subject:"\"\\\[AFMUG\\\] Bash specially\\\-crafted environment variables code injection attack\""

Re: [AFMUG] Bash specially-crafted environment variables code injection attack

2014-09-28 Thread Shayne Lebrun via Af

Ø  I think the articles have maybe overstated the risk a bit, since you would 
need to either authenticate (at least as a regular user) to get to a shell, or 
find a publicly exposed script that will pass an environment variable to bash 
for you.

 

Please don’t think like this.  

 

From: Af [mailto:af-bounces+slebrun=muskoka@afmug.com] On Behalf Of Ken 
Hohhof via Af
Sent: Saturday, September 27, 2014 1:38 PM
To: af@afmug.com
Subject: Re: [AFMUG] Bash specially-crafted environment variables code 
injection attack

 

So maybe I won’t do that.

 

The newer servers where I could just do a yum update have been straightforward, 
as you’d expect.

 

I think the articles have maybe overstated the risk a bit, since you would need 
to either authenticate (at least as a regular user) to get to a shell, or find 
a publicly exposed script that will pass an environment variable to bash for 
you.

 

From: Jeremy via Af <mailto:af@afmug.com>  

Sent: Saturday, September 27, 2014 12:13 PM

To: af@afmug.com 

Subject: Re: [AFMUG] Bash specially-crafted environment variables code 
injection attack

 

Our webserver was vulnerable.  Tried to fix it without backing it up 
firstyeah, I know.  Lost it all.  So I guess I will be building a new 
website from my 2013 backup this weekend.  It's a good thing I carpet bombed my 
website to prevent anyone from messing with it!

 

On Sat, Sep 27, 2014 at 10:25 AM, Ken Hohhof via Af  wrote:

Unfortunately I have a couple old servers running RHEL4 and one old BlueQuartz 
webhosting appliance based on CentOS4.  I’m a little reluctant to try compiling 
the patch myself unless I switch to a difference shell first, if I screw up my 
command shell it might be difficult to fix.

 

Any guess if I’d be safe using the RPM cited in this thread:

http://serverfault.com/questions/631055/how-do-i-patch-rhel-4-for-the-bash-vulnerabilities-in-cve-2014-6271-and-cve-2014

 

the RPM it points to is:

 

http://public-yum.oracle.com/repo/EnterpriseLinux/EL4/latest/i386/getPackage/bash-3.0-27.0.2.el4.i386.rpm

 

 

From: Ty Featherling via Af <mailto:af@afmug.com>  

Sent: Saturday, September 27, 2014 10:52 AM

To: af@afmug.com 

Subject: Re: [AFMUG] Bash specially-crafted environment variables code 
injection attack

 

Yeah probably the NSA! Hahaha! 

-Ty

On Sep 26, 2014 10:36 PM, "That One Guy via Af"  wrote:

Man I bet theres some guy whose been exploiting this for 20 years who is pissed 
right now

 

On Fri, Sep 26, 2014 at 1:54 PM, Ty Featherling via Af  wrote:

CentOS on some, Ubuntu on others. Already got the answers in this thread 
though, thanks. 

 

-Ty

 

On Fri, Sep 26, 2014 at 11:54 AM, Mike Hammett via Af  wrote:

Which distribution?



-
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com

 

  _  

From: "Ty Featherling via Af" 
To: af@afmug.com
Sent: Thursday, September 25, 2014 2:42:31 PM
Subject: Re: [AFMUG] Bash specially-crafted environment variables code 
injection attack

Noob question but how can I easiest update my linux boxes to get the latest 
patches? 

 

-Ty

 

On Thu, Sep 25, 2014 at 1:59 PM, Josh Reynolds via Af  wrote:

Upgraded our systems at 6am yesterday for this. Also pulled the bash .deb out 
of debian-stable/security for our ubiquiti edgerouters. (I made on a post on 
the UBNT forum with the CVE info yesterday.)

Side note: TONS of things are affected by this...

Josh Reynolds, Chief Information Officer
SPITwSPOTS, www.spitwspots.com

On 09/25/2014 10:25 AM, Peter Kranz via Af wrote:

PS.. This vulnerability can be exploited via HTTP/Apache attack vectors, so you 
need to patch any vulnerable system running Apache.
 
Peter Kranz
Founder/CEO - Unwired Ltd
www.UnwiredLtd.com
Desk: 510-868-1614 x100  
Mobile: 510-207-
pkr...@unwiredltd.com
 
-Original Message-
From: Af [mailto:af-bounces+pkranz=unwiredltd@afmug.com] On Behalf Of Matt 
via Af
Sent: Thursday, September 25, 2014 10:27 AM
To: af@afmug.com
Subject: [AFMUG] Bash specially-crafted environment variables code injection 
attack
 
Bash specially-crafted environment variables code injection attack
 
https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/
 

 

 

 

 





 

-- 

All parts should go together without forcing. You must remember that the parts 
you are reassembling were disassembled by you. Therefore, if you can't get them 
together again, there must be a reason. By all means, do not use a hammer. -- 
IBM maintenance manual, 1925

Re: [AFMUG] Bash specially-crafted environment variables code injection attack

2014-09-27 Thread Shayne Lebrun via Af

On Debian, doing an ‘aptitude update;aptitude upgrade’ will almost never do 
anything ‘wrong,’ and if it thinks it’s going to, it will generally warn you 
about it right then and there, and often give you a few choices on what to do 
about it.

On a RHEL/CentOS distribution, ‘yum update’ will sometimes do incredibly stupid 
things.  I once had a ‘yum update’ make the stock Cacti server decide to look 
for the rrds in a different spot.  I’ve had it overwrite, without asking or 
notifying, config files, init.d startup scripts, etc etc.  Once, I had it 
upgrade to a kernel with a known filesystem corruption bug.  Just a day ago, 
doing it for the shellshock fix, it screwed up an snmptt handler by changing 
snmptrapd’s behavior for passing OIDs from numeric to non-numeric, so suddenly 
all of my traps were ‘unknown’ by snmptt.

Takeaway: Do the ‘yum upgrade’ but anything odd that happens over the next few 
weeks, that’s why.

From: Af [mailto:af-bounces+slebrun=muskoka@afmug.com] On Behalf Of That 
One Guy via Af
Sent: Friday, September 26, 2014 12:22 PM
To: af@afmug.com
Subject: Re: [AFMUG] Bash specially-crafted environment variables code 
injection attack

there will be no v9 impact by doing that?

On Fri, Sep 26, 2014 at 11:20 AM, Simon Westlake via Af  wrote:

Not if you're only running Powercode on the server, but you should still do a 
'yum update' for safety.

On 9/26/2014 11:10 AM, That One Guy via Af wrote:

Simon, is the powercode centos vulnerable? 

Does it matter the ports that are exposed, we have a couple DNS servers running 
but only DNS is opened through the external firewall

Is there a vulnerability scanner available for morons like me?

On Fri, Sep 26, 2014 at 9:50 AM, Matt via Af  wrote:

Redhat has released an updated patch this morning.  yum update again.

On Thu, Sep 25, 2014 at 12:26 PM, Matt via Af  wrote:
> Bash specially-crafted environment variables code injection attack
>
> https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/

-- 

All parts should go together without forcing. You must remember that the parts 
you are reassembling were disassembled by you. Therefore, if you can't get them 
together again, there must be a reason. By all means, do not use a hammer. -- 
IBM maintenance manual, 1925

-- 
Simon Westlake 
Powercode - The smart choice in ISP billing and OSS 
powercode.com 
P: 920-351-1010 
E: si...@powercode.com 

-- 

All parts should go together without forcing. You must remember that the parts 
you are reassembling were disassembled by you. Therefore, if you can't get them 
together again, there must be a reason. By all means, do not use a hammer. -- 
IBM maintenance manual, 1925

Re: [AFMUG] Bash specially-crafted environment variables code injection attack

2014-09-27 Thread Ken Hohhof via Af

So maybe I won’t do that.

