There is an update for Command Line Tools in the App Store for OS X, FYI. On Thu, Sep 25, 2014 at 2:58 PM, Bruce W. Martin <marti...@gmail.com> wrote:
> I am a bit confused about this bug. What is the vector to exploit this? If > I turn off the web server daemon is the only vector then from those who can > log in with appropriate credentials? I have an old RHEL server that no > longer gets updates and a debian server that suddenly apt-get does not seem > to work. I have shit down the debian server and turned off the web server > daemon on the old RHEL box. Does that make it safe as long as no miscreant > can log in via ssh (no telnet daemon in decades)? The press seems all > sensational and says this is worse than Heartbleed but beyond that there is > not much substance in what I have found so far. I have updated all of my > RHEL/CentOS 5 & 6 boxes and run the test and it says I am clean, for now. > For my MacOS I guess I have to wait for Apple. Can I tell my Mac users to > turn off the web server and wait for the patch from Apple. Not that I think > any of my mac users have turned on the web server but it is the only thing > that I have seen as a vector short of a login. > > Comments? > > Bruce > > > On Sep 25, 2014, at 9:22 AM, Tim O'Guin <timog...@gmail.com> wrote: > > How it can be exploited: > > > http://security.stackexchange.com/questions/68122/what-is-a-specific-example-of-how-the-shellshock-bash-bug-could-be-exploited/68130#68130 > > Patched all our systems yesterday in a few seconds with Config Management > Tool of Choice (TM). > > > On Thu, Sep 25, 2014 at 9:17 AM, Holland Griffis <hollandgrif...@gmail.com > > wrote: > >> Meh, already patched. >> On Sep 25, 2014 9:14 AM, "Howard White" <hwh...@vcch.com> wrote: >> >>> Customer sent me email asking about ShellShock/bash bug vulnerability. >>> rut roh! >>> >>> The first post I see says Fedora/Red Hat put up fixes. >>> >>> So much for not updating systems for years and years... >>> >>> Howard >>> >>> -- >>> >> -- > > > -- > -- > You received this message because you are subscribed to the Google Groups > "NLUG" group. > To post to this group, send email to nlug-talk@googlegroups.com > To unsubscribe from this group, send email to > nlug-talk+unsubscr...@googlegroups.com > For more options, visit this group at > http://groups.google.com/group/nlug-talk?hl=en > > --- > You received this message because you are subscribed to the Google Groups > "NLUG" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to nlug-talk+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. > -- -- You received this message because you are subscribed to the Google Groups "NLUG" group. To post to this group, send email to nlug-talk@googlegroups.com To unsubscribe from this group, send email to nlug-talk+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/nlug-talk?hl=en --- You received this message because you are subscribed to the Google Groups "NLUG" group. To unsubscribe from this group and stop receiving emails from it, send an email to nlug-talk+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
