95% of home routers are not secure from 10 different issues that will not get fixed. I recommend shutting down completely when you are not using your computers.
Tea Glorious Tea!
95% of home routers are not secure from 10 different issues that will not get fixed. I recommend shutting down completely when you are not using your computers.
5 Cups of Ubuntu
It's CVE 2014-6271 and its partially solved. There is another report CVE 2014-7169 that was caused by the prior fix and its unsolved (for now).Originally Posted by Quarkrad
You got the info for testing and the links to both reports in the prior post to yours.
Gee! These Aren't Roasted!
I am in charge of an archive server that doesn't have bash, but it does have sh as the default shell. It runs some proprietary Linux version (actually, I think it might be Ubuntu-based from what I can tell), but it doesn't have apt-get or even any compilers on it. Running the test with "bash" replaced by "sh" reports that it is vulnerable. Does anyone know if there's a patch for sh? Even if there is, I don't know how I would install it since I can't compile anything on it ... I will probably have to get in touch with the vendor.
First Cup of Ubuntu
Sorry if this is a noob question.
upgraded today to 12.04 LTS
I followed the 1st post and believe I was successful. Thank you oldrocker99 for this.Code:env x='() { :;}; echo vulnerable' bash -c "echo this is a test" vulnerable
When I run the 1st test I think what is returned is correct
When I run the 2nd test I'm thinking this not correct?Code:env x='() { :;}; echo vulnerable' /bin/bash.old -c echo vulnerable
Any guidance would be greatly appreciated.Code:env x='() { :;}; echo vulnerable' bash -c echo env: bash: No such file or directory
Thank You
TL
Last edited by translux; September 25th, 2014 at 10:42 PM.
Way Too Much Ubuntu
This space is currently for rent . .
So, in effect, any embedded platform that has busybox would be affected as well?
-------------------------------------
Oooh Shiny: PopularPages
Unumquodque potest reparantur. Patientia sit virtus.
First Cup of Ubuntu
Negative Busybox is OK
From the article linked above.
Iternet of Things (IoT) and embedded devices such as routers may be vulnerable if they’re running BASH. However, many newer devices run a set of tools called BusyBox which offers an alternative to BASH. Devices running BusyBox are not vulnerable to the Bash Bug.
Spilled the Beans
Ubuntu 12.04.5... cleanly re-installed a month ago and updated recently.
Go to Update Manager and get the new bash.
Easy.
Last edited by rob-rushworth; September 26th, 2014 at 04:28 AM.
Ubuntu Member
we are just talking that it is not so easy since it doesn't solve the problem. it is only partial solution, but at least there is. anyway i am hoping we will have this patched by sunday
Read the easy to understand, lots of pics Ubuntu manual.
Do i need antivirus/firewall in linux?
Full disk backup (newer kernel -> suitable for newer PC): Clonezilla
User friendly full disk backup: Rescuezilla
Tea Glorious Tea!
Would you explain this? I know routers are a weak point,what do I gain by shutting a router down when not in use? Minimize exposure?
Adv Reply
Bookmarks