The newer servers where I could just do a yum update have been straightforward, 
as you’d expect.

I think the articles have maybe overstated the risk a bit, since you would need 
to either authenticate (at least as a regular user) to get to a shell, or find 
a publicly exposed script that will pass an environment variable to bash for 
you.

From: Jeremy via Af 
Sent: Saturday, September 27, 2014 12:13 PM
To: af@afmug.com 
Subject: Re: [AFMUG] Bash specially-crafted environment variables code 
injection attack

Our webserver was vulnerable.  Tried to fix it without backing it up 
firstyeah, I know.  Lost it all.  So I guess I will be building a new 
website from my 2013 backup this weekend.  It's a good thing I carpet bombed my 
website to prevent anyone from messing with it!

On Sat, Sep 27, 2014 at 10:25 AM, Ken Hohhof via Af  wrote:

  Unfortunately I have a couple old servers running RHEL4 and one old 
BlueQuartz webhosting appliance based on CentOS4.  I’m a little reluctant to 
try compiling the patch myself unless I switch to a difference shell first, if 
I screw up my command shell it might be difficult to fix.

  Any guess if I’d be safe using the RPM cited in this thread:
  
http://serverfault.com/questions/631055/how-do-i-patch-rhel-4-for-the-bash-vulnerabilities-in-cve-2014-6271-and-cve-2014

  the RPM it points to is:

  
http://public-yum.oracle.com/repo/EnterpriseLinux/EL4/latest/i386/getPackage/bash-3.0-27.0.2.el4.i386.rpm


  From: Ty Featherling via Af 
  Sent: Saturday, September 27, 2014 10:52 AM
  To: af@afmug.com 
  Subject: Re: [AFMUG] Bash specially-crafted environment variables code 
injection attack

  Yeah probably the NSA! Hahaha! 

  -Ty

  On Sep 26, 2014 10:36 PM, "That One Guy via Af"  wrote:

Man I bet theres some guy whose been exploiting this for 20 years who is 
pissed right now

On Fri, Sep 26, 2014 at 1:54 PM, Ty Featherling via Af  wrote:

  CentOS on some, Ubuntu on others. Already got the answers in this thread 
though, thanks. 

  -Ty

  On Fri, Sep 26, 2014 at 11:54 AM, Mike Hammett via Af  
wrote:

Which distribution?




-
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com





From: "Ty Featherling via Af" 
To: af@afmug.com
Sent: Thursday, September 25, 2014 2:42:31 PM
    Subject: Re: [AFMUG] Bash specially-crafted environment variables code 
injection attack


Noob question but how can I easiest update my linux boxes to get the 
latest patches? 

-Ty

On Thu, Sep 25, 2014 at 1:59 PM, Josh Reynolds via Af  
wrote:

  Upgraded our systems at 6am yesterday for this. Also pulled the bash 
.deb out of debian-stable/security for our ubiquiti edgerouters. (I made on a 
post on the UBNT forum with the CVE info yesterday.)

  Side note: TONS of things are affected by this...

  Josh Reynolds, Chief Information Officer
  SPITwSPOTS, www.spitwspots.com

  On 09/25/2014 10:25 AM, Peter Kranz via Af wrote:

PS.. This vulnerability can be exploited via HTTP/Apache attack vectors, so you 
need to patch any vulnerable system running Apache.

Peter Kranz
Founder/CEO - Unwired Ltd
www.UnwiredLtd.com
Desk: 510-868-1614 x100
Mobile: 510-207-
pkr...@unwiredltd.com

-Original Message-
From: Af [mailto:af-bounces+pkranz=unwiredltd@afmug.com] On Behalf Of Matt 
via Af
Sent: Thursday, September 25, 2014 10:27 AM
To: af@afmug.com
Subject: [AFMUG] Bash specially-crafted environment variables code injection 
attack

Bash specially-crafted environment variables code injection attack

https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/










-- 

All parts should go together without forcing. You must remember that the 
parts you are reassembling were disassembled by you. Therefore, if you can't 
get them together again, there must be a reason. By all means, do not use a 
hammer. -- IBM maintenance manual, 1925

Re: [AFMUG] Bash specially-crafted environment variables code injection attack

2014-09-27 Thread Matt via Af

Guessing...

wget 
http://public-yum.oracle.com/repo/EnterpriseLinux/EL4/latest/i386/getPackage/bash-3.0-27.0.3.el4.i386.rpm
rpmbuild --rebuild bash-3.0-27.0.3.el4.src.rpm
rpm -qa |grep bash
rpm -Uvh /usr/src/redhat/RPMS/i386/bash-3.0-27.0.3.i386.rpm
rpm -qa |grep bash





On Sat, Sep 27, 2014 at 11:26 AM, Ken Hohhof via Af  wrote:
> Unfortunately I have a couple old servers running RHEL4 and one old
> BlueQuartz webhosting appliance based on CentOS4.  I’m a little reluctant to
> try compiling the patch myself unless I switch to a difference shell first,
> if I screw up my command shell it might be difficult to fix.
>
> Any guess if I’d be safe using the RPM cited in this thread:
> http://serverfault.com/questions/631055/how-do-i-patch-rhel-4-for-the-bash-vulnerabilities-in-cve-2014-6271-and-cve-2014
>
> the RPM it points to is:
>
> http://public-yum.oracle.com/repo/EnterpriseLinux/EL4/latest/i386/getPackage/bash-3.0-27.0.2.el4.i386.rpm
>
>
> From: Ty Featherling via Af
> Sent: Saturday, September 27, 2014 10:52 AM
> To: af@afmug.com
> Subject: Re: [AFMUG] Bash specially-crafted environment variables code
> injection attack
>
>
> Yeah probably the NSA! Hahaha!
>
> -Ty
>
> On Sep 26, 2014 10:36 PM, "That One Guy via Af"  wrote:
>>
>> Man I bet theres some guy whose been exploiting this for 20 years who is
>> pissed right now
>>
>> On Fri, Sep 26, 2014 at 1:54 PM, Ty Featherling via Af 
>> wrote:
>>>
>>> CentOS on some, Ubuntu on others. Already got the answers in this thread
>>> though, thanks.
>>>
>>> -Ty
>>>
>>> On Fri, Sep 26, 2014 at 11:54 AM, Mike Hammett via Af 
>>> wrote:
>>>>
>>>> Which distribution?
>>>>
>>>>
>>>>
>>>> -
>>>> Mike Hammett
>>>> Intelligent Computing Solutions
>>>> http://www.ics-il.com
>>>>
>>>> 
>>>> From: "Ty Featherling via Af" 
>>>> To: af@afmug.com
>>>> Sent: Thursday, September 25, 2014 2:42:31 PM
>>>> Subject: Re: [AFMUG] Bash specially-crafted environment variables code
>>>> injection attack
>>>>
>>>> Noob question but how can I easiest update my linux boxes to get the
>>>> latest patches?
>>>>
>>>> -Ty
>>>>
>>>> On Thu, Sep 25, 2014 at 1:59 PM, Josh Reynolds via Af 
>>>> wrote:
>>>>>
>>>>> Upgraded our systems at 6am yesterday for this. Also pulled the bash
>>>>> .deb out of debian-stable/security for our ubiquiti edgerouters. (I made 
>>>>> on
>>>>> a post on the UBNT forum with the CVE info yesterday.)
>>>>>
>>>>> Side note: TONS of things are affected by this...
>>>>>
>>>>> Josh Reynolds, Chief Information Officer
>>>>> SPITwSPOTS, www.spitwspots.com
>>>>>
>>>>> On 09/25/2014 10:25 AM, Peter Kranz via Af wrote:
>>>>>
>>>>> PS.. This vulnerability can be exploited via HTTP/Apache attack
>>>>> vectors, so you need to patch any vulnerable system running Apache.
>>>>>
>>>>> Peter Kranz
>>>>> Founder/CEO - Unwired Ltd
>>>>> www.UnwiredLtd.com
>>>>> Desk: 510-868-1614 x100
>>>>> Mobile: 510-207-
>>>>> pkr...@unwiredltd.com
>>>>>
>>>>> -Original Message-
>>>>> From: Af [mailto:af-bounces+pkranz=unwiredltd@afmug.com] On Behalf
>>>>> Of Matt via Af
>>>>> Sent: Thursday, September 25, 2014 10:27 AM
>>>>> To: af@afmug.com
>>>>> Subject: [AFMUG] Bash specially-crafted environment variables code
>>>>> injection attack
>>>>>
>>>>> Bash specially-crafted environment variables code injection attack
>>>>>
>>>>>
>>>>> https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/
>>>>>
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>>
>>
>> --
>> All parts should go together without forcing. You must remember that the
>> parts you are reassembling were disassembled by you. Therefore, if you can't
>> get them together again, there must be a reason. By all means, do not use a
>> hammer. -- IBM maintenance manual, 1925

