Re: [AFMUG] Bash specially-crafted environment variables code injection attack
Guessing... wget http://public-yum.oracle.com/repo/EnterpriseLinux/EL4/latest/i386/getPackage/bash-3.0-27.0.3.el4.i386.rpm rpmbuild --rebuild bash-3.0-27.0.3.el4.src.rpm rpm -qa |grep bash rpm -Uvh /usr/src/redhat/RPMS/i386/bash-3.0-27.0.3.i386.rpm rpm -qa |grep bash On Sat, Sep 27, 2014 at 11:26 AM, Ken Hohhof via Af af@afmug.com wrote: Unfortunately I have a couple old servers running RHEL4 and one old BlueQuartz webhosting appliance based on CentOS4. I’m a little reluctant to try compiling the patch myself unless I switch to a difference shell first, if I screw up my command shell it might be difficult to fix. Any guess if I’d be safe using the RPM cited in this thread: http://serverfault.com/questions/631055/how-do-i-patch-rhel-4-for-the-bash-vulnerabilities-in-cve-2014-6271-and-cve-2014 the RPM it points to is: http://public-yum.oracle.com/repo/EnterpriseLinux/EL4/latest/i386/getPackage/bash-3.0-27.0.2.el4.i386.rpm From: Ty Featherling via Af Sent: Saturday, September 27, 2014 10:52 AM To: af@afmug.com Subject: Re: [AFMUG] Bash specially-crafted environment variables code injection attack Yeah probably the NSA! Hahaha! -Ty On Sep 26, 2014 10:36 PM, That One Guy via Af af@afmug.com wrote: Man I bet theres some guy whose been exploiting this for 20 years who is pissed right now On Fri, Sep 26, 2014 at 1:54 PM, Ty Featherling via Af af@afmug.com wrote: CentOS on some, Ubuntu on others. Already got the answers in this thread though, thanks. -Ty On Fri, Sep 26, 2014 at 11:54 AM, Mike Hammett via Af af@afmug.com wrote: Which distribution? - Mike Hammett Intelligent Computing Solutions http://www.ics-il.com From: Ty Featherling via Af af@afmug.com To: af@afmug.com Sent: Thursday, September 25, 2014 2:42:31 PM Subject: Re: [AFMUG] Bash specially-crafted environment variables code injection attack Noob question but how can I easiest update my linux boxes to get the latest patches? -Ty On Thu, Sep 25, 2014 at 1:59 PM, Josh Reynolds via Af af@afmug.com wrote: Upgraded our systems at 6am yesterday for this. Also pulled the bash .deb out of debian-stable/security for our ubiquiti edgerouters. (I made on a post on the UBNT forum with the CVE info yesterday.) Side note: TONS of things are affected by this... Josh Reynolds, Chief Information Officer SPITwSPOTS, www.spitwspots.com On 09/25/2014 10:25 AM, Peter Kranz via Af wrote: PS.. This vulnerability can be exploited via HTTP/Apache attack vectors, so you need to patch any vulnerable system running Apache. Peter Kranz Founder/CEO - Unwired Ltd www.UnwiredLtd.com Desk: 510-868-1614 x100 Mobile: 510-207- pkr...@unwiredltd.com -Original Message- From: Af [mailto:af-bounces+pkranz=unwiredltd@afmug.com] On Behalf Of Matt via Af Sent: Thursday, September 25, 2014 10:27 AM To: af@afmug.com Subject: [AFMUG] Bash specially-crafted environment variables code injection attack Bash specially-crafted environment variables code injection attack https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/ -- All parts should go together without forcing. You must remember that the parts you are reassembling were disassembled by you. Therefore, if you can't get them together again, there must be a reason. By all means, do not use a hammer. -- IBM maintenance manual, 1925
Re: [AFMUG] Bash specially-crafted environment variables code injection attack
