >>> You received this message because you are subscribed to the Google Groups >>> "NLUG" group. >>> To post to this group, send email to [email protected] >>> To unsubscribe from this group, send email to >>> [email protected] >>> For more options, visit this group at >>> http://groups.google.com/group/nlug-talk?hl=en >>> >>> --- >>> You received this message because you are subscribed to the Google Groups >>> "NLUG" group. >>> To unsubscribe from this group and stop receiving emails from it, send an >>> email to [email protected]. >>> For more options, visit https://groups.google.com/d/optout. >> >> -- >> -- >> You received this message because you are subscribed to the Google Groups >> "NLUG" group. >> To post to this group, send email to [email protected] >> To unsubscribe from this group, send email to >> [email protected] >> For more options, visit this group at >> http://groups.google.com/group/nlug-talk?hl=en >> >> --- >> You received this message because you are subscribed to the Google Groups >> "NLUG" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> For more options, visit https://groups.google.com/d/optout. -- -- You received this message because you are subscribed to the Google Groups "NLUG" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/nlug-talk?hl=en --- You received this message because you are subscribed to the Google Groups "NLUG" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
