shell shock
just read about the "new linux bug" in ynet found out it is a bash exploit just fyi, see http://www.engadget.com/2014/09/25/what-is-the-shellshock/ ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: shell shock
Yes its all over the place. For people with web sites, you can use the following online shellshock tester website to check if you are vulnerable in the following url: https://shellshock.detectify.com -- Original message-- From: Erez D Date: Sat, Sep 27, 2014 16:25 To: linux-il; Subject:shell shock just read about the "new linux bug" in ynet found out it is a bash exploit just fyi, see http://www.engadget.com/2014/09/25/what-is-the-shellshock/ ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: shell shock
On Sat, Sep 27, 2014 at 4:37 PM, Dolev Farhi wrote: > Yes its all over the place. > that is why I was suprised it was not mentioned in linux-il ;-) > > > For people with web sites, you can use the following online shellshock > tester website to check if you are vulnerable in the following url: > > https://shellshock.detectify.com > > > > -- Original message-- > > *From: *Erez D > > *Date: *Sat, Sep 27, 2014 16:25 > > *To: *linux-il; > > *Subject:*shell shock > > > just read about the "new linux bug" in ynet > found out it is a bash exploit > > just fyi, > > see http://www.engadget.com/2014/09/25/what-is-the-shellshock/ > > ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: shell shock
Probably shellshock overdose for some people... -- Original message-- From: Erez D Date: Sat, Sep 27, 2014 16:50 To: Dolev Farhi; Cc: linux-il@cs.huji.ac.il; Subject:Re: shell shock On Sat, Sep 27, 2014 at 4:37 PM, Dolev Farhi wrote: Yes its all over the place. that is why I was suprised it was not mentioned in linux-il ;-) For people with web sites, you can use the following online shellshock tester website to check if you are vulnerable in the following url: https://shellshock.detectify.com -- Original message-- From: Erez D Date: Sat, Sep 27, 2014 16:25 To: linux-il; Subject:shell shock just read about the "new linux bug" in ynet found out it is a bash exploit just fyi, see http://www.engadget.com/2014/09/25/what-is-the-shellshock/ ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: shell shock
I'm not an expert, but as I understand it, https://shellshock.detectify.com can only check if your box is exposed to the internet. So if you have an un-patched bash but you are, for example, protected by a firewall, your un-patched bash wouldn't be detected. The site mentioned in the earlier post - http://www.engadget.com/2014/09/25/what-is-the-shellshock/ is probably better, because it checks the actual bash vulnerability. But that's still not the entire story. Here's a link to another article discussing patches that solve only part of the problem and explains how to check if you have the latest patch: http://www.zdnet.com/shellshock-better-bash-patches-now-available-734115/ On Sat, 27 Sep 2014 16:49:47 +0300 Erez D wrote: > On Sat, Sep 27, 2014 at 4:37 PM, Dolev Farhi wrote: > > > Yes its all over the place. > > > that is why I was suprised it was not mentioned in linux-il ;-) > > > > > > > For people with web sites, you can use the following online > > shellshock tester website to check if you are vulnerable in the > > following url: > > > > https://shellshock.detectify.com > > > > > > > > -- Original message-- > > > > *From: *Erez D > > > > *Date: *Sat, Sep 27, 2014 16:25 > > > > *To: *linux-il; > > > > *Subject:*shell shock > > > > > > just read about the "new linux bug" in ynet > > found out it is a bash exploit > > > > just fyi, > > > > see http://www.engadget.com/2014/09/25/what-is-the-shellshock/ > > > > -- Shlomo Solomon http://the-solomons.net Sent by Claws Mail 3.9.0 - KDE 4.10.5 - LINUX Mageia 3 ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il