So maybe I won’t do that. The newer servers where I could just do a yum update have been straightforward, as you’d expect. I think the articles have maybe overstated the risk a bit, since you would need to either authenticate (at least as a regular user) to get to a shell, or find a publicly exposed script that will pass an environment variable to bash for you. From: Jeremy via Af Sent: Saturday, September 27, 2014 12:13 PM To: af@afmug.com Subject: Re: [AFMUG] Bash specially-crafted environment variables code injection attack Our webserver was vulnerable. Tried to fix it without backing it up firstyeah, I know. Lost it all. So I guess I will be building a new website from my 2013 backup this weekend. It's a good thing I carpet bombed my website to prevent anyone from messing with it! On Sat, Sep 27, 2014 at 10:25 AM, Ken Hohhof via Af af@afmug.com wrote: Unfortunately I have a couple old servers running RHEL4 and one old BlueQuartz webhosting appliance based on CentOS4. I’m a little reluctant to try compiling the patch myself unless I switch to a difference shell first, if I screw up my command shell it might be difficult to fix. Any guess if I’d be safe using the RPM cited in this thread: http://serverfault.com/questions/631055/how-do-i-patch-rhel-4-for-the-bash-vulnerabilities-in-cve-2014-6271-and-cve-2014 the RPM it points to is: http://public-yum.oracle.com/repo/EnterpriseLinux/EL4/latest/i386/getPackage/bash-3.0-27.0.2.el4.i386.rpm From: Ty Featherling via Af Sent: Saturday, September 27, 2014 10:52 AM To: af@afmug.com Subject: Re: [AFMUG] Bash specially-crafted environment variables code injection attack Yeah probably the NSA! Hahaha! -Ty On Sep 26, 2014 10:36 PM, That One Guy via Af af@afmug.com wrote: Man I bet theres some guy whose been exploiting this for 20 years who is pissed right now On Fri, Sep 26, 2014 at 1:54 PM, Ty Featherling via Af af@afmug.com wrote: CentOS on some, Ubuntu on others. Already got the answers in this thread though, thanks. -Ty On Fri, Sep 26, 2014 at 11:54 AM, Mike Hammett via Af af@afmug.com wrote: Which distribution? - Mike Hammett Intelligent Computing Solutions http://www.ics-il.com From: Ty Featherling via Af af@afmug.com To: af@afmug.com Sent: Thursday, September 25, 2014 2:42:31 PM Subject: Re: [AFMUG] Bash specially-crafted environment variables code injection attack Noob question but how can I easiest update my linux boxes to get the latest patches? -Ty On Thu, Sep 25, 2014 at 1:59 PM, Josh Reynolds via Af af@afmug.com wrote: Upgraded our systems at 6am yesterday for this. Also pulled the bash .deb out of debian-stable/security for our ubiquiti edgerouters. (I made on a post on the UBNT forum with the CVE info yesterday.) Side note: TONS of things are affected by this... Josh Reynolds, Chief Information Officer SPITwSPOTS, www.spitwspots.com On 09/25/2014 10:25 AM, Peter Kranz via Af wrote: PS.. This vulnerability can be exploited via HTTP/Apache attack vectors, so you need to patch any vulnerable system running Apache. Peter Kranz Founder/CEO - Unwired Ltd www.UnwiredLtd.com Desk: 510-868-1614 x100 Mobile: 510-207- pkr...@unwiredltd.com -Original Message- From: Af [mailto:af-bounces+pkranz=unwiredltd@afmug.com] On Behalf Of Matt via Af Sent: Thursday, September 25, 2014 10:27 AM To: af@afmug.com Subject: [AFMUG] Bash specially-crafted environment variables code injection attack Bash specially-crafted environment variables code injection attack https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/ -- All parts should go together without forcing. You must remember that the parts you are reassembling were disassembled by you. Therefore, if you can't get them together again, there must be a reason. By all means, do not use a hammer. -- IBM maintenance manual, 1925
Re: [AFMUG] Bash specially-crafted environment variables code injection attack
Redhat has released an updated patch this morning. yum update again. On Thu, Sep 25, 2014 at 12:26 PM, Matt via Af af@afmug.com wrote: Bash specially-crafted environment variables code injection attack https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/
Re: [AFMUG] Bash specially-crafted environment variables code injection attack
