-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
I would strongly recommend visiting the following link:
http://arstechnica.com/security/2014/09/bug-in-bash-shell-creates-big-security-hole-on-anything-with-nix-in-it/
Long story short, if you can execute this shell command:
env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
and receive a successful execution (giving you the output:
'vulnerable\nthis is a test', then you are vulnerable to the bash
exploit that's just been discovered.
I was pretty surprised to realize that even my OpenBSD machine,
running bash only from an outside package from the ports collection to
keep my luddite users happy was vulnerable to this exploit. It's a
pretty serious concern; this is not limited to just Linux. Any *NIX
machine is vulnerable. Hell, probably even cygwin. I just tested a
hackintosh running OS/X and it's vulnerable there, too. :P
Heads up, sys- & net- admins.
- --
Opinions expressed are not necessarily those of the owner of this
corporeal, rotting porksuit, nor its fiat-currency waving handlers.
- -Damo
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (OpenBSD)
iF4EAREIAAYFAlQkPXoACgkQerX40lUXtCPsTQEAknjjnyFUfNZd+fmovySWyM9P
Zqr+p4+PNslwX7Dp6YQA/ic3W8JLOapJQvoSyphFFnF04AAzgMnLuKYpGsmduJ7v
=F9TT
-----END PGP SIGNATURE-----
_______________________________________________
PLUG mailing list
[email protected]
http://lists.pdxlinux.org/mailman/listinfo/plug