Re: [AFMUG] Bash specially-crafted environment variables code injection attack

2014-09-27 Thread Jeremy via Af

Our webserver was vulnerable.  Tried to fix it without backing it up
firstyeah, I know.  Lost it all.  So I guess I will be building a new
website from my 2013 backup this weekend.  It's a good thing I carpet
bombed my website to prevent anyone from messing with it!

On Sat, Sep 27, 2014 at 10:25 AM, Ken Hohhof via Af  wrote:

>   Unfortunately I have a couple old servers running RHEL4 and one old
> BlueQuartz webhosting appliance based on CentOS4.  I’m a little reluctant
> to try compiling the patch myself unless I switch to a difference shell
> first, if I screw up my command shell it might be difficult to fix.
>
> Any guess if I’d be safe using the RPM cited in this thread:
>
> http://serverfault.com/questions/631055/how-do-i-patch-rhel-4-for-the-bash-vulnerabilities-in-cve-2014-6271-and-cve-2014
>
> the RPM it points to is:
>
>
> http://public-yum.oracle.com/repo/EnterpriseLinux/EL4/latest/i386/getPackage/bash-3.0-27.0.2.el4.i386.rpm
>
>
>  *From:* Ty Featherling via Af 
> *Sent:* Saturday, September 27, 2014 10:52 AM
> *To:* af@afmug.com
> *Subject:* Re: [AFMUG] Bash specially-crafted environment variables code
> injection attack
>
>
> Yeah probably the NSA! Hahaha!
>
> -Ty
> On Sep 26, 2014 10:36 PM, "That One Guy via Af"  wrote:
>
>> Man I bet theres some guy whose been exploiting this for 20 years who is
>> pissed right now
>>
>> On Fri, Sep 26, 2014 at 1:54 PM, Ty Featherling via Af 
>> wrote:
>>
>>> CentOS on some, Ubuntu on others. Already got the answers in this thread
>>> though, thanks.
>>>
>>> -Ty
>>>
>>> On Fri, Sep 26, 2014 at 11:54 AM, Mike Hammett via Af 
>>> wrote:
>>>
>>>>  Which distribution?
>>>>
>>>>
>>>>
>>>> -
>>>> Mike Hammett
>>>> Intelligent Computing Solutions
>>>> http://www.ics-il.com
>>>>
>>>> --
>>>> *From: *"Ty Featherling via Af" 
>>>> *To: *af@afmug.com
>>>> *Sent: *Thursday, September 25, 2014 2:42:31 PM
>>>> *Subject: *Re: [AFMUG] Bash specially-crafted environment variables
>>>> code injection attack
>>>>
>>>> Noob question but how can I easiest update my linux boxes to get the
>>>> latest patches?
>>>>
>>>> -Ty
>>>>
>>>> On Thu, Sep 25, 2014 at 1:59 PM, Josh Reynolds via Af 
>>>> wrote:
>>>>
>>>>>  Upgraded our systems at 6am yesterday for this. Also pulled the bash
>>>>> .deb out of debian-stable/security for our ubiquiti edgerouters. (I
>>>>> made on a post on the UBNT forum with the CVE info yesterday.)
>>>>>
>>>>> Side note: TONS of things are affected by this...
>>>>>
>>>>> Josh Reynolds, Chief Information Officer
>>>>> SPITwSPOTS, www.spitwspots.com
>>>>>  On 09/25/2014 10:25 AM, Peter Kranz via Af wrote:
>>>>>
>>>>> PS.. This vulnerability can be exploited via HTTP/Apache attack vectors, 
>>>>> so you need to patch any vulnerable system running Apache.
>>>>>
>>>>> Peter Kranz
>>>>> Founder/CEO - Unwired Ltdwww.UnwiredLtd.com
>>>>> Desk: 510-868-1614 x100
>>>>> Mobile: 510-207-pkr...@unwiredltd.com
>>>>>
>>>>> -Original Message-
>>>>> From: Af [mailto:af-bounces+pkranz=unwiredltd@afmug.com 
>>>>> ] On Behalf Of Matt via Af
>>>>> Sent: Thursday, September 25, 2014 10:27 AM
>>>>> To: af@afmug.com
>>>>> Subject: [AFMUG] Bash specially-crafted environment variables code 
>>>>> injection attack
>>>>>
>>>>> Bash specially-crafted environment variables code injection attack
>>>>> https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/
>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>>
>> --
>> All parts should go together without forcing. You must remember that the
>> parts you are reassembling were disassembled by you. Therefore, if you
>> can't get them together again, there must be a reason. By all means, do not
>> use a hammer. -- IBM maintenance manual, 1925
>>
>

Re: [AFMUG] Bash specially-crafted environment variables code injection attack

2014-09-27 Thread Ken Hohhof via Af

Unfortunately I have a couple old servers running RHEL4 and one old BlueQuartz 
webhosting appliance based on CentOS4.  I’m a little reluctant to try compiling 
the patch myself unless I switch to a difference shell first, if I screw up my 
command shell it might be difficult to fix.

Any guess if I’d be safe using the RPM cited in this thread:
http://serverfault.com/questions/631055/how-do-i-patch-rhel-4-for-the-bash-vulnerabilities-in-cve-2014-6271-and-cve-2014

the RPM it points to is:

http://public-yum.oracle.com/repo/EnterpriseLinux/EL4/latest/i386/getPackage/bash-3.0-27.0.2.el4.i386.rpm


From: Ty Featherling via Af 
Sent: Saturday, September 27, 2014 10:52 AM
To: af@afmug.com 
Subject: Re: [AFMUG] Bash specially-crafted environment variables code 
injection attack

Yeah probably the NSA! Hahaha! 

-Ty

On Sep 26, 2014 10:36 PM, "That One Guy via Af"  wrote:

  Man I bet theres some guy whose been exploiting this for 20 years who is 
pissed right now

  On Fri, Sep 26, 2014 at 1:54 PM, Ty Featherling via Af  wrote:

CentOS on some, Ubuntu on others. Already got the answers in this thread 
though, thanks. 

