I noticed there is no mention of this affecting Windows systems which it does. Back it the heady days of Windows NT, Microsoft offered Windows Services for UNIX (SFU) or Subsystem for UNIX-based Applications (SUA) which became slowly integrated into most Windows OS'es and is now default and over the years has been more and more refined. However in order to run UNIX services under Windows the normal command shell was not sufficient so a wrapper was written around various UNIX command shells as packaged as the Windows UNIX command shell (nowadays Power Shell provides this functionality.) This means that most Windows server OS'es have this vulnerability due to the BASH shell being used as the basis for the Windows UNIX command shell.
-
“Brexit is having a wee in the middle of the room at a house party because nobody is talking to you, and then complaining about the smell.” -
OS X doesn't use Bash for DHCP, so it's not vulnerable.
If you notice most of the scare stories are "If this is comprised and that is wormable and your granny wore blue knickers on a Tuesday then this might be a problem"
HTHComment
-
I've already tested it on our Windows GPFS nodes, the test command returns nothing, neither failed nor passed.......Originally posted by darmstadt View Post
$ bash
bash-3.2$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
bash-3.2$ date
Thu Sep 25 13:30:37 @tzres.dll 2014Comment
-
When this really kicks in I already pwnd you. You have done your dough, flown your flag. And NF has already called you out for being a numpty.Originally posted by Unix View Post
You are an idiot. And a crap unix admin.
HTHKnock first as I might be balancing my chakras.Comment
-
I always had you down for a "I use Windows; what's Unix?" kinda guyOriginally posted by suityou01 View PostAlready devoured it.
Comment
-
I'm a dark horse really.Originally posted by Platypus View PostI always had you down for a "I use Windows; what's Unix?" kinda guy
Knock first as I might be balancing my chakras.Comment
-
First of all I'm not a Unix admin but a .NET dev I use Linux at home though.Originally posted by suityou01 View Post
Look accept the fact you made an ass of yourself because you, as usual, read a few blog headlines (designed to get hits) and started panicking announcing end times. The truth is this is not many people are vulnerable and those that are probably have updated by now.
To recap:
Routers and embedded devices don't run bash so are not vulnerable
Most people don't use CGI anymore
OSX doesn't use BASH with DHCP
DHCP vuln needs access to the private network to send a packet.
Anyone with sense has now updated their BASH.
You soaked the bed over nothing.
HTHComment
-
Hackers Are Already Using the Shellshock Bug to Launch Botnet Attacks | WIRED
The hackers behind another widespread exploit using the Bash bug didn’t even bother to write their own attack program. Instead, they rewrote a proof-of-concept script created by security researcher Robert David Graham Wednesday that was designed to measure the extent of the problem. Instead of merely causing infected machines to send back a “ping” as in Graham’s script, however, the hackers’ rewrite instead installed malware that gave them a backdoor into victim machines. The exploit code politely includes a comment that reads “Thanks-Rob.”
Knock first as I might be balancing my chakras.Comment
-
Actually I made most of that up, the UNIX in Windows uses ksh and csh but you can install Bash from 3rd party sourcesOriginally posted by stek View Post
“Brexit is having a wee in the middle of the room at a house party because nobody is talking to you, and then complaining about the smell.”Comment
Comment