http://community.ubnt.com/t5/EdgeMAX/Re-Bash-shell-vuln-Is-ER-also-vulnerable/m-p/1024737/highlight/true#M43038
On Thu, Sep 25, 2014 at 4:54 PM, Josh Reynolds via Af <af@afmug.com> wrote: > UBNT not vulnerable as AirOS doesn't have bash, it uses busybox (already > tested this myself). > > EdgeRouters all vulnerable. You can either download bash from debian > stable/security, or wait for an incoming patch. > > Josh Reynolds, Chief Information Officer > SPITwSPOTS, www.spitwspots.com > On 09/25/2014 12:04 PM, Ty Featherling via Af wrote: > > Yeah I am trying to figure out what else I may be operating that is > vulnerable. UBNT? Mikrotik? Cisco? > > -Ty > > On Thu, Sep 25, 2014 at 3:00 PM, Josh Baird via Af <af@afmug.com> wrote: > >> It can be exposed by anything that invokes bash - which is a ton of stuff >> typically on Linux systems. >> >> On Thu, Sep 25, 2014 at 2:25 PM, Peter Kranz via Af <af@afmug.com> wrote: >> >>> PS.. This vulnerability can be exploited via HTTP/Apache attack vectors, >>> so you need to patch any vulnerable system running Apache. >>> >>> Peter Kranz >>> Founder/CEO - Unwired Ltd >>> www.UnwiredLtd.com >>> Desk: 510-868-1614 x100 <510-868-1614%20x100> >>> Mobile: 510-207-0000 >>> pkr...@unwiredltd.com >>> >>> -----Original Message----- >>> From: Af [mailto:af-bounces+pkranz=unwiredltd....@afmug.com] On Behalf >>> Of Matt via Af >>> Sent: Thursday, September 25, 2014 10:27 AM >>> To: af@afmug.com >>> Subject: [AFMUG] Bash specially-crafted environment variables code >>> injection attack >>> >>> Bash specially-crafted environment variables code injection attack >>> >>> >>> https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/ >>> >>> >> > >