-Ty

On Fri, Sep 26, 2014 at 11:54 AM, Mike Hammett via Af  wrote:

  Which distribution?




  -
  Mike Hammett
  Intelligent Computing Solutions
  http://www.ics-il.com



--

  From: "Ty Featherling via Af" 
  To: af@afmug.com
  Sent: Thursday, September 25, 2014 2:42:31 PM
  Subject: Re: [AFMUG] Bash specially-crafted environment variables code 
injection attack


  Noob question but how can I easiest update my linux boxes to get the 
latest patches? 

  -Ty

  On Thu, Sep 25, 2014 at 1:59 PM, Josh Reynolds via Af  
wrote:

Upgraded our systems at 6am yesterday for this. Also pulled the bash 
.deb out of debian-stable/security for our ubiquiti edgerouters. (I made on a 
post on the UBNT forum with the CVE info yesterday.)

Side note: TONS of things are affected by this...

Josh Reynolds, Chief Information Officer
SPITwSPOTS, www.spitwspots.com

On 09/25/2014 10:25 AM, Peter Kranz via Af wrote:

PS.. This vulnerability can be exploited via HTTP/Apache attack vectors, so you 
need to patch any vulnerable system running Apache.

Peter Kranz
Founder/CEO - Unwired Ltd
www.UnwiredLtd.com
Desk: 510-868-1614 x100
Mobile: 510-207-
pkr...@unwiredltd.com

-Original Message-
From: Af [mailto:af-bounces+pkranz=unwiredltd@afmug.com] On Behalf Of Matt 
via Af
Sent: Thursday, September 25, 2014 10:27 AM
To: af@afmug.com
Subject: [AFMUG] Bash specially-crafted environment variables code injection 
attack

Bash specially-crafted environment variables code injection attack

https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/










  -- 

  All parts should go together without forcing. You must remember that the 
parts you are reassembling were disassembled by you. Therefore, if you can't 
get them together again, there must be a reason. By all means, do not use a 
hammer. -- IBM maintenance manual, 1925

Re: [AFMUG] Bash specially-crafted environment variables code injection attack

2014-09-27 Thread Ty Featherling via Af

Yeah probably the NSA! Hahaha!

-Ty
On Sep 26, 2014 10:36 PM, "That One Guy via Af"  wrote:

> Man I bet theres some guy whose been exploiting this for 20 years who is
> pissed right now
>
> On Fri, Sep 26, 2014 at 1:54 PM, Ty Featherling via Af 
> wrote:
>
>> CentOS on some, Ubuntu on others. Already got the answers in this thread
>> though, thanks.
>>
>> -Ty
>>
>> On Fri, Sep 26, 2014 at 11:54 AM, Mike Hammett via Af 
>> wrote:
>>
>>> Which distribution?
>>>
>>>
>>>
>>> -
>>> Mike Hammett
>>> Intelligent Computing Solutions
>>> http://www.ics-il.com
>>>
>>> --------------
>>> *From: *"Ty Featherling via Af" 
>>> *To: *af@afmug.com
>>> *Sent: *Thursday, September 25, 2014 2:42:31 PM
>>> *Subject: *Re: [AFMUG] Bash specially-crafted environment variables
>>> code injection attack
>>>
>>> Noob question but how can I easiest update my linux boxes to get the
>>> latest patches?
>>>
>>> -Ty
>>>
>>> On Thu, Sep 25, 2014 at 1:59 PM, Josh Reynolds via Af 
>>> wrote:
>>>
>>>>  Upgraded our systems at 6am yesterday for this. Also pulled the bash
>>>> .deb out of debian-stable/security for our ubiquiti edgerouters. (I
>>>> made on a post on the UBNT forum with the CVE info yesterday.)
>>>>
>>>> Side note: TONS of things are affected by this...
>>>>
>>>> Josh Reynolds, Chief Information Officer
>>>> SPITwSPOTS, www.spitwspots.com
>>>>  On 09/25/2014 10:25 AM, Peter Kranz via Af wrote:
>>>>
>>>> PS.. This vulnerability can be exploited via HTTP/Apache attack vectors, 
>>>> so you need to patch any vulnerable system running Apache.
>>>>
>>>> Peter Kranz
>>>> Founder/CEO - Unwired Ltdwww.UnwiredLtd.com
>>>> Desk: 510-868-1614 x100
>>>> Mobile: 510-207-pkr...@unwiredltd.com
>>>>
>>>> -Original Message-
>>>> From: Af [mailto:af-bounces+pkranz=unwiredltd@afmug.com 
>>>> ] On Behalf Of Matt via Af
>>>> Sent: Thursday, September 25, 2014 10:27 AM
>>>> To: af@afmug.com
>>>> Subject: [AFMUG] Bash specially-crafted environment variables code 
>>>> injection attack
>>>>
>>>> Bash specially-crafted environment variables code injection attack
>>>> https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/
>>>>
>>>>
>>>>
>>>
>>>
>>
>
>
> --
> All parts should go together without forcing. You must remember that the
> parts you are reassembling were disassembled by you. Therefore, if you
> can't get them together again, there must be a reason. By all means, do not
> use a hammer. -- IBM maintenance manual, 1925
>

Re: [AFMUG] Bash specially-crafted environment variables code injection attack

2014-09-26 Thread That One Guy via Af

Man I bet theres some guy whose been exploiting this for 20 years who is
pissed right now

On Fri, Sep 26, 2014 at 1:54 PM, Ty Featherling via Af  wrote:

> CentOS on some, Ubuntu on others. Already got the answers in this thread
> though, thanks.
>
> -Ty
>
> On Fri, Sep 26, 2014 at 11:54 AM, Mike Hammett via Af 
> wrote:
>
>> Which distribution?
>>
>>
>>
>> -
>> Mike Hammett
>> Intelligent Computing Solutions
>> http://www.ics-il.com
>>
>> --
>> *From: *"Ty Featherling via Af" 
>> *To: *af@afmug.com
>> *Sent: *Thursday, September 25, 2014 2:42:31 PM
>> *Subject: *Re: [AFMUG] Bash specially-crafted environment variables code
>> injection attack
>>
>> Noob question but how can I easiest update my linux boxes to get the
>> latest patches?
>>
>> -Ty
>>
>> On Thu, Sep 25, 2014 at 1:59 PM, Josh Reynolds via Af 
>> wrote:
>>
>>>  Upgraded our systems at 6am yesterday for this. Also pulled the bash
>>> .deb out of debian-stable/security for our ubiquiti edgerouters. (I
>>> made on a post on the UBNT forum with the CVE info yesterday.)
>>>
>>> Side note: TONS of things are affected by this...
>>>
>>> Josh Reynolds, Chief Information Officer
>>> SPITwSPOTS, www.spitwspots.com
>>>  On 09/25/2014 10:25 AM, Peter Kranz via Af wrote:
>>>
>>> PS.. This vulnerability can be exploited via HTTP/Apache attack vectors, so 
>>> you need to patch any vulnerable system running Apache.
>>>
>>> Peter Kranz
>>> Founder/CEO - Unwired Ltdwww.UnwiredLtd.com
>>> Desk: 510-868-1614 x100
>>> Mobile: 510-207-pkr...@unwiredltd.com
>>>
>>> -Original Message-
>>> From: Af [mailto:af-bounces+pkranz=unwiredltd@afmug.com 
>>> ] On Behalf Of Matt via Af
>>> Sent: Thursday, September 25, 2014 10:27 AM
>>> To: af@afmug.com
>>> Subject: [AFMUG] Bash specially-crafted environment variables code 
>>> injection attack
>>>
>>> Bash specially-crafted environment variables code injection attack
>>> https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/
>>>
>>>
>>>
>>
>>
>


-- 
All parts should go together without forcing. You must remember that the
parts you are reassembling were disassembled by you. Therefore, if you
can't get them together again, there must be a reason. By all means, do not
use a hammer. -- IBM maintenance manual, 1925

Re: [AFMUG] Bash specially-crafted environment variables code injection attack

2014-09-26 Thread Ty Featherling via Af

CentOS on some, Ubuntu on others. Already got the answers in this thread
though, thanks.

