Hello, I can confirm that on my LEAF bering uclibc 4.3.3 routers the bash shellshock vulnerability exists. I have the bash.lrp package installed and the vulnerability lives there from my understanding (busybox is not vulnerable). I haven't tested this in any later versions but I suspect the vulnerability is present in many of them as well. Is there an updated bash.lrp to resolve this? This is a serious vulnerability and users of webservers in particular should be extra careful.
It's a testament to the great work in leaf that these old firewalls are still in service many years (some almost 10 years now, bering 2.x anyone?) after install. Let me know if I can help test or facilitate the bash.lrp package update if one doesn't exist to address this security issue yet. Thanks, -- Trev Peterson Advanced Reality Email: t...@advanced-reality.com Phone: +1 847 406 9018 ------------------------------------------------------------------------------ Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk ------------------------------------------------------------------------ leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