Simon, is the powercode centos vulnerable? Does it matter the ports that are exposed, we have a couple DNS servers running but only DNS is opened through the external firewall Is there a vulnerability scanner available for morons like me? On Fri, Sep 26, 2014 at 9:50 AM, Matt via Af af@afmug.com wrote: Redhat has released an updated patch this morning. yum update again. On Thu, Sep 25, 2014 at 12:26 PM, Matt via Af af@afmug.com wrote: Bash specially-crafted environment variables code injection attack https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/ -- All parts should go together without forcing. You must remember that the parts you are reassembling were disassembled by you. Therefore, if you can't get them together again, there must be a reason. By all means, do not use a hammer. -- IBM maintenance manual, 1925
Re: [AFMUG] Bash specially-crafted environment variables code injection attack
Which distribution? - Mike Hammett Intelligent Computing Solutions http://www.ics-il.com - Original Message - From: Ty Featherling via Af af@afmug.com To: af@afmug.com Sent: Thursday, September 25, 2014 2:42:31 PM Subject: Re: [AFMUG] Bash specially-crafted environment variables code injection attack Noob question but how can I easiest update my linux boxes to get the latest patches? -Ty On Thu, Sep 25, 2014 at 1:59 PM, Josh Reynolds via Af af@afmug.com wrote: Upgraded our systems at 6am yesterday for this. Also pulled the bash .deb out of debian-stable/security for our ubiquiti edg erouters. (I made on a post on the UBNT forum with the CVE info yesterday.) Side n ote: TONS of things are affected by this... Josh Reynolds, Chief Information Officer SPITwSPOTS, www.spitwspots.com On 09/25/2014 10:25 AM, Peter Kranz via Af wrote: blockquote PS.. This vulnerability can be exploited via HTTP/Apache attack vectors, so you need to patch any vulnerable system running Apache. Peter Kranz Founder/CEO - Unwired Ltd www.UnwiredLtd.com Desk: 510-868-1614 x100 Mobile: 510-207- pkr...@unwiredltd.com -Original Message- From: Af [ mailto:af-bounces+pkranz=unwiredltd@afmug.com ] On Behalf Of Matt via Af Sent: Thursday, September 25, 2014 10:27 AM To: af@afmug.com Subject: [AFMUG] Bash specially-crafted environment variables code injection attack Bash specially-crafted environment variables code injection attack https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/ /blockquote
Re: [AFMUG] Bash specially-crafted environment variables code injection attack
Man I bet theres some guy whose been exploiting this for 20 years who is pissed right now On Fri, Sep 26, 2014 at 1:54 PM, Ty Featherling via Af af@afmug.com wrote: CentOS on some, Ubuntu on others. Already got the answers in this thread though, thanks. -Ty On Fri, Sep 26, 2014 at 11:54 AM, Mike Hammett via Af af@afmug.com wrote: Which distribution? - Mike Hammett Intelligent Computing Solutions http://www.ics-il.com -- *From: *Ty Featherling via Af af@afmug.com *To: *af@afmug.com *Sent: *Thursday, September 25, 2014 2:42:31 PM *Subject: *Re: [AFMUG] Bash specially-crafted environment variables code injection attack Noob question but how can I easiest update my linux boxes to get the latest patches? -Ty On Thu, Sep 25, 2014 at 1:59 PM, Josh Reynolds via Af af@afmug.com wrote: Upgraded our systems at 6am yesterday for this. Also pulled the bash .deb out of debian-stable/security for our ubiquiti edgerouters. (I made on a post on the UBNT forum with the CVE info yesterday.) Side note: TONS of things are affected by this... Josh Reynolds, Chief Information Officer SPITwSPOTS, www.spitwspots.com On 09/25/2014 10:25 AM, Peter Kranz via Af wrote: PS.. This vulnerability can be exploited via HTTP/Apache attack vectors, so you need to patch any vulnerable system running Apache. Peter Kranz Founder/CEO - Unwired Ltdwww.UnwiredLtd.com Desk: 510-868-1614 x100 Mobile: 510-207-pkr...@unwiredltd.com -Original Message- From: Af [mailto:af-bounces+pkranz=unwiredltd@afmug.com af-bounces+pkranz=unwiredltd@afmug.com] On Behalf Of Matt via Af Sent: Thursday, September 25, 2014 10:27 AM To: af@afmug.com Subject: [AFMUG] Bash specially-crafted environment variables code injection attack Bash specially-crafted environment variables code injection attack https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/ -- All parts should go together without forcing. You must remember that the parts you are reassembling were disassembled by you. Therefore, if you can't get them together again, there must be a reason. By all means, do not use a hammer. -- IBM maintenance manual, 1925
