Go Back   Android Forums > Android Forums Community > The Lounge > Computers & IT

New Forums: Nexus Player | Nexus 9
Like Tree6Likes
  • 1 Post By palmtree5
  • 2 Post By MoodyBlues
  • 1 Post By iowabowtech
  • 1 Post By Dngrsone
  • 1 Post By MoodyBlues

test: Reply
 
LinkBack Thread Tools
Old September 25th, 2014, 12:18 PM   #1 (permalink)
Sunny Vacation Supporter!
Thread Author (OP)
 
palmtree5's Avatar
 
Join Date: May 2012
Location: USA
Gender: Male
Posts: 3,890
 
Device(s): HTC One SV, Samsung Galaxy Prevail (retired), Nexus 7 (Gen 1)
Carrier: Boost Mobile

Thanks: 2,524
Thanked 2,323 Times in 1,228 Posts
Cool IMPORTANT: Shellshock -- *nix bash vulnerability

Bug in Bash shell creates big security hole on anything with *nix in it [Updated] | Ars Technica
iowabowtech likes this.

Advertisements
__________________
Find a post helpful? Hit
See spam or something offensive? Hit
New to the site? Site Rules/Guidelines and Introductions
Not a member yet but want to join? Join here!
Want to chat with staff?Here
Want to chat with mods?Here
palmtree5 is online now  
Reply With Quote
The Following 2 Users Say Thank You to palmtree5 For This Useful Post:
iowabowtech (September 25th, 2014), MoodyBlues (September 25th, 2014)
sponsored links
Old September 25th, 2014, 12:50 PM   #2 (permalink)
Moderati ergo sum
 
lunatic59's Avatar
 
Join Date: Jun 2010
Location: Pennsylvania
Posts: 25,317
 
Device(s): Galaxy Note 10.1 (2014), Nexus 4, Galaxy S II, Captivate, Nexus 1, Nook Color, Asus Transformer T-1
Carrier: AT&T

Thanks: 8,541
Thanked 13,580 Times in 7,430 Posts
Default

Already updated bash on my servers. I wonder if Apple or the Mac community are really that effected?
__________________
_
If the information is useful, Like the post, if the person was helpful, Thank the member.
RULES: Lest we forget | This part of signature intentionally left blank.
_________________________________________________

No Ivory-Billed Woodpeckers were harmed in the composition of this message.
lunatic59 is offline  
Reply With Quote
Old September 25th, 2014, 12:58 PM   #3 (permalink)
Sunny Vacation Supporter!
Thread Author (OP)
 
palmtree5's Avatar
 
Join Date: May 2012
Location: USA
Gender: Male
Posts: 3,890
 
Device(s): HTC One SV, Samsung Galaxy Prevail (retired), Nexus 7 (Gen 1)
Carrier: Boost Mobile

Thanks: 2,524
Thanked 2,323 Times in 1,228 Posts
Default

Quote:
Originally Posted by lunatic59 View Post
Already updated bash on my servers. I wonder if Apple or the Mac community are really that effected?
Think Bash is the default on Macs
palmtree5 is online now  
Reply With Quote
Old September 25th, 2014, 01:03 PM   #4 (permalink)
Moderati ergo sum
 
lunatic59's Avatar
 
Join Date: Jun 2010
Location: Pennsylvania
Posts: 25,317
 
Device(s): Galaxy Note 10.1 (2014), Nexus 4, Galaxy S II, Captivate, Nexus 1, Nook Color, Asus Transformer T-1
Carrier: AT&T

Thanks: 8,541
Thanked 13,580 Times in 7,430 Posts
Default

Quote:
Originally Posted by palmtree5 View Post
Think Bash is the default on Macs
or does Apple include their own iteration ... iBash? I would assume for the vulnerability to work, they'd need an open port (http:80?) and http services enabled.
lunatic59 is offline  
Reply With Quote
Old September 25th, 2014, 01:14 PM   #5 (permalink)
- Crazy peacock person -
 
MoodyBlues's Avatar
 
Join Date: Jan 2011
Location: /home/LosAngeles
Posts: 3,340
 
Device(s): Kindle Fire HD 8.9" (rooted), Motorola Atrix 2, Motorola Atrix 4G (retired), Motorola Bravo (retired
Carrier: AT&T

Thanks: 1,094
Thanked 1,564 Times in 969 Posts
Default

Thanks for posting this. I was unaware of it.

