Bash specially-crafted environment variables code injection attack
https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/
[mailto:af-bounces+pkranz=unwiredltd@afmug.com] On Behalf Of Matt
via Af
Sent: Thursday, September 25, 2014 10:27 AM
To: af@afmug.com
Subject: [AFMUG] Bash specially-crafted environment variables code injection
attack
Bash specially-crafted environment variables code injection attack
https
td.com
Desk: 510-868-1614 x100
Mobile: 510-207-
pkr...@unwiredltd.com
-Original Message-
From: Af [mailto:af-bounces+pkranz=unwiredltd@afmug.com] On Behalf Of Matt
via Af
Sent: Thursday, September 25, 2014 10:27 AM
To: af@afmug.com
Subject: [AFMUG] Bash specially-crafted envir
sage-
> From: Af [mailto:af-bounces+pkranz=unwiredltd@afmug.com
> ] On Behalf Of Matt via Af
> Sent: Thursday, September 25, 2014 10:27 AM
> To: af@afmug.com
> Subject: [AFMUG] Bash specially-crafted environment variables code injection
> attack
>
> Bash specially-craf
Mobile: 510-207-pkr...@unwiredltd.com
>>
>> -Original Message-
>> From: Af [mailto:af-bounces+pkranz=unwiredltd....@afmug.com
>> ] On Behalf Of Matt via Af
>> Sent: Thursday, September 25, 2014 10:27 AM
>> To: af@afmug.com
>> Subject: [AFM
ia HTTP/Apache attack vectors, so
>>> you need to patch any vulnerable system running Apache.
>>>
>>> Peter Kranz
>>> Founder/CEO - Unwired Ltdwww.UnwiredLtd.com
>>> Desk: 510-868-1614 x100
>>> Mobile: 510-207-pkr...@unwiredltd.com
>&g
> Sent: Thursday, September 25, 2014 10:27 AM
> To: af@afmug.com
> Subject: [AFMUG] Bash specially-crafted environment variables code
> injection attack
>
> Bash specially-crafted environment variables code injection attack
>
>
> https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/
>
>
>> Desk: 510-868-1614 x100
>> Mobile: 510-207-
>> pkr...@unwiredltd.com
>>
>> -Original Message-
>> From: Af [mailto:af-bounces+pkranz=unwiredltd@afmug.com] On Behalf
>> Of Matt via Af
>> Sent: Thursday, September 25, 2014 10:27 AM
>
- Unwired Ltd
>>> www.UnwiredLtd.com
>>> Desk: 510-868-1614 x100
>>> Mobile: 510-207-
>>> pkr...@unwiredltd.com
>>>
>>> -Original Message-
>>> From: Af [mailto:af-bounces+pkranz=unwiredltd....@afmug.com] On Behalf
>>>
m
>>
>> -Original Message-
>> From: Af [mailto:af-bounces+pkranz=unwiredltd....@afmug.com] On Behalf Of
>> Matt via Af
>> Sent: Thursday, September 25, 2014 10:27 AM
>> To: af@afmug.com
>> Subject: [AFMUG] Bash specially-crafted environment variable
af@afmug.com>
Subject: [AFMUG] Bash specially-crafted environment variables
code injection attack
Bash specially-crafted environment variables code injection attack
https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/
red Ltd
>>> www.UnwiredLtd.com
>>> Desk: 510-868-1614 x100 <510-868-1614%20x100>
>>> Mobile: 510-207-
>>> pkr...@unwiredltd.com
>>>
>>> -Original Message-----
>>> From: Af [mailto:af-bounces+pkranz=unwiredltd@afmug.com] On Behalf
&g
Founder/CEO - Unwired Ltd
>>> www.UnwiredLtd.com
>>> Desk: 510-868-1614 x100 <510-868-1614%20x100>
>>> Mobile: 510-207-
>>> pkr...@unwiredltd.com
>>>
>>> -Original Message-----
>>> From: Af [mailto:af-bounces+pkranz=unwiredltd@
Redhat has released an updated patch this morning. yum update again.
On Thu, Sep 25, 2014 at 12:26 PM, Matt via Af wrote:
> Bash specially-crafted environment variables code injection attack
>
> https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injecti
Simon, is the powercode centos vulnerable?