[AFMUG] Bash specially-crafted environment variables code injection attack
Bash specially-crafted environment variables code injection attack https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/
Re: [AFMUG] Bash specially-crafted environment variables code injection attack
Noob question but how can I easiest update my linux boxes to get the latest patches? -Ty On Thu, Sep 25, 2014 at 1:59 PM, Josh Reynolds via Af af@afmug.com wrote: Upgraded our systems at 6am yesterday for this. Also pulled the bash .deb out of debian-stable/security for our ubiquiti edgerouters. (I made on a post on the UBNT forum with the CVE info yesterday.) Side note: TONS of things are affected by this... Josh Reynolds, Chief Information Officer SPITwSPOTS, www.spitwspots.com On 09/25/2014 10:25 AM, Peter Kranz via Af wrote: PS.. This vulnerability can be exploited via HTTP/Apache attack vectors, so you need to patch any vulnerable system running Apache. Peter Kranz Founder/CEO - Unwired Ltdwww.UnwiredLtd.com Desk: 510-868-1614 x100 Mobile: 510-207-pkr...@unwiredltd.com -Original Message- From: Af [mailto:af-bounces+pkranz=unwiredltd@afmug.com af-bounces+pkranz=unwiredltd@afmug.com] On Behalf Of Matt via Af Sent: Thursday, September 25, 2014 10:27 AM To: af@afmug.com Subject: [AFMUG] Bash specially-crafted environment variables code injection attack Bash specially-crafted environment variables code injection attack https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/
Re: [AFMUG] Bash specially-crafted environment variables code injection attack
sudo apt-get clean sudo apt-get update sudo apt-get upgrade sudo apt-get autoremove Robbie Wright Siuslaw Broadband http://siuslawbroadband.com 541-902-5101 On Thu, Sep 25, 2014 at 12:42 PM, Ty Featherling via Af af@afmug.com wrote: Noob question but how can I easiest update my linux boxes to get the latest patches? -Ty On Thu, Sep 25, 2014 at 1:59 PM, Josh Reynolds via Af af@afmug.com wrote: Upgraded our systems at 6am yesterday for this. Also pulled the bash .deb out of debian-stable/security for our ubiquiti edgerouters. (I made on a post on the UBNT forum with the CVE info yesterday.) Side note: TONS of things are affected by this... Josh Reynolds, Chief Information Officer SPITwSPOTS, www.spitwspots.com On 09/25/2014 10:25 AM, Peter Kranz via Af wrote: PS.. This vulnerability can be exploited via HTTP/Apache attack vectors, so you need to patch any vulnerable system running Apache. Peter Kranz Founder/CEO - Unwired Ltdwww.UnwiredLtd.com Desk: 510-868-1614 x100 Mobile: 510-207-pkr...@unwiredltd.com -Original Message- From: Af [mailto:af-bounces+pkranz=unwiredltd@afmug.com af-bounces+pkranz=unwiredltd@afmug.com] On Behalf Of Matt via Af Sent: Thursday, September 25, 2014 10:27 AM To: af@afmug.com Subject: [AFMUG] Bash specially-crafted environment variables code injection attack Bash specially-crafted environment variables code injection attack https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/
Re: [AFMUG] Bash specially-crafted environment variables code injection attack
Yeah I am trying to figure out what else I may be operating that is vulnerable. UBNT? Mikrotik? Cisco? -Ty On Thu, Sep 25, 2014 at 3:00 PM, Josh Baird via Af af@afmug.com wrote: It can be exposed by anything that invokes bash - which is a ton of stuff typically on Linux systems. On Thu, Sep 25, 2014 at 2:25 PM, Peter Kranz via Af af@afmug.com wrote: PS.. This vulnerability can be exploited via HTTP/Apache attack vectors, so you need to patch any vulnerable system running Apache. Peter Kranz Founder/CEO - Unwired Ltd www.UnwiredLtd.com Desk: 510-868-1614 x100 Mobile: 510-207- pkr...@unwiredltd.com -Original Message- From: Af [mailto:af-bounces+pkranz=unwiredltd@afmug.com] On Behalf Of Matt via Af Sent: Thursday, September 25, 2014 10:27 AM To: af@afmug.com Subject: [AFMUG] Bash specially-crafted environment variables code injection attack Bash specially-crafted environment variables code injection attack https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/
