Discussion:
shell shock
Erez D
2014-09-27 13:24:52 UTC
Permalink
just read about the "new linux bug" in ynet
found out it is a bash exploit

just fyi,

see http://www.engadget.com/2014/09/25/what-is-the-shellshock/
Dolev Farhi
2014-09-27 13:37:25 UTC
Permalink
Yes its all over the place.

For people with web sites, you can use the following online shellshock tester website to check if you are vulnerable in the following url:
https://shellshock.detectify.com

------ Original message------
From: Erez D
Date: Sat, Sep 27, 2014 16:25
To: linux-il;
Subject:shell shock

just read about the "new linux bug" in ynet
found out it is a bash exploit

just fyi,

see http://www.engadget.com/2014/09/25/what-is-the-shellshock/
Erez D
2014-09-27 13:49:47 UTC
Permalink
Post by Dolev Farhi
Yes its all over the place.
that is why I was suprised it was not mentioned in linux-il ;-)
Post by Dolev Farhi
For people with web sites, you can use the following online shellshock
https://shellshock.detectify.com
------ Original message------
*From: *Erez D
*Date: *Sat, Sep 27, 2014 16:25
*To: *linux-il;
*Subject:*shell shock
just read about the "new linux bug" in ynet
found out it is a bash exploit
just fyi,
see http://www.engadget.com/2014/09/25/what-is-the-shellshock/
Shlomo Solomon
2014-09-28 12:49:04 UTC
Permalink
I'm not an expert, but as I understand it,
https://shellshock.detectify.com can only check if your box is exposed
to the internet. So if you have an un-patched bash but you are, for
example, protected by a firewall, your un-patched bash wouldn't be
detected.

The site mentioned in the earlier post -
http://www.engadget.com/2014/09/25/what-is-the-shellshock/ is probably
better, because it checks the actual bash vulnerability.

But that's still not the entire story. Here's a link to another article
discussing patches that solve only part of the problem and explains
how to check if you have the latest patch:
http://www.zdnet.com/shellshock-better-bash-patches-now-available-7000034115/



On Sat, 27 Sep 2014 16:49:47 +0300
Post by Erez D
Post by Dolev Farhi
Yes its all over the place.
that is why I was suprised it was not mentioned in linux-il ;-)
Post by Dolev Farhi
For people with web sites, you can use the following online
shellshock tester website to check if you are vulnerable in the
https://shellshock.detectify.com
------ Original message------
*From: *Erez D
*Date: *Sat, Sep 27, 2014 16:25
*To: *linux-il;
*Subject:*shell shock
just read about the "new linux bug" in ynet
found out it is a bash exploit
just fyi,
see http://www.engadget.com/2014/09/25/what-is-the-shellshock/
--
Shlomo Solomon
http://the-solomons.net
Sent by Claws Mail 3.9.0 - KDE 4.10.5 - LINUX Mageia 3
Dolev Farhi
2014-09-27 13:54:02 UTC
Permalink
Probably shellshock overdose for some people...

------ Original message------
From: Erez D
Date: Sat, Sep 27, 2014 16:50
To: Dolev Farhi;
Cc: linux-***@cs.huji.ac.il;
Subject:Re: shell shock



On Sat, Sep 27, 2014 at 4:37 PM, Dolev Farhi <***@yahoo.com> wrote:
Yes its all over the place.
that is why I was suprised it was not mentioned in linux-il ;-)

For people with web sites, you can use the following online shellshock tester website to check if you are vulnerable in the following url:
https://shellshock.detectify.com

------ Original message------
From: Erez D
Date: Sat, Sep 27, 2014 16:25
To: linux-il;
Subject:shell shock

just read about the "new linux bug" in ynet
found out it is a bash exploit

just fyi,

see http://www.engadget.com/2014/09/25/what-is-the-shellshock/
Loading...