-Ty

On Fri, Sep 26, 2014 at 11:54 AM, Mike Hammett via Af  wrote:

> Which distribution?
>
>
>
> -
> Mike Hammett
> Intelligent Computing Solutions
> http://www.ics-il.com
>
> --
> *From: *"Ty Featherling via Af" 
> *To: *af@afmug.com
> *Sent: *Thursday, September 25, 2014 2:42:31 PM
> *Subject: *Re: [AFMUG] Bash specially-crafted environment variables code
> injection attack
>
> Noob question but how can I easiest update my linux boxes to get the
> latest patches?
>
> -Ty
>
> On Thu, Sep 25, 2014 at 1:59 PM, Josh Reynolds via Af 
> wrote:
>
>>  Upgraded our systems at 6am yesterday for this. Also pulled the bash
>> .deb out of debian-stable/security for our ubiquiti edgerouters. (I made
>> on a post on the UBNT forum with the CVE info yesterday.)
>>
>> Side note: TONS of things are affected by this...
>>
>> Josh Reynolds, Chief Information Officer
>> SPITwSPOTS, www.spitwspots.com
>>  On 09/25/2014 10:25 AM, Peter Kranz via Af wrote:
>>
>> PS.. This vulnerability can be exploited via HTTP/Apache attack vectors, so 
>> you need to patch any vulnerable system running Apache.
>>
>> Peter Kranz
>> Founder/CEO - Unwired Ltdwww.UnwiredLtd.com
>> Desk: 510-868-1614 x100
>> Mobile: 510-207-pkr...@unwiredltd.com
>>
>> -Original Message-
>> From: Af [mailto:af-bounces+pkranz=unwiredltd....@afmug.com 
>> ] On Behalf Of Matt via Af
>> Sent: Thursday, September 25, 2014 10:27 AM
>> To: af@afmug.com
>> Subject: [AFMUG] Bash specially-crafted environment variables code injection 
>> attack
>>
>> Bash specially-crafted environment variables code injection attack
>> https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/
>>
>>
>>
>
>

Re: [AFMUG] Bash specially-crafted environment variables code injection attack

2014-09-26 Thread Mike Hammett via Af

Which distribution? 




- 
Mike Hammett 
Intelligent Computing Solutions 
http://www.ics-il.com 

- Original Message -

From: "Ty Featherling via Af"  
To: af@afmug.com 
Sent: Thursday, September 25, 2014 2:42:31 PM 
Subject: Re: [AFMUG] Bash specially-crafted environment variables code 
injection attack 


Noob question but how can I easiest update my linux boxes to get the latest 
patches? 


-Ty 


On Thu, Sep 25, 2014 at 1:59 PM, Josh Reynolds via Af < af@afmug.com > wrote: 




Upgraded our systems at 6am yesterday for this. Also pulled the bash .deb out 
of debian-stable/security for our ubiquiti edg erouters. (I made on a post on 
the UBNT forum with the CVE info yesterday.) 

Side n ote: TONS of things are affected by this... 


Josh Reynolds, Chief Information Officer 
SPITwSPOTS, www.spitwspots.com 

On 09/25/2014 10:25 AM, Peter Kranz via Af wrote: 




PS.. This vulnerability can be exploited via HTTP/Apache attack vectors, so you 
need to patch any vulnerable system running Apache.

Peter Kranz
Founder/CEO - Unwired Ltd www.UnwiredLtd.com Desk: 510-868-1614 x100 Mobile: 
510-207- pkr...@unwiredltd.com -Original Message-
From: Af [ mailto:af-bounces+pkranz=unwiredltd@afmug.com ] On Behalf Of 
Matt via Af
Sent: Thursday, September 25, 2014 10:27 AM
To: af@afmug.com Subject: [AFMUG] Bash specially-crafted environment variables 
code injection attack

Bash specially-crafted environment variables code injection attack 
https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/

Re: [AFMUG] Bash specially-crafted environment variables code injection attack

2014-09-26 Thread That One Guy via Af

there will be no v9 impact by doing that?

On Fri, Sep 26, 2014 at 11:20 AM, Simon Westlake via Af 
wrote:

>  Not if you're only running Powercode on the server, but you should still
> do a 'yum update' for safety.
>
> On 9/26/2014 11:10 AM, That One Guy via Af wrote:
>
> Simon, is the powercode centos vulnerable?
>
>  Does it matter the ports that are exposed, we have a couple DNS servers
> running but only DNS is opened through the external firewall
>
>  Is there a vulnerability scanner available for morons like me?
>
> On Fri, Sep 26, 2014 at 9:50 AM, Matt via Af  wrote:
>
>> Redhat has released an updated patch this morning.  yum update again.
>>
>>
>> On Thu, Sep 25, 2014 at 12:26 PM, Matt via Af  wrote:
>> > Bash specially-crafted environment variables code injection attack
>> >
>> >
>> https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/
>>
>
>
>
>  --
> All parts should go together without forcing. You must remember that the
> parts you are reassembling were disassembled by you. Therefore, if you
> can't get them together again, there must be a reason. By all means, do not
> use a hammer. -- IBM maintenance manual, 1925
>
>
> --
>  Simon Westlake
> *Powercode* - The smart choice in ISP billing and OSS
> powercode.com
> P: 920-351-1010
> E: si...@powercode.com
>



-- 
All parts should go together without forcing. You must remember that the
parts you are reassembling were disassembled by you. Therefore, if you
can't get them together again, there must be a reason. By all means, do not
use a hammer. -- IBM maintenance manual, 1925

Re: [AFMUG] Bash specially-crafted environment variables code injection attack

2014-09-26 Thread Simon Westlake via Af

Not if you're only running Powercode on the server, but you should still 
do a 'yum update' for safety.


On 9/26/2014 11:10 AM, That One Guy via Af wrote:

Simon, is the powercode centos vulnerable?

Does it matter the ports that are exposed, we have a couple DNS 
servers running but only DNS is opened through the external firewall


Is there a vulnerability scanner available for morons like me?

On Fri, Sep 26, 2014 at 9:50 AM, Matt via Af > wrote:


Redhat has released an updated patch this morning.  yum update again.


On Thu, Sep 25, 2014 at 12:26 PM, Matt via Af mailto:af@afmug.com>> wrote:
> Bash specially-crafted environment variables code injection attack
>
>

https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/




--
All parts should go together without forcing. You must remember that 
the parts you are reassembling were disassembled by you. Therefore, if 
you can't get them together again, there must be a reason. By all 
means, do not use a hammer. -- IBM maintenance manual, 1925


--
Simon Westlake
*Powercode* - The smart choice in ISP billing and OSS
powercode.com 
P: 920-351-1010
E: si...@powercode.com

Re: [AFMUG] Bash specially-crafted environment variables code injection attack

2014-09-26 Thread That One Guy via Af

Simon, is the powercode centos vulnerable?

Does it matter the ports that are exposed, we have a couple DNS servers
running but only DNS is opened through the external firewall

Is there a vulnerability scanner available for morons like me?