Re: [AFMUG] Bash specially-crafted environment variables code injection attack
If it runs bash, it's vulnerable. Cisco devices running IOS don't use bash for anything that I know of. I'm not sure about MT, but I doubt that it's a concern there either. On Thu, Sep 25, 2014 at 4:04 PM, Ty Featherling via Af af@afmug.com wrote: Yeah I am trying to figure out what else I may be operating that is vulnerable. UBNT? Mikrotik? Cisco? -Ty On Thu, Sep 25, 2014 at 3:00 PM, Josh Baird via Af af@afmug.com wrote: It can be exposed by anything that invokes bash - which is a ton of stuff typically on Linux systems. On Thu, Sep 25, 2014 at 2:25 PM, Peter Kranz via Af af@afmug.com wrote: PS.. This vulnerability can be exploited via HTTP/Apache attack vectors, so you need to patch any vulnerable system running Apache. Peter Kranz Founder/CEO - Unwired Ltd www.UnwiredLtd.com Desk: 510-868-1614 x100 Mobile: 510-207- pkr...@unwiredltd.com -Original Message- From: Af [mailto:af-bounces+pkranz=unwiredltd@afmug.com] On Behalf Of Matt via Af Sent: Thursday, September 25, 2014 10:27 AM To: af@afmug.com Subject: [AFMUG] Bash specially-crafted environment variables code injection attack Bash specially-crafted environment variables code injection attack https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/
Re: [AFMUG] Bash specially-crafted environment variables code injection attack
On Centos/Redhat yum update The current patch solves the worst of it as I understand, another patch should be out shortly as well. On Thu, Sep 25, 2014 at 2:42 PM, Ty Featherling via Af af@afmug.com wrote: Noob question but how can I easiest update my linux boxes to get the latest patches? -Ty On Thu, Sep 25, 2014 at 1:59 PM, Josh Reynolds via Af af@afmug.com wrote: Upgraded our systems at 6am yesterday for this. Also pulled the bash .deb out of debian-stable/security for our ubiquiti edgerouters. (I made on a post on the UBNT forum with the CVE info yesterday.) Side note: TONS of things are affected by this... Josh Reynolds, Chief Information Officer SPITwSPOTS, www.spitwspots.com On 09/25/2014 10:25 AM, Peter Kranz via Af wrote: PS.. This vulnerability can be exploited via HTTP/Apache attack vectors, so you need to patch any vulnerable system running Apache. Peter Kranz Founder/CEO - Unwired Ltd www.UnwiredLtd.com Desk: 510-868-1614 x100 Mobile: 510-207- pkr...@unwiredltd.com -Original Message- From: Af [mailto:af-bounces+pkranz=unwiredltd@afmug.com] On Behalf Of Matt via Af Sent: Thursday, September 25, 2014 10:27 AM To: af@afmug.com Subject: [AFMUG] Bash specially-crafted environment variables code injection attack Bash specially-crafted environment variables code injection attack https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/
Re: [AFMUG] Bash specially-crafted environment variables code injection attack
UBNT not vulnerable as AirOS doesn't have bash, it uses busybox (already tested this myself). EdgeRouters all vulnerable. You can either download bash fromdebian stable/security, or wait for an incoming patch. Josh Reynolds, Chief Information Officer SPITwSPOTS, www.spitwspots.com http://www.spitwspots.com On 09/25/2014 12:04 PM, Ty Featherling via Af wrote: Yeah I am trying to figure out what else I may be operating that is vulnerable. UBNT? Mikrotik? Cisco? -Ty On Thu, Sep 25, 2014 at 3:00 PM, Josh Baird via Af af@afmug.com mailto:af@afmug.com wrote: It can be exposed by anything that invokes bash - which is a ton of stuff typically on Linux systems. On Thu, Sep 25, 2014 at 2:25 PM, Peter Kranz via Af af@afmug.com mailto:af@afmug.com wrote: PS.. This vulnerability can be exploited via HTTP/Apache attack vectors, so you need to patch any vulnerable system running Apache. Peter Kranz Founder/CEO - Unwired Ltd www.UnwiredLtd.com http://www.UnwiredLtd.com Desk: 510-868-1614 x100 tel:510-868-1614%20x100 Mobile: 510-207- tel:510-207- pkr...