• Hey, guest user. Hope you're enjoying NeoGAF! Have you considered registering for an account? Come join us and add your take to the daily discourse.

"Shellshock" vulnerability (Bash command related - affects Linux/OSX) in the news

Status
Not open for further replies.
B

batteryLeakage

Neo Member
Technosteve said:
vulnerable
this is a test

how do i update my bash shell? in OS X terminal?
Click to expand...

Apple might push out a security update soon (not sure how responsive they are to these sort of things) but you can build the newest version of bash yourself if you want. You can download XCode (need register with Apple at https://developer.apple.com/ ) and then follow the instructions in the link below.

https://apple.stackexchange.com/questions/146849/how-do-i-recompile-bash-to-avoid-the-remote-exploit-cve-2014-6271-and-cve-2014-7/146851#146851
 
B

BlackGoku03

Member
I got notification this morning from work. I don't have any Linux based servers at my site so I'm good. We do use them for other servers hosted elsewhere... not my problem though. :)
 
C

Cizeta-Moroder

Banned
Okay so... I'm a bit of a noob.
I have Nokia N900 with Maemo, which apparently doesn't have this bash thing by default. Running the command in X Terminal returned
-sh: bash: not found
Click to expand...
But on the other hand, I have Easydebian environment installed on it. With debbie it returned
vulnerable
this is a test
Click to expand...
I assume I'm still safe when operating outside the Debian environment? Should I worry as I use regularly Libreoffice under the Debian LXDE? Maemo and Easydebian have a strong community, but I'm not all that confident in my ability to update this thing.
 
C

cooljeanius

Member
Technosteve said:
shit i have xcode uninstalled, why couldn't this just be a brew package i update =(
Click to expand...
Both Homebrew and MacPorts already have their copies bash patched (haven't seen an update for Fink's yet though), so you could just update one of those and then set that as your default shell. The Xcode instructions are just for replacing your system, Apple-provided copy of bash. Actually, on second thought, even if you go the package manager route, I'm pretty sure Homebrew/MacPorts/Fink etc. all require you to have Xcode installed anyways to build anything from source, so idk how the package manager route would really be that much easier if you have Xcode uninstalled...
 
B

Blizzard

Banned
MartyStu said:
Yes there is. Most systems have one.
Click to expand...
Like Linux distributions? Can you do a "ls -l /bin/sh" out of curiosity? Which distro do you have?

*edit* On another note, I'm seeing people say that the bash patch may not have fixed all the environment variable vulnerabilities and they're still investigating.
 
LoveCake

LoveCake

Member
SirCheese said:
I'm surprised this thread isn't getting more replies. It's a huge potential threat, but I guess GAFers are more concerned about their phones bending.

Just spent an hour educating myself about different Linux shells and trying to find out if my router at home is vulnerable. At work, so can't do the test.
Click to expand...

I am wondering this myself, anyone know what can be done if their router is at risk?
 
Sapiens

Sapiens

Member
I have two websites on VPSs - one is 14.04 so it's fine after an update, but the other is 10.10 and an update to the shell is not available.

FUCK, I don't want to have to upgrade it as it's already running on bare min specs. Oh well.
 
GungHo

GungHo

Single-handedly caused Exxon-Mobil to sue FOX, start World War 3
SirCheese said:
I'm surprised this thread isn't getting more replies. It's a huge potential threat, but I guess GAFers are more concerned about their phones bending.
Click to expand...
It's a gaming site with interest in end user devices and pop culture, not a corporate security admin site. If you ask these people what a jump box is, they're going to think it's some shit you do to a console, and they think passing the hash is a drug reference.
 
Sapiens

Sapiens

Member
So, I need a little help.

My Ubuntu 10.10 server is mainly there to run a couple rails apps (apache, passenger, sqlite) so nothing crazy. I`ve got a a little traffic going through it, but nothing crazy.

Any way, server admin is not my forte - I can install stuff, configure a little, but I`m not super familiar with back up and restore process.

What I want to know is if there is a way to back up the entirey of that VPS (including running services, etc) to a local file via SSH, reinstal a newer version of ubuntu, and then restore the files and services.

Any help is appreciated.
 
K

KHarvey16

Member
Sapiens said:
So, I need a little help.

My Ubuntu 10.10 server is mainly there to run a couple rails apps (apache, passenger, sqlite) so nothing crazy. I`ve got a a little traffic going through it, but nothing crazy.

Any way, server admin is not my forte - I can install stuff, configure a little, but I`m not super familiar with back up and restore process.

What I want to know is if there is a way to back up the entirey of that VPS (including running services, etc) to a local file via SSH, reinstal a newer version of ubuntu, and then restore the files and services.

Any help is appreciated.
Click to expand...

I thought the fix was to just patch bash?
 
M

MartyStu

Member
Blizzard said:
Like Linux distributions? Can you do a "ls -l /bin/sh" out of curiosity? Which distro do you have?

*edit* On another note, I'm seeing people say that the bash patch may not have fixed all the environment variable vulnerabilities and they're still investigating.
Click to expand...

Took a look at my servers, and you are absolutely correct.

Sapiens said:
10.10 is not supported anymore. Apt-get update/apt-get install bash does't fix it.

Everything went fine on my Ubuntu 14 VPS
Click to expand...

Build it from source.

Edit: Oops, looks like you did.
 
S

Stumpokapow

listen to the mad man
cooljeanius said:
Only for Mavericks? wtf, this affects older versions of OS X, too, which some people still have good reason to use...
Click to expand...

There's... not really any reason to run OSX server at all at this point, honestly. The XSan isn't a best-in-breed storage solution, XServe doesn't exist, and in the virtualization era any virtualized shard of any server hardware is going to outperform a Mac Mini, and almost no one needs ONE POWERHOUSE server instance for the Mac Pro.
 
C

cooljeanius

Member
Stumpokapow said:
There's... not really any reason to run OSX server at all at this point, honestly. The XSan isn't a best-in-breed storage solution, XServe doesn't exist, and in the virtualization era any virtualized shard of any server hardware is going to outperform a Mac Mini, and almost no one needs ONE POWERHOUSE server instance for the Mac Pro.
Click to expand...
I said "older versions"; I didn't mention anything about the server edition...
 
Jezbollah

Jezbollah

Member
Morning all.

I have updated the OP with links kindly provided by Jobiensis, Sapiens, infiniteloop and Guess Who. Thank you very much.
 
Status
Not open for further replies.

Similar threads

Ken Kutaragi is the Greatest 'emperor' Of All Time and remains SIE's only true visionary
Opinion 2 3 4
156
14K
GAF machine replied
  • Locked
bash and other Linux command line utiltiies coming to Windows 10
2 3 4
161
15K
gamz replied
  • Locked
It’s Insanely Easy to Hack Hospital Equipment
13
3K
Glass Rebel replied
Apple Watch |OT| Apple invents the watch!
139 140 141 142 143
7K
589K
Aldebaran replied
  • Locked
15 Films to See in June (what are you watching?)
2
73
8K
RBelong2Us replied
Top Bottom