On Fri, Sep 26, 2014 at 9:50 AM, Matt via Af  wrote:

> Redhat has released an updated patch this morning.  yum update again.
>
>
> On Thu, Sep 25, 2014 at 12:26 PM, Matt via Af  wrote:
> > Bash specially-crafted environment variables code injection attack
> >
> >
> https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/
>



-- 
All parts should go together without forcing. You must remember that the
parts you are reassembling were disassembled by you. Therefore, if you
can't get them together again, there must be a reason. By all means, do not
use a hammer. -- IBM maintenance manual, 1925

Re: [AFMUG] Bash specially-crafted environment variables code injection attack

2014-09-26 Thread Matt via Af

Redhat has released an updated patch this morning.  yum update again.


On Thu, Sep 25, 2014 at 12:26 PM, Matt via Af  wrote:
> Bash specially-crafted environment variables code injection attack
>
> https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/

Re: [AFMUG] Bash specially-crafted environment variables code injection attack

2014-09-25 Thread Matt Hardy via Af

http://community.ubnt.com/t5/EdgeMAX/Re-Bash-shell-vuln-Is-ER-also-vulnerable/m-p/1024737/highlight/true#M43038



On Thu, Sep 25, 2014 at 4:54 PM, Josh Reynolds via Af  wrote:

>  UBNT not vulnerable as AirOS doesn't have bash, it uses busybox (already
> tested this myself).
>
> EdgeRouters all vulnerable. You can either download bash from debian
> stable/security, or wait for an incoming patch.
>
> Josh Reynolds, Chief Information Officer
> SPITwSPOTS, www.spitwspots.com
>  On 09/25/2014 12:04 PM, Ty Featherling via Af wrote:
>
> Yeah I am trying to figure out what else I may be operating that is
> vulnerable. UBNT? Mikrotik? Cisco?
>
>  -Ty
>
> On Thu, Sep 25, 2014 at 3:00 PM, Josh Baird via Af  wrote:
>
>> It can be exposed by anything that invokes bash - which is a ton of stuff
>> typically on Linux systems.
>>
>> On Thu, Sep 25, 2014 at 2:25 PM, Peter Kranz via Af  wrote:
>>
>>> PS.. This vulnerability can be exploited via HTTP/Apache attack vectors,
>>> so you need to patch any vulnerable system running Apache.
>>>
>>> Peter Kranz
>>> Founder/CEO - Unwired Ltd
>>> www.UnwiredLtd.com
>>> Desk: 510-868-1614 x100 <510-868-1614%20x100>
>>> Mobile: 510-207-
>>> pkr...@unwiredltd.com
>>>
>>> -Original Message-----
>>> From: Af [mailto:af-bounces+pkranz=unwiredltd@afmug.com] On Behalf
>>> Of Matt via Af
>>> Sent: Thursday, September 25, 2014 10:27 AM
>>> To: af@afmug.com
>>> Subject: [AFMUG] Bash specially-crafted environment variables code
>>> injection attack
>>>
>>> Bash specially-crafted environment variables code injection attack
>>>
>>>
>>> https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/
>>>
>>>
>>
>
>

Re: [AFMUG] Bash specially-crafted environment variables code injection attack

2014-09-25 Thread Ty Featherling via Af

Cool. Sounds like only my Linux boxes are vulnerable really. Already
patched them up.

-Ty

On Thu, Sep 25, 2014 at 3:54 PM, Josh Reynolds via Af  wrote:

>  UBNT not vulnerable as AirOS doesn't have bash, it uses busybox (already
> tested this myself).
>
> EdgeRouters all vulnerable. You can either download bash from debian
> stable/security, or wait for an incoming patch.
>
> Josh Reynolds, Chief Information Officer
> SPITwSPOTS, www.spitwspots.com
>  On 09/25/2014 12:04 PM, Ty Featherling via Af wrote:
>
> Yeah I am trying to figure out what else I may be operating that is
> vulnerable. UBNT? Mikrotik? Cisco?
>
>  -Ty
>
> On Thu, Sep 25, 2014 at 3:00 PM, Josh Baird via Af  wrote:
>
>> It can be exposed by anything that invokes bash - which is a ton of stuff
>> typically on Linux systems.
>>
>> On Thu, Sep 25, 2014 at 2:25 PM, Peter Kranz via Af  wrote:
>>
>>> PS.. This vulnerability can be exploited via HTTP/Apache attack vectors,
>>> so you need to patch any vulnerable system running Apache.
>>>
>>> Peter Kranz
>>> Founder/CEO - Unwired Ltd
>>> www.UnwiredLtd.com
>>> Desk: 510-868-1614 x100 <510-868-1614%20x100>
>>> Mobile: 510-207-
>>> pkr...@unwiredltd.com
>>>
>>> -Original Message-----
>>> From: Af [mailto:af-bounces+pkranz=unwiredltd@afmug.com] On Behalf
>>> Of Matt via Af
>>> Sent: Thursday, September 25, 2014 10:27 AM
>>> To: af@afmug.com
>>> Subject: [AFMUG] Bash specially-crafted environment variables code
>>> injection attack
>>>
>>> Bash specially-crafted environment variables code injection attack
>>>
>>>
>>> https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/
>>>
>>>
>>
>
>

Re: [AFMUG] Bash specially-crafted environment variables code injection attack

2014-09-25 Thread Josh Reynolds via Af

UBNT not vulnerable as AirOS doesn't have bash, it uses busybox (already 
tested this myself).


EdgeRouters all vulnerable. You can either download bash fromdebian 
stable/security, or wait for an incoming patch.


Josh Reynolds, Chief Information Officer
SPITwSPOTS, www.spitwspots.com <http://www.spitwspots.com>

On 09/25/2014 12:04 PM, Ty Featherling via Af wrote:
Yeah I am trying to figure out what else I may be operating that is 
vulnerable. UBNT? Mikrotik? Cisco?


-Ty

On Thu, Sep 25, 2014 at 3:00 PM, Josh Baird via Af <mailto:af@afmug.com>> wrote:


It can be exposed by anything that invokes bash - which is a ton
of stuff typically on Linux systems.

On Thu, Sep 25, 2014 at 2:25 PM, Peter Kranz via Af mailto:af@afmug.com>> wrote:

PS.. This vulnerability can be exploited via HTTP/Apache
attack vectors, so you need to patch any vulnerable system
running Apache.

Peter Kranz
Founder/CEO - Unwired Ltd
www.UnwiredLtd.com <http://www.UnwiredLtd.com>
Desk: 510-868-1614 x100 
Mobile: 510-207- 
pkr...@unwiredltd.com <mailto:pkr...@unwiredltd.com>

-Original Message-
From: Af [mailto:af-bounces+pkranz
<mailto:af-bounces%2Bpkranz>=unwiredltd@afmug.com
<mailto:unwiredltd@afmug.com>] On Behalf Of Matt via Af
Sent: Thursday, September 25, 2014 10:27 AM
To: af@afmug.com <mailto:af@afmug.com>
    Subject: [AFMUG] Bash specially-crafted environment variables
code injection attack

Bash specially-crafted environment variables code injection attack


https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/

Re: [AFMUG] Bash specially-crafted environment variables code injection attack

2014-09-25 Thread Matt via Af

On Centos/Redhat

yum update

The current patch solves the worst of it as I understand, another
patch should be out shortly as well.