@unwiredltd.com mailto:pkr...@unwiredltd.com -Original Message- From: Af [mailto:af-bounces+pkranz mailto:af-bounces%2Bpkranz=unwiredltd@afmug.com mailto:unwiredltd@afmug.com] On Behalf Of Matt via Af Sent: Thursday, September 25, 2014 10:27 AM To: af@afmug.com mailto:af@afmug.com Subject: [AFMUG] Bash specially-crafted environment variables code injection attack Bash specially-crafted environment variables code injection attack https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/
Re: [AFMUG] Bash specially-crafted environment variables code injection attack
Cool. Sounds like only my Linux boxes are vulnerable really. Already patched them up. -Ty On Thu, Sep 25, 2014 at 3:54 PM, Josh Reynolds via Af af@afmug.com wrote: UBNT not vulnerable as AirOS doesn't have bash, it uses busybox (already tested this myself). EdgeRouters all vulnerable. You can either download bash from debian stable/security, or wait for an incoming patch. Josh Reynolds, Chief Information Officer SPITwSPOTS, www.spitwspots.com On 09/25/2014 12:04 PM, Ty Featherling via Af wrote: Yeah I am trying to figure out what else I may be operating that is vulnerable. UBNT? Mikrotik? Cisco? -Ty On Thu, Sep 25, 2014 at 3:00 PM, Josh Baird via Af af@afmug.com wrote: It can be exposed by anything that invokes bash - which is a ton of stuff typically on Linux systems. On Thu, Sep 25, 2014 at 2:25 PM, Peter Kranz via Af af@afmug.com wrote: PS.. This vulnerability can be exploited via HTTP/Apache attack vectors, so you need to patch any vulnerable system running Apache. Peter Kranz Founder/CEO - Unwired Ltd www.UnwiredLtd.com Desk: 510-868-1614 x100 510-868-1614%20x100 Mobile: 510-207- pkr...@unwiredltd.com -Original Message- From: Af [mailto:af-bounces+pkranz=unwiredltd@afmug.com] On Behalf Of Matt via Af Sent: Thursday, September 25, 2014 10:27 AM To: af@afmug.com Subject: [AFMUG] Bash specially-crafted environment variables code injection attack Bash specially-crafted environment variables code injection attack https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/
Re: [AFMUG] Bash specially-crafted environment variables code injection attack
http://community.ubnt.com/t5/EdgeMAX/Re-Bash-shell-vuln-Is-ER-also-vulnerable/m-p/1024737/highlight/true#M43038 On Thu, Sep 25, 2014 at 4:54 PM, Josh Reynolds via Af af@afmug.com wrote: UBNT not vulnerable as AirOS doesn't have bash, it uses busybox (already tested this myself). EdgeRouters all vulnerable. You can either download bash from debian stable/security, or wait for an incoming patch. Josh Reynolds, Chief Information Officer SPITwSPOTS, www.spitwspots.com On 09/25/2014 12:04 PM, Ty Featherling via Af wrote: Yeah I am trying to figure out what else I may be operating that is vulnerable. UBNT? Mikrotik? Cisco? -Ty On Thu, Sep 25, 2014 at 3:00 PM, Josh Baird via Af af@afmug.com wrote: It can be exposed by anything that invokes bash - which is a ton of stuff typically on Linux systems. On Thu, Sep 25, 2014 at 2:25 PM, Peter Kranz via Af af@afmug.com wrote: PS.. This vulnerability can be exploited via HTTP/Apache attack vectors, so you need to patch any vulnerable system running Apache. Peter Kranz Founder/CEO - Unwired Ltd www.UnwiredLtd.com Desk: 510-868-1614 x100 510-868-1614%20x100 Mobile: 510-207- pkr...@unwiredltd.com -Original Message- From: Af [mailto:af-bounces+pkranz=unwiredltd@afmug.com] On Behalf Of Matt via Af Sent: Thursday, September 25, 2014 10:27 AM To: af@afmug.com Subject: [AFMUG] Bash specially-crafted environment variables code injection attack Bash specially-crafted environment variables code injection attack https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/