Does it matter the ports that are exposed, we have a couple DNS servers
running but only DNS is opened through the external firewall
Is there a vulnerability scanner available for morons like me?
On Fri, Sep 26, 2014 at 9:50 AM, Matt via Af wrote:
> R
Not if you're only running Powercode on the server, but you should still
do a 'yum update' for safety.
On 9/26/2014 11:10 AM, That One Guy via Af wrote:
Simon, is the powercode centos vulnerable?
Does it matter the ports that are exposed, we have a couple DNS
servers running but only DNS is o
there will be no v9 impact by doing that?
On Fri, Sep 26, 2014 at 11:20 AM, Simon Westlake via Af
wrote:
> Not if you're only running Powercode on the server, but you should still
> do a 'yum update' for safety.
>
> On 9/26/2014 11:10 AM, That One Guy via Af wrote:
>
> Simon, is the powercode c
: Af [ mailto:af-bounces+pkranz=unwiredltd@afmug.com ] On Behalf Of
Matt via Af
Sent: Thursday, September 25, 2014 10:27 AM
To: af@afmug.com Subject: [AFMUG] Bash specially-crafted environment variables
code injection attack
Bash specially-crafted environment variables code injecti
t; http://www.ics-il.com
>
> --
> *From: *"Ty Featherling via Af"
> *To: *af@afmug.com
> *Sent: *Thursday, September 25, 2014 2:42:31 PM
> *Subject: *Re: [AFMUG] Bash specially-crafted environment variables code
> injection attack
>
> Noob question but how ca
y Featherling via Af"
>> *To: *af@afmug.com
>> *Sent: *Thursday, September 25, 2014 2:42:31 PM
>> *Subject: *Re: [AFMUG] Bash specially-crafted environment variables code
>> injection attack
>>
>> Noob question but how can I easiest update my linux boxes to get the
t;>>
>>>
>>> -
>>> Mike Hammett
>>> Intelligent Computing Solutions
>>> http://www.ics-il.com
>>>
>>> --------------
>>> *From: *"Ty Featherling via Af"
>>> *To: *af@afmug.com
>>> *Sent: *Thursday, September 25
.rpm
From: Ty Featherling via Af
Sent: Saturday, September 27, 2014 10:52 AM
To: af@afmug.com
Subject: Re: [AFMUG] Bash specially-crafted environment variables code
injection attack
Yeah probably the NSA! Hahaha!
-Ty
On Sep 26, 2014 10:36 PM, "That One Guy via Af" wrote:
Man I
>
> http://public-yum.oracle.com/repo/EnterpriseLinux/EL4/latest/i386/getPackage/bash-3.0-27.0.2.el4.i386.rpm
>
>
> *From:* Ty Featherling via Af
> *Sent:* Saturday, September 27, 2014 10:52 AM
> *To:* af@afmug.com
> *Subject:* Re: [AFMUG] Bash specially-crafted environment variabl
m.oracle.com/repo/EnterpriseLinux/EL4/latest/i386/getPackage/bash-3.0-27.0.2.el4.i386.rpm
>
>
> From: Ty Featherling via Af
> Sent: Saturday, September 27, 2014 10:52 AM
> To: af@afmug.com
> Subject: Re: [AFMUG] Bash specially-crafted environment variables code
> injection attack
&
exposed script that will pass an environment variable to bash for
you.
From: Jeremy via Af
Sent: Saturday, September 27, 2014 12:13 PM
To: af@afmug.com
Subject: Re: [AFMUG] Bash specially-crafted environment variables code
injection attack
Our webserver was vulnerable. Tried to fix it without
happens over the next few
weeks, that’s why.
From: Af [mailto:af-bounces+slebrun=muskoka@afmug.com] On Behalf Of That
One Guy via Af
Sent: Friday, September 26, 2014 12:22 PM
To: af@afmug.com
Subject: Re: [AFMUG] Bash specially-crafted environment variables code
injection attack
there
[mailto:af-bounces+slebrun=muskoka@afmug.com] On Behalf Of Ken
Hohhof via Af
Sent: Saturday, September 27, 2014 1:38 PM
To: af@afmug.com
Subject: Re: [AFMUG] Bash specially-crafted environment variables code
injection attack
So maybe I won’t do that.
The newer servers where I could just
27 matches
Mail list logo