On Thu, Sep 25, 2014 at 2:42 PM, Ty Featherling via Af  wrote:
> Noob question but how can I easiest update my linux boxes to get the latest
> patches?
>
> -Ty
>
> On Thu, Sep 25, 2014 at 1:59 PM, Josh Reynolds via Af  wrote:
>>
>> Upgraded our systems at 6am yesterday for this. Also pulled the bash .deb
>> out of debian-stable/security for our ubiquiti edgerouters. (I made on a
>> post on the UBNT forum with the CVE info yesterday.)
>>
>> Side note: TONS of things are affected by this...
>>
>> Josh Reynolds, Chief Information Officer
>> SPITwSPOTS, www.spitwspots.com
>>
>> On 09/25/2014 10:25 AM, Peter Kranz via Af wrote:
>>
>> PS.. This vulnerability can be exploited via HTTP/Apache attack vectors,
>> so you need to patch any vulnerable system running Apache.
>>
>> Peter Kranz
>> Founder/CEO - Unwired Ltd
>> www.UnwiredLtd.com
>> Desk: 510-868-1614 x100
>> Mobile: 510-207-
>> pkr...@unwiredltd.com
>>
>> -Original Message-
>> From: Af [mailto:af-bounces+pkranz=unwiredltd....@afmug.com] On Behalf Of
>> Matt via Af
>> Sent: Thursday, September 25, 2014 10:27 AM
>> To: af@afmug.com
>> Subject: [AFMUG] Bash specially-crafted environment variables code
>> injection attack
>>
>> Bash specially-crafted environment variables code injection attack
>>
>>
>> https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/
>>
>>
>

Re: [AFMUG] Bash specially-crafted environment variables code injection attack

2014-09-25 Thread Josh Baird via Af

If it runs bash, it's vulnerable.  Cisco devices running IOS don't use bash
for anything that I know of.  I'm not sure about MT, but I doubt that it's
a concern there either.

On Thu, Sep 25, 2014 at 4:04 PM, Ty Featherling via Af  wrote:

> Yeah I am trying to figure out what else I may be operating that is
> vulnerable. UBNT? Mikrotik? Cisco?
>
> -Ty
>
> On Thu, Sep 25, 2014 at 3:00 PM, Josh Baird via Af  wrote:
>
>> It can be exposed by anything that invokes bash - which is a ton of stuff
>> typically on Linux systems.
>>
>> On Thu, Sep 25, 2014 at 2:25 PM, Peter Kranz via Af  wrote:
>>
>>> PS.. This vulnerability can be exploited via HTTP/Apache attack vectors,
>>> so you need to patch any vulnerable system running Apache.
>>>
>>> Peter Kranz
>>> Founder/CEO - Unwired Ltd
>>> www.UnwiredLtd.com
>>> Desk: 510-868-1614 x100
>>> Mobile: 510-207-
>>> pkr...@unwiredltd.com
>>>
>>> -Original Message-
>>> From: Af [mailto:af-bounces+pkranz=unwiredltd....@afmug.com] On Behalf
>>> Of Matt via Af
>>> Sent: Thursday, September 25, 2014 10:27 AM
>>> To: af@afmug.com
>>> Subject: [AFMUG] Bash specially-crafted environment variables code
>>> injection attack
>>>
>>> Bash specially-crafted environment variables code injection attack
>>>
>>>
>>> https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/
>>>
>>>
>>
>

Re: [AFMUG] Bash specially-crafted environment variables code injection attack

2014-09-25 Thread Ty Featherling via Af

Yeah I am trying to figure out what else I may be operating that is
vulnerable. UBNT? Mikrotik? Cisco?

-Ty

On Thu, Sep 25, 2014 at 3:00 PM, Josh Baird via Af  wrote:

> It can be exposed by anything that invokes bash - which is a ton of stuff
> typically on Linux systems.
>
> On Thu, Sep 25, 2014 at 2:25 PM, Peter Kranz via Af  wrote:
>
>> PS.. This vulnerability can be exploited via HTTP/Apache attack vectors,
>> so you need to patch any vulnerable system running Apache.
>>
>> Peter Kranz
>> Founder/CEO - Unwired Ltd
>> www.UnwiredLtd.com
>> Desk: 510-868-1614 x100
>> Mobile: 510-207-
>> pkr...@unwiredltd.com
>>
>> -Original Message-
>> From: Af [mailto:af-bounces+pkranz=unwiredltd@afmug.com] On Behalf
>> Of Matt via Af
>> Sent: Thursday, September 25, 2014 10:27 AM
>> To: af@afmug.com
>> Subject: [AFMUG] Bash specially-crafted environment variables code
>> injection attack
>>
>> Bash specially-crafted environment variables code injection attack
>>
>>
>> https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/
>>
>>
>

Re: [AFMUG] Bash specially-crafted environment variables code injection attack

2014-09-25 Thread Josh Baird via Af

It can be exposed by anything that invokes bash - which is a ton of stuff
typically on Linux systems.

On Thu, Sep 25, 2014 at 2:25 PM, Peter Kranz via Af  wrote:

> PS.. This vulnerability can be exploited via HTTP/Apache attack vectors,
> so you need to patch any vulnerable system running Apache.
>
> Peter Kranz
> Founder/CEO - Unwired Ltd
> www.UnwiredLtd.com
> Desk: 510-868-1614 x100
> Mobile: 510-207-
> pkr...@unwiredltd.com
>
> -Original Message-
> From: Af [mailto:af-bounces+pkranz=unwiredltd@afmug.com] On Behalf Of
> Matt via Af
> Sent: Thursday, September 25, 2014 10:27 AM
> To: af@afmug.com
> Subject: [AFMUG] Bash specially-crafted environment variables code
> injection attack
>
> Bash specially-crafted environment variables code injection attack
>
>
> https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/
>
>

Re: [AFMUG] Bash specially-crafted environment variables code injection attack

2014-09-25 Thread Ty Featherling via Af

Well that was easy. Thanks.

-Ty

On Thu, Sep 25, 2014 at 2:46 PM, Robbie Wright via Af  wrote:

> sudo apt-get clean && sudo apt-get update && sudo apt-get upgrade && sudo
> apt-get autoremove
>
>
> Robbie Wright
> Siuslaw Broadband <http://siuslawbroadband.com>
> 541-902-5101
>
> On Thu, Sep 25, 2014 at 12:42 PM, Ty Featherling via Af 
> wrote:
>
>> Noob question but how can I easiest update my linux boxes to get the
>> latest patches?
>>
>> -Ty
>>
>> On Thu, Sep 25, 2014 at 1:59 PM, Josh Reynolds via Af 
>> wrote:
>>
>>>  Upgraded our systems at 6am yesterday for this. Also pulled the bash
>>> .deb out of debian-stable/security for our ubiquiti edgerouters. (I
>>> made on a post on the UBNT forum with the CVE info yesterday.)
>>>
>>> Side note: TONS of things are affected by this...
>>>
>>> Josh Reynolds, Chief Information Officer
>>> SPITwSPOTS, www.spitwspots.com
>>>  On 09/25/2014 10:25 AM, Peter Kranz via Af wrote:
>>>
>>> PS.. This vulnerability can be exploited via HTTP/Apache attack vectors, so 
>>> you need to patch any vulnerable system running Apache.
>>>
>>> Peter Kranz
>>> Founder/CEO - Unwired Ltdwww.UnwiredLtd.com
>>> Desk: 510-868-1614 x100
>>> Mobile: 510-207-pkr...@unwiredltd.com
>>>
>>> -----Original Message-
>>> From: Af [mailto:af-bounces+pkranz=unwiredltd@afmug.com 
>>> ] On Behalf Of Matt via Af
>>> Sent: Thursday, September 25, 2014 10:27 AM
>>> To: af@afmug.com
>>> Subject: [AFMUG] Bash specially-crafted environment variables code 
>>> injection attack
>>>
>>> Bash specially-crafted environment variables code injection attack
>>> https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/
>>>
>>>
>>>
>>
>

