Re: [AFMUG] Bash specially-crafted environment variables code injection attack

[mailto:af-bounces+slebrun=muskoka@afmug.com] On Behalf Of Ken Hohhof via Af Sent: Saturday, September 27, 2014 1:38 PM To: af@afmug.com Subject: Re: [AFMUG] Bash specially-crafted environment variables code injection attack So maybe I won’t do that. The newer servers where I could just

Re: [AFMUG] Bash specially-crafted environment variables code injection attack

happens over the next few weeks, that’s why. From: Af [mailto:af-bounces+slebrun=muskoka@afmug.com] On Behalf Of That One Guy via Af Sent: Friday, September 26, 2014 12:22 PM To: af@afmug.com Subject: Re: [AFMUG] Bash specially-crafted environment variables code injection attack there

Re: [AFMUG] Bash specially-crafted environment variables code injection attack

exposed script that will pass an environment variable to bash for you. From: Jeremy via Af Sent: Saturday, September 27, 2014 12:13 PM To: af@afmug.com Subject: Re: [AFMUG] Bash specially-crafted environment variables code injection attack Our webserver was vulnerable. Tried to fix it without

Re: [AFMUG] Bash specially-crafted environment variables code injection attack

m.oracle.com/repo/EnterpriseLinux/EL4/latest/i386/getPackage/bash-3.0-27.0.2.el4.i386.rpm > > > From: Ty Featherling via Af > Sent: Saturday, September 27, 2014 10:52 AM > To: af@afmug.com > Subject: Re: [AFMUG] Bash specially-crafted environment variables code > injection attack &

Re: [AFMUG] Bash specially-crafted environment variables code injection attack

> > http://public-yum.oracle.com/repo/EnterpriseLinux/EL4/latest/i386/getPackage/bash-3.0-27.0.2.el4.i386.rpm > > > *From:* Ty Featherling via Af > *Sent:* Saturday, September 27, 2014 10:52 AM > *To:* af@afmug.com > *Subject:* Re: [AFMUG] Bash specially-crafted environment variabl

Re: [AFMUG] Bash specially-crafted environment variables code injection attack

.rpm From: Ty Featherling via Af Sent: Saturday, September 27, 2014 10:52 AM To: af@afmug.com Subject: Re: [AFMUG] Bash specially-crafted environment variables code injection attack Yeah probably the NSA! Hahaha! -Ty On Sep 26, 2014 10:36 PM, "That One Guy via Af" wrote: Man I

Re: [AFMUG] Bash specially-crafted environment variables code injection attack

t;>> >>> >>> - >>> Mike Hammett >>> Intelligent Computing Solutions >>> http://www.ics-il.com >>> >>> -------------- >>> *From: *"Ty Featherling via Af" >>> *To: *af@afmug.com >>> *Sent: *Thursday, September 25

Re: [AFMUG] Bash specially-crafted environment variables code injection attack

y Featherling via Af" >> *To: *af@afmug.com >> *Sent: *Thursday, September 25, 2014 2:42:31 PM >> *Subject: *Re: [AFMUG] Bash specially-crafted environment variables code >> injection attack >> >> Noob question but how can I easiest update my linux boxes to get the

Re: [AFMUG] Bash specially-crafted environment variables code injection attack

t; http://www.ics-il.com > > -- > *From: *"Ty Featherling via Af" > *To: *af@afmug.com > *Sent: *Thursday, September 25, 2014 2:42:31 PM > *Subject: *Re: [AFMUG] Bash specially-crafted environment variables code > injection attack > > Noob question but how ca

Re: [AFMUG] Bash specially-crafted environment variables code injection attack

Which distribution? - Mike Hammett Intelligent Computing Solutions http://www.ics-il.com - Original Message - From: "Ty Featherling via Af" To: af@afmug.com Sent: Thursday, September 25, 2014 2:42:31 PM Subject: Re: [AFMUG] Bash specially-crafted environment

Re: [AFMUG] Bash specially-crafted environment variables code injection attack

there will be no v9 impact by doing that? On Fri, Sep 26, 2014 at 11:20 AM, Simon Westlake via Af wrote: > Not if you're only running Powercode on the server, but you should still > do a 'yum update' for safety. > > On 9/26/2014 11:10 AM, That One Guy via Af wrote: > > Simon, is the powercode c

Re: [AFMUG] Bash specially-crafted environment variables code injection attack

Not if you're only running Powercode on the server, but you should still do a 'yum update' for safety. On 9/26/2014 11:10 AM, That One Guy via Af wrote: Simon, is the powercode centos vulnerable? Does it matter the ports that are exposed, we have a couple DNS servers running but only DNS is o

Re: [AFMUG] Bash specially-crafted environment variables code injection attack

Simon, is the powercode centos vulnerable? Does it matter the ports that are exposed, we have a couple DNS servers running but only DNS is opened through the external firewall Is there a vulnerability scanner available for morons like me? On Fri, Sep 26, 2014 at 9:50 AM, Matt via Af wrote: > R

