UBNT not vulnerable as AirOS doesn't have bash, it uses busybox (already
tested this myself).
EdgeRouters all vulnerable. You can either download bash fromdebian
stable/security, or wait for an incoming patch.
Josh Reynolds, Chief Information Officer
SPITwSPOTS, www.spitwspots.com <http://www.spitwspots.com>
On 09/25/2014 12:04 PM, Ty Featherling via Af wrote:
Yeah I am trying to figure out what else I may be operating that is
vulnerable. UBNT? Mikrotik? Cisco?
-Ty
On Thu, Sep 25, 2014 at 3:00 PM, Josh Baird via Af <af@afmug.com
<mailto:af@afmug.com>> wrote:
It can be exposed by anything that invokes bash - which is a ton
of stuff typically on Linux systems.
On Thu, Sep 25, 2014 at 2:25 PM, Peter Kranz via Af <af@afmug.com
<mailto:af@afmug.com>> wrote:
PS.. This vulnerability can be exploited via HTTP/Apache
attack vectors, so you need to patch any vulnerable system
running Apache.
Peter Kranz
Founder/CEO - Unwired Ltd
www.UnwiredLtd.com <http://www.UnwiredLtd.com>
Desk: 510-868-1614 x100 <tel:510-868-1614%20x100>
Mobile: 510-207-0000 <tel:510-207-0000>
pkr...@unwiredltd.com <mailto:pkr...@unwiredltd.com>
-----Original Message-----
From: Af [mailto:af-bounces+pkranz
<mailto:af-bounces%2Bpkranz>=unwiredltd....@afmug.com
<mailto:unwiredltd....@afmug.com>] On Behalf Of Matt via Af
Sent: Thursday, September 25, 2014 10:27 AM
To: af@afmug.com <mailto:af@afmug.com>
Subject: [AFMUG] Bash specially-crafted environment variables
code injection attack
Bash specially-crafted environment variables code injection attack
https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/