Originally posted by stek
View Post
-
Cheers stek, will give them a kick later! -
Although from the horses mouth
USN-2362-1: Bash vulnerability | Ubuntu
Ubuntu Security Notice USN-2362-1
24th September, 2014
bash vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
Ubuntu 14.04 LTS
Ubuntu 12.04 LTS
Ubuntu 10.04 LTS
Summary
Bash allowed bypassing environment restrictions in certain environments.
Knock first as I might be balancing my chakras.Comment
-
Not really cos 99.99% of desktops that would normally use DHCP are hidden behind NAT. Safe, unless you've been pissing around with port forwarding on your NAT router.Originally posted by CheeseSlice View PostIf DHCP and Macs are affected, thats going to be a problem for some creative/digital businesses.
All it would take is a worm to set up rogue DHCP servers on each infected host and it would be a fast spreading Denial of service infection akin to Blaster or SQL Slammer.
I imagine businesses running mainly Macs are also going to take a relaxed approach to endpoint security, since its commonfolkloreknowledge "Macs dont get viruses"
I'd warrant there's next to no (if any) host on public IP's with a DHCP issued one. Of course that won't stop internal meddling.....Comment
-
Bash is on every Ubuntu box I have and I haven't ever explicitly installed it. Dash is simply the *default* shell, it doesn't mean others aren't on the system.Originally posted by stek View PostComment
-
-
SQL Slammer made it behind plenty of firewalled networks. I was working at a very large firm when it spread fast across the corporate network. No idea how it got in, but it did.Originally posted by stek View Post
All it takes is for one user to be fooled to execute a file attached to an email, and then its in.Comment
-
I'm not googling SQL-slammer now! lol!Originally posted by CheeseSlice View Post
I've got some Mr Kipling Viennese Whirls.Comment
-
Or an unpatchable embedded system to be compromised.Originally posted by CheeseSlice View Post
I am telling you now, this will run and run.Knock first as I might be balancing my chakras.Comment
-
Already posted this in Technical earlier today, but I might as well tack it on here too for those who only see this thread: Troy Hunt: Everything you need to know about the Shellshock Bash bug
Comment
-
Already devoured it.Originally posted by NickFitz View PostAlready posted this in Technical earlier today, but I might as well tack it on here too for those who only see this thread: Troy Hunt: Everything you need to know about the Shellshock Bash bug
Knock first as I might be balancing my chakras.Comment
Comment