Re: [AFMUG] Bash specially-crafted environment variables code injection attack

Redhat has released an updated patch this morning. yum update again. On Thu, Sep 25, 2014 at 12:26 PM, Matt via Af wrote: > Bash specially-crafted environment variables code injection attack > > https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injecti

Re: [AFMUG] Bash specially-crafted environment variables code injection attack

http://community.ubnt.com/t5/EdgeMAX/Re-Bash-shell-vuln-Is-ER-also-vulnerable/m-p/1024737/highlight/true#M43038 On Thu, Sep 25, 2014 at 4:54 PM, Josh Reynolds via Af wrote: > UBNT not vulnerable as AirOS doesn't have bash, it uses busybox (already > tested this myself). > > EdgeRouters all vu

Re: [AFMUG] Bash specially-crafted environment variables code injection attack

Cool. Sounds like only my Linux boxes are vulnerable really. Already patched them up. -Ty On Thu, Sep 25, 2014 at 3:54 PM, Josh Reynolds via Af wrote: > UBNT not vulnerable as AirOS doesn't have bash, it uses busybox (already > tested this myself). > > EdgeRouters all vulnerable. You can eithe

Re: [AFMUG] Bash specially-crafted environment variables code injection attack

UBNT not vulnerable as AirOS doesn't have bash, it uses busybox (already tested this myself). EdgeRouters all vulnerable. You can either download bash fromdebian stable/security, or wait for an incoming patch. Josh Reynolds, Chief Information Officer SPITwSPOTS, www.spitwspots.com

Re: [AFMUG] Bash specially-crafted environment variables code injection attack

On Centos/Redhat yum update The current patch solves the worst of it as I understand, another patch should be out shortly as well. On Thu, Sep 25, 2014 at 2:42 PM, Ty Featherling via Af wrote: > Noob question but how can I easiest update my linux boxes to get the latest > patches? > > -Ty > >

Re: [AFMUG] Bash specially-crafted environment variables code injection attack

If it runs bash, it's vulnerable. Cisco devices running IOS don't use bash for anything that I know of. I'm not sure about MT, but I doubt that it's a concern there either. On Thu, Sep 25, 2014 at 4:04 PM, Ty Featherling via Af wrote: > Yeah I am trying to figure out what else I may be operati

Re: [AFMUG] Bash specially-crafted environment variables code injection attack

Yeah I am trying to figure out what else I may be operating that is vulnerable. UBNT? Mikrotik? Cisco? -Ty On Thu, Sep 25, 2014 at 3:00 PM, Josh Baird via Af wrote: > It can be exposed by anything that invokes bash - which is a ton of stuff > typically on Linux systems. > > On Thu, Sep 25, 2014

Re: [AFMUG] Bash specially-crafted environment variables code injection attack

It can be exposed by anything that invokes bash - which is a ton of stuff typically on Linux systems. On Thu, Sep 25, 2014 at 2:25 PM, Peter Kranz via Af wrote: > PS.. This vulnerability can be exploited via HTTP/Apache attack vectors, > so you need to patch any vulnerable system running Apache.

Re: [AFMUG] Bash specially-crafted environment variables code injection attack

Well that was easy. Thanks. -Ty On Thu, Sep 25, 2014 at 2:46 PM, Robbie Wright via Af wrote: > sudo apt-get clean && sudo apt-get update && sudo apt-get upgrade && sudo > apt-get autoremove > > > Robbie Wright > Siuslaw Broadband > 541-902-5101 > > On Thu, Sep 25,

Re: [AFMUG] Bash specially-crafted environment variables code injection attack

sudo apt-get clean && sudo apt-get update && sudo apt-get upgrade && sudo apt-get autoremove Robbie Wright Siuslaw Broadband 541-902-5101 On Thu, Sep 25, 2014 at 12:42 PM, Ty Featherling via Af wrote: > Noob question but how can I easiest update my linux boxes to

Re: [AFMUG] Bash specially-crafted environment variables code injection attack

Noob question but how can I easiest update my linux boxes to get the latest patches? -Ty On Thu, Sep 25, 2014 at 1:59 PM, Josh Reynolds via Af wrote: > Upgraded our systems at 6am yesterday for this. Also pulled the bash > .deb out of debian-stable/security for our ubiquiti edgerouters. (I mad

Re: [AFMUG] Bash specially-crafted environment variables code injection attack

Upgraded our systems at 6am yesterday for this. Also pulled the bash .deb out of debian-stable/security for our ubiquiti edgerouters. (I made on a post on the UBNT forumwith the CVE info yesterday.) Side note: TONS of things are affected by this... Josh Reynolds, Chief Information Officer SPIT

Re: [AFMUG] Bash specially-crafted environment variables code injection attack

PS.. This vulnerability can be exploited via HTTP/Apache attack vectors, so you need to patch any vulnerable system running Apache. Peter Kranz Founder/CEO - Unwired Ltd www.UnwiredLtd.com Desk: 510-868-1614 x100 Mobile: 510-207- pkr...@unwiredltd.com -Original Message- From: Af [mai