Re: [AFMUG] Bash specially-crafted environment variables code injection attack

2014-09-25 Thread Robbie Wright via Af

sudo apt-get clean && sudo apt-get update && sudo apt-get upgrade && sudo
apt-get autoremove


Robbie Wright
Siuslaw Broadband <http://siuslawbroadband.com>
541-902-5101

On Thu, Sep 25, 2014 at 12:42 PM, Ty Featherling via Af 
wrote:

> Noob question but how can I easiest update my linux boxes to get the
> latest patches?
>
> -Ty
>
> On Thu, Sep 25, 2014 at 1:59 PM, Josh Reynolds via Af 
> wrote:
>
>>  Upgraded our systems at 6am yesterday for this. Also pulled the bash
>> .deb out of debian-stable/security for our ubiquiti edgerouters. (I made
>> on a post on the UBNT forum with the CVE info yesterday.)
>>
>> Side note: TONS of things are affected by this...
>>
>> Josh Reynolds, Chief Information Officer
>> SPITwSPOTS, www.spitwspots.com
>>  On 09/25/2014 10:25 AM, Peter Kranz via Af wrote:
>>
>> PS.. This vulnerability can be exploited via HTTP/Apache attack vectors, so 
>> you need to patch any vulnerable system running Apache.
>>
>> Peter Kranz
>> Founder/CEO - Unwired Ltdwww.UnwiredLtd.com
>> Desk: 510-868-1614 x100
>> Mobile: 510-207-pkr...@unwiredltd.com
>>
>> -Original Message-
>> From: Af [mailto:af-bounces+pkranz=unwiredltd....@afmug.com 
>> ] On Behalf Of Matt via Af
>> Sent: Thursday, September 25, 2014 10:27 AM
>> To: af@afmug.com
>> Subject: [AFMUG] Bash specially-crafted environment variables code injection 
>> attack
>>
>> Bash specially-crafted environment variables code injection attack
>> https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/
>>
>>
>>
>

Re: [AFMUG] Bash specially-crafted environment variables code injection attack

2014-09-25 Thread Ty Featherling via Af

Noob question but how can I easiest update my linux boxes to get the latest
patches?

-Ty

On Thu, Sep 25, 2014 at 1:59 PM, Josh Reynolds via Af  wrote:

>  Upgraded our systems at 6am yesterday for this. Also pulled the bash
> .deb out of debian-stable/security for our ubiquiti edgerouters. (I made
> on a post on the UBNT forum with the CVE info yesterday.)
>
> Side note: TONS of things are affected by this...
>
> Josh Reynolds, Chief Information Officer
> SPITwSPOTS, www.spitwspots.com
>  On 09/25/2014 10:25 AM, Peter Kranz via Af wrote:
>
> PS.. This vulnerability can be exploited via HTTP/Apache attack vectors, so 
> you need to patch any vulnerable system running Apache.
>
> Peter Kranz
> Founder/CEO - Unwired Ltdwww.UnwiredLtd.com
> Desk: 510-868-1614 x100
> Mobile: 510-207-pkr...@unwiredltd.com
>
> -Original Message-
> From: Af [mailto:af-bounces+pkranz=unwiredltd@afmug.com 
> ] On Behalf Of Matt via Af
> Sent: Thursday, September 25, 2014 10:27 AM
> To: af@afmug.com
> Subject: [AFMUG] Bash specially-crafted environment variables code injection 
> attack
>
> Bash specially-crafted environment variables code injection attack
> https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/
>
>
>

Re: [AFMUG] Bash specially-crafted environment variables code injection attack

2014-09-25 Thread Josh Reynolds via Af

Upgraded our systems at 6am yesterday for this. Also pulled the bash 
.deb out of debian-stable/security for our ubiquiti edgerouters. (I made 
on a post on the UBNT forumwith the CVE info yesterday.)


Side note: TONS of things are affected by this...

Josh Reynolds, Chief Information Officer
SPITwSPOTS, www.spitwspots.com <http://www.spitwspots.com>

On 09/25/2014 10:25 AM, Peter Kranz via Af wrote:

PS.. This vulnerability can be exploited via HTTP/Apache attack vectors, so you 
need to patch any vulnerable system running Apache.

Peter Kranz
Founder/CEO - Unwired Ltd
www.UnwiredLtd.com
Desk: 510-868-1614 x100
Mobile: 510-207-
pkr...@unwiredltd.com

-Original Message-
From: Af [mailto:af-bounces+pkranz=unwiredltd@afmug.com] On Behalf Of Matt 
via Af
Sent: Thursday, September 25, 2014 10:27 AM
To: af@afmug.com
Subject: [AFMUG] Bash specially-crafted environment variables code injection 
attack

Bash specially-crafted environment variables code injection attack

https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/

Re: [AFMUG] Bash specially-crafted environment variables code injection attack

2014-09-25 Thread Peter Kranz via Af

PS.. This vulnerability can be exploited via HTTP/Apache attack vectors, so you 
need to patch any vulnerable system running Apache.

Peter Kranz
Founder/CEO - Unwired Ltd
www.UnwiredLtd.com
Desk: 510-868-1614 x100
Mobile: 510-207-
pkr...@unwiredltd.com

-Original Message-
From: Af [mailto:af-bounces+pkranz=unwiredltd@afmug.com] On Behalf Of Matt 
via Af
Sent: Thursday, September 25, 2014 10:27 AM
To: af@afmug.com
Subject: [AFMUG] Bash specially-crafted environment variables code injection 
attack

Bash specially-crafted environment variables code injection attack

https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/

[AFMUG] Bash specially-crafted environment variables code injection attack

2014-09-25 Thread Matt via Af

Bash specially-crafted environment variables code injection attack

https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/

Re: [AFMUG] Bash specially-crafted environment variables code injection attack

Re: [AFMUG] Bash specially-crafted environment variables code injection attack

Re: [AFMUG] Bash specially-crafted environment variables code injection attack

Re: [AFMUG] Bash specially-crafted environment variables code injection attack

Re: [AFMUG] Bash specially-crafted environment variables code injection attack

Re: [AFMUG] Bash specially-crafted environment variables code injection attack

Re: [AFMUG] Bash specially-crafted environment variables code injection attack

Re: [AFMUG] Bash specially-crafted environment variables code injection attack

Re: [AFMUG] Bash specially-crafted environment variables code injection attack

Re: [AFMUG] Bash specially-crafted environment variables code injection attack

Re: [AFMUG] Bash specially-crafted environment variables code injection attack

Re: [AFMUG] Bash specially-crafted environment variables code injection attack

Re: [AFMUG] Bash specially-crafted environment variables code injection attack

Re: [AFMUG] Bash specially-crafted environment variables code injection attack

Re: [AFMUG] Bash specially-crafted environment variables code injection attack

Re: [AFMUG] Bash specially-crafted environment variables code injection attack

Re: [AFMUG] Bash specially-crafted environment variables code injection attack

Re: [AFMUG] Bash specially-crafted environment variables code injection attack

Re: [AFMUG] Bash specially-crafted environment variables code injection attack

Re: [AFMUG] Bash specially-crafted environment variables code injection attack

Re: [AFMUG] Bash specially-crafted environment variables code injection attack

Re: [AFMUG] Bash specially-crafted environment variables code injection attack

Re: [AFMUG] Bash specially-crafted environment variables code injection attack

Re: [AFMUG] Bash specially-crafted environment variables code injection attack

Re: [AFMUG] Bash specially-crafted environment variables code injection attack

Re: [AFMUG] Bash specially-crafted environment variables code injection attack

[AFMUG] Bash specially-crafted environment variables code injection attack

27 matches

Site Navigation

Mail list logo

Footer information