"ShellShock" - what are you doing?

Richmond richmondmathewson at gmail.com
Thu Sep 25 14:40:03 EDT 2014


On 25/09/14 21:36, Dirk prive wrote:
> You can find a tester for it at
> https://shellshocker.net/

Having updated my Linux machines, and then running:

env x='() { :;}; echo vulnerable' bash -c "echo this is a test"

I get "vulnerable"

currently filling my knickers.

Richmond.

>
> Dirk Cleenwerck
>
> On Thu, Sep 25, 2014 at 8:30 PM, Mike Kerner <MikeKerner at roadrunner.com>
> wrote:
>
>> Watch the patches.  The white hats are discovering that many of them are
>> incomplete.  I've seen at least two follow-up scripts that try to exploit
>> the patches.
>>
>> You can always dump bash for another shell, and avoid the issue until it's
>> fixed for realzies.
>>
>> On Thu, Sep 25, 2014 at 2:21 PM, Richard Gaskin <
>> ambassador at fourthworld.com>
>> wrote:
>>
>>> I've been spending the morning reading up on the recently-discovered
>>> "Shell Shock" vulnerability.
>>>
>>> Most of my Ubuntu machines were already patched, but it seems Apple
>> hasn't
>>> issued a patch as of this writing.
>>>
>>> Anyone here heard any definitive word on when Apple will provide a patch,
>>> or when the second round of patches for other systems will become
>> available?
>>> --
>>>   Richard Gaskin
>>>   Fourth World Systems
>>>   Software Design and Development for the Desktop, Mobile, and the Web
>>>   ____________________________________________________________________
>>>   Ambassador at FourthWorld.com                http://www.FourthWorld.com
>>>
>>> _______________________________________________
>>> use-livecode mailing list
>>> use-livecode at lists.runrev.com
>>> Please visit this url to subscribe, unsubscribe and manage your
>>> subscription preferences:
>>> http://lists.runrev.com/mailman/listinfo/use-livecode
>>>
>>
>>
>> --
>> On the first day, God created the heavens and the Earth
>> On the second day, God created the oceans.
>> On the third day, God put the animals on hold for a few hours,
>>     and did a little diving.
>> And God said, "This is good."
>> _______________________________________________
>> use-livecode mailing list
>> use-livecode at lists.runrev.com
>> Please visit this url to subscribe, unsubscribe and manage your
>> subscription preferences:
>> http://lists.runrev.com/mailman/listinfo/use-livecode
>>
> _______________________________________________
> use-livecode mailing list
> use-livecode at lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode





More information about the use-livecode mailing list