Salams, http://www.itnews.com.au/News/396256,further-flaws-render-shellshock-patch-ineffective.aspx
the problem is the bash parser. I felt the users would be most vulnerable when they are using a DHCP client as this is controlled by the shell script in an attack vector which the attacker would act as a DHCP server and send (and run) arbitrary commands on the vulnerable system (DHCP client) though it would be unusual for a sabily desktop user to install ProFTPd, apache cgi, qmail... etc...., W'salam, Muhammad Nuzaihan On Mon, Sep 29, 2014 at 4:58 PM, Zaihan <[email protected]> wrote: > Salams, > > the shellshock bug affects any software that uses bash shell, including > apache if it uses bash for cgi (opens an attack vector for websites at port > 80 by using netcat to exploit it), or DHCP client software if it uses a > shell script to start up (typically by the attacked within the LAN setting > a DHCP flag and options to extract or even do anything malicious on the > machines) > > W'salam, > Muhammad Nuzaihan > > On Mon, Sep 29, 2014 at 4:42 PM, ANIS El Achèche <[email protected]> > wrote: > >> Good morning folks! >> >> So, I don't know if you already heard about Shellshok or not yet.. Any >> way if you don't so it's time to read about and google it.. >> >> It's a critical BASH bug, that can allow remote execution of shell >> commands/scripts on a vulnerable system.. >> >> After the announcement of the bug, a patch was released and many OSs >> released the bash package update. >> >> So now after days of talking about the bug and that Ubuntu, and other OSs >> are offering updates, I think that you need to check your System(s).. And >> figure out if your OS is still vulnerable or not. >> >> This is a website dedicated to the bug → https://shellshocker.net/ >> >> Please be careful using pipes and commands that you don't understand. >> >> *El Achèche ANIS* >> *An Ubuntu-tn Member & Events Team Coordinator* >> *Official Ubuntu Member **|** Member @CLibre.tn | Junior >> SysAdmin @ApptivIT* >> >> *[email protected] <[email protected]> | # whoami >> <http://wiki.ubuntu.com/elacheche>* >> >> *"I am what I am because of who we all are" - The Ubuntu Philosophy* >> >> _______________________________________________ >> Mailing list: https://launchpad.net/~sabily.team >> Post to : [email protected] >> Unsubscribe : https://launchpad.net/~sabily.team >> More help : https://help.launchpad.net/ListHelp >> >> >
_______________________________________________ Mailing list: https://launchpad.net/~sabily.team Post to : [email protected] Unsubscribe : https://launchpad.net/~sabily.team More help : https://help.launchpad.net/ListHelp
