Yeah probably the NSA! Hahaha! -Ty On Sep 26, 2014 10:36 PM, "That One Guy via Af" <af@afmug.com> wrote:
> Man I bet theres some guy whose been exploiting this for 20 years who is > pissed right now > > On Fri, Sep 26, 2014 at 1:54 PM, Ty Featherling via Af <af@afmug.com> > wrote: > >> CentOS on some, Ubuntu on others. Already got the answers in this thread >> though, thanks. >> >> -Ty >> >> On Fri, Sep 26, 2014 at 11:54 AM, Mike Hammett via Af <af@afmug.com> >> wrote: >> >>> Which distribution? >>> >>> >>> >>> ----- >>> Mike Hammett >>> Intelligent Computing Solutions >>> http://www.ics-il.com >>> >>> ------------------------------ >>> *From: *"Ty Featherling via Af" <af@afmug.com> >>> *To: *af@afmug.com >>> *Sent: *Thursday, September 25, 2014 2:42:31 PM >>> *Subject: *Re: [AFMUG] Bash specially-crafted environment variables >>> code injection attack >>> >>> Noob question but how can I easiest update my linux boxes to get the >>> latest patches? >>> >>> -Ty >>> >>> On Thu, Sep 25, 2014 at 1:59 PM, Josh Reynolds via Af <af@afmug.com> >>> wrote: >>> >>>> Upgraded our systems at 6am yesterday for this. Also pulled the bash >>>> .deb out of debian-stable/security for our ubiquiti edgerouters. (I >>>> made on a post on the UBNT forum with the CVE info yesterday.) >>>> >>>> Side note: TONS of things are affected by this... >>>> >>>> Josh Reynolds, Chief Information Officer >>>> SPITwSPOTS, www.spitwspots.com >>>> On 09/25/2014 10:25 AM, Peter Kranz via Af wrote: >>>> >>>> PS.. This vulnerability can be exploited via HTTP/Apache attack vectors, >>>> so you need to patch any vulnerable system running Apache. >>>> >>>> Peter Kranz >>>> Founder/CEO - Unwired Ltdwww.UnwiredLtd.com >>>> Desk: 510-868-1614 x100 >>>> Mobile: 510-207-0000pkr...@unwiredltd.com >>>> >>>> -----Original Message----- >>>> From: Af [mailto:af-bounces+pkranz=unwiredltd....@afmug.com >>>> <af-bounces+pkranz=unwiredltd....@afmug.com>] On Behalf Of Matt via Af >>>> Sent: Thursday, September 25, 2014 10:27 AM >>>> To: af@afmug.com >>>> Subject: [AFMUG] Bash specially-crafted environment variables code >>>> injection attack >>>> >>>> Bash specially-crafted environment variables code injection attack >>>> https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/ >>>> >>>> >>>> >>> >>> >> > > > -- > All parts should go together without forcing. You must remember that the > parts you are reassembling were disassembled by you. Therefore, if you > can't get them together again, there must be a reason. By all means, do not > use a hammer. -- IBM maintenance manual, 1925 >
