Twitter was all aflutter about it yesterday; the distros were great about implementing the patch and getting it out overnight.
Realize that many things run bash you may not be aware of, and patching them can be tricky. Obviously, the biggest threat is web-exposed machines that have features that shell out -- many many PHP, Perl, Python and Ruby apps use some form of Exec() calls to talk to the underlying OS, just as we would use RUN/! in VFP. However, I also found bash shells that were _potentially_ exploitable in my AppleTV and Western Digital NAS. Keep an eye out for a LOT of updates in the coming weeks. On Thu, Sep 25, 2014 at 12:56 PM, Paul McNett <[email protected]> wrote: > On 9/25/14, 9:17 AM, Ken Dibble wrote: > >> http://www.tomsguide.com/us/shellshock-osx-linux,news-19614.html >> >> (Beware extremely annoying audio-only advertisements that can't be >> turned off on this website). >> > > Thanks for posting this, as it was the first I'd heard about it. I didn't > visit the Tom's site but searched "shellshock bash ubuntu" to find out some > information and what to do. > > What I did: > 1) reboot my servers (Ubuntu already installed the security update > automatically) > > 2) while that was happening, read up on background information. > > In retrospect I don't think I was impacted because I don't use CGI in any > of my web sites or applications. However, I'm considering scheduling a > reboot of my servers once a day in case I miss something of this magnitude > again. I used to pride myself by how long I could keep a server running but > times have changed. > > Paul > > > > > [excessive quoting removed by server] _______________________________________________ Post Messages to: [email protected] Subscription Maintenance: http://mail.leafe.com/mailman/listinfo/profox OT-free version of this list: http://mail.leafe.com/mailman/listinfo/profoxtech Searchable Archive: http://leafe.com/archives/search/profox This message: http://leafe.com/archives/byMID/profox/CACW6n4tSKs4eqXtxN0SRNYuytJ+=pzbg9stfhf7mekk6ksf...@mail.gmail.com ** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.
