-
I assume this morning's update of Firefox and BASH includes the latest, correct BASH update, fixing the bug?Leave a comment:
-
I only found out about this Bash bug AFTER this morning's automatic update of FireFox and Bash.
http://www.abc.net.au/news/2014-09-2...tbleed/5769076
Nothing like a sensational headline ...
Tod Beardsley, an engineering manager at cybersecurity firm Rapid7, warned the bug was rated a "10" for severity, meaning it has maximum impact, and rated "low" for complexity of exploitation, meaning it is relatively easy for hackers to launch attacks.
"Using this vulnerability, attackers can potentially take over the operating system, access confidential information, make changes, et cetera," he said.
http://www.ubuntu.com/usn/usn-2362-1/
Details
Stephane Chazelas discovered that Bash incorrectly handled trailing code in
function definitions. An attacker could use this issue to bypass
environment restrictions, such as SSH forced command environments.
Despite the fact that Bash has been around for decades, I doubt that a script kiddie could have exploited it. Professional hacker?
No known exploits have been reported for this security hole, and no major Linux bot farms have been created since a group of crooks, several years ago, took 6 months to create a Linux bot farm from 700 servers that they MANUALLY broke into because they were poorly secured using default or no passwords. As usual, when you use passwords like that no holes are needed.Last edited by GreyGeek; Sep 25, 2014, 07:29 AM.Leave a comment:
-
see hear........................ https://www.kubuntuforums.net/showth...rability-found
the patched bash is out .......do yourtodayCode:sudo apt-get update && sudo apt-get dist-upgrade
VINNYLeave a comment:
-
patched ver.Code:apt search bash .................................. bash/trusty-updates,trusty-security,now [COLOR=#ff0000]4.3-7ubuntu1.1[/COLOR] amd64 [installed] GNU Bourne Again SHell
VINNYLeave a comment:
-
yes Ubuntu is on it ,,,,,,,, http://www.ubuntu.com/usn/usn-2362-1/ installing the updated bash now .......in a regular update "dist-upgrade"
VINNYLeave a comment:
-
A new BASH bug?
Sept 24th:
New 'Bash' software bug may pose bigger threat than 'Heartbleed'
http://www.reuters.com/article/2014/...0HJ2FQ20140924
What's this? A friend pointed this out this morning. Fyi.Leave a comment:
-
A new BASH bug?
Im guessing most of you guys have seen this already, but:
http://www.bbc.com/news/technology-29361794
Bash was part of today's update, so Im guessing Ubuntu is already on top ot it. Does Android use Bash?The flaw has been found in a software component known as Bash, which is a part of many Linux systems as well as Apple's Mac operating system.
The bug, dubbed Shellshock, can be used to remotely take control of almost any system using Bash, researchers said.
- If you have copied text output that contains formatting (colors, highlighting, etc.), please do not enclose it in QUOTE or CODE tags. Just right-click your mouse and choose "Paste Without Formatting" or similar (Paste as plain text).
Leave a comment: