Kitz ADSL Broadband Information
adsl spacer  
Support this site
Home Broadband ISPs Tech Routers Wiki Forum
 
     
   Compare ISP   Rate your ISP
   Glossary   Glossary
 
Please login or register.

Login with username, password and session length
Advanced search  

News:

Pages: 1 [2]

Author Topic: Shellshock, bash exploit  (Read 9245 times)

Chrysalis

  • Content Team
  • Addicted Kitizen
  • *
  • Posts: 7403
  • VM Gig1 - AAISP CF
Re: Shellshock, bash exploit
« Reply #15 on: September 30, 2014, 04:38:09 AM »
I have been trying to block it on mod security, and of course any other security layers to stop bash been accessed easily via http, one should never rely on one layer of security only.

Also worth pointing out tho that pretty much all distro's are at least 2 patches behind, on bsd I have 4.3.27, yet debian etc. are stuck with 4.3.25 at best. on 4.3.26 and newer they disabled a lot more functions by default.
Logged

burakkucat

  • Respected
  • Senior Kitizen
  • *
  • Posts: 38300
  • Over the Rainbow Bridge
    • The ELRepo Project
Re: Shellshock, bash exploit
« Reply #16 on: September 30, 2014, 05:24:49 PM »
The are many shells available for use. The simplest solution would be to use an alternate shell in place of bash.  ::)
Logged
:cat:  100% Linux and, previously, Unix. Co-founder of the ELRepo Project.

Please consider making a donation to support the running of this site.

boost

  • Reg Member
  • ***
  • Posts: 768
Re: Shellshock, bash exploit
« Reply #17 on: September 30, 2014, 06:55:27 PM »
Quote from: burakkucat on September 30, 2014, 05:24:49 PM
The are many shells available for use. The simplest solution would be to use an alternate shell in place of bash.  ::)

I'd like to see that change request!

I would guess even though changing the shell is trivial, it's the legacy scripts people have been using for donkeys that rely on bash or similar. Even if they would directly port to korn, I'm guessing nobody wants the job of having to analyse someone's bastardised scripts from >10 years ago :P
Logged

neilius

  • Reg Member
  • ***
  • Posts: 105
Re: Shellshock, bash exploit
« Reply #18 on: September 30, 2014, 07:11:19 PM »
This is also affecting OS X although Apple are playing it down. But they have released a patch. Last time I checked it's not offered as a software update but rather as a manual download for those who want it.

http://support.apple.com/kb/DL1769
Logged

kitz

  • Administrator
  • Senior Kitizen
  • *
  • Posts: 33884
  • Trinity: Most guys do.
    • http://www.kitz.co.uk
Re: Shellshock, bash exploit
« Reply #19 on: September 30, 2014, 07:27:20 PM »
Yep I saw that they are definitely playing it down.  Whether or not that is a good idea i dont know  :-\

Quote
For the protection of our customers, Apple does not disclose, discuss or confirm security issues until a full investigation has occurred and any necessary patches or releases are available.

Thanks for that link.. I note there's one thats needing doing for my ATV..  which I never thought about.  I'll check and do it later.
Logged
Please do not PM me with queries for broadband help as I may not be able to respond.
-----
How to get your router line stats :: ADSL Exchange Checker

neilius

  • Reg Member
  • ***
  • Posts: 105
Re: Shellshock, bash exploit
« Reply #20 on: September 30, 2014, 07:29:42 PM »
Yup. I've got about 300 Macs to worry about and we're still testing 10.9.5 (it's only on a few machines at the moment) so that now needs to be fast tracked and then this patch can be deployed. Fun.
Logged

kitz

  • Administrator
  • Senior Kitizen
  • *
  • Posts: 33884
  • Trinity: Most guys do.
    • http://www.kitz.co.uk
Re: Shellshock, bash exploit
« Reply #21 on: September 30, 2014, 08:33:40 PM »
« Last Edit: September 30, 2014, 08:39:47 PM by kitz »
Logged
Please do not PM me with queries for broadband help as I may not be able to respond.
-----
How to get your router line stats :: ADSL Exchange Checker
Pages: 1 [2]
« previous next »