I hadn't applied today's system updates yet...

Quote:
$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
vulnerable
this is a test


...but now I have:

Quote:
$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a test
__________________


MoodyBlues is offline  
Reply With Quote
Old September 25th, 2014, 01:14 PM   #6 (permalink)
Sunny Vacation Supporter!
Thread Author (OP)
 
palmtree5's Avatar
 
Join Date: May 2012
Location: USA
Gender: Male
Posts: 3,890
 
Device(s): HTC One SV, Samsung Galaxy Prevail (retired), Nexus 7 (Gen 1)
Carrier: Boost Mobile

Thanks: 2,524
Thanked 2,323 Times in 1,228 Posts
Default

Seems like they might be using a rather outdated version of bash...

version.h (Bash 3.2.51)

Current is 4.3.24
palmtree5 is online now  
Reply With Quote
Old September 25th, 2014, 01:31 PM   #7 (permalink)
Senior Member
 
Dngrsone's Avatar
 
Join Date: Jan 2013
Location: Centrally located far from everywhere
Gender: Male
Posts: 1,582
 
Device(s): Samsung Galaxy S II 'Epic 4G Touch' SPH-D710, Samsung Galaxy Tab 2 7.0
Carrier: Sprint

Thanks: 166
Thanked 348 Times in 281 Posts
Default

I patched last night... sometimes Canonical does do things right.


*** Edit: Hrm, just updated again.
Dngrsone is offline  
Last edited by Dngrsone; September 25th, 2014 at 05:49 PM.
Reply With Quote
Old September 25th, 2014, 07:15 PM   #8 (permalink)
root@android:/ #
 
iowabowtech's Avatar
 
Join Date: May 2010
Location: Iowa|USA
Posts: 10,678
 
Device(s): LG G2
Carrier: VZW

Thanks: 5,459
Thanked 7,741 Times in 4,097 Posts
Default [Unix][Linux][OS X] Shellshock Vuln

I haven't had much time to research this yet but I'm assuming it may already be patched in the major distros?

Bash shell 'Shellshock' flaw opens OS X, Linux, more to attack, called 'bigger than Heartbleed'

Patch Bash NOW: 'Shell Shock' bug blasts OS X, Linux systems wide open • The Register Forums
__________________
Posted from my bent iphone 6 formerly running iOS 8.0.1
iowabowtech is online now  
Reply With Quote
Old September 25th, 2014, 07:22 PM   #9 (permalink)
- Crazy peacock person -
 
MoodyBlues's Avatar
 
Join Date: Jan 2011
Location: /home/LosAngeles
Posts: 3,340
 
Device(s): Kindle Fire HD 8.9" (rooted), Motorola Atrix 2, Motorola Atrix 4G (retired), Motorola Bravo (retired
Carrier: AT&T

Thanks: 1,094
Thanked 1,564 Times in 969 Posts
Default

Quote:
Originally Posted by iowabowtech View Post
Threads split and merged; this deserved its own thread. Thanks to iowabowtech for the excellent suggestion.
iowabowtech and palmtree5 like this.
MoodyBlues is offline  
Last edited by MoodyBlues; September 25th, 2014 at 07:57 PM.
Reply With Quote
The Following 2 Users Say Thank You to MoodyBlues For This Useful Post:
iowabowtech (September 25th, 2014), palmtree5 (September 25th, 2014)
Old September 25th, 2014, 07:24 PM   #10 (permalink)
- Crazy peacock person -
 
MoodyBlues's Avatar
 
Join Date: Jan 2011
Location: /home/LosAngeles
Posts: 3,340
 
Device(s): Kindle Fire HD 8.9" (rooted), Motorola Atrix 2, Motorola Atrix 4G (retired), Motorola Bravo (retired
Carrier: AT&T

Thanks: 1,094
Thanked 1,564 Times in 969 Posts
Default

Quote:
Originally Posted by Dngrsone View Post
I patched last night... sometimes Canonical does do things right.


*** Edit: Hrm, just updated again.
Do you have yours set to update automatically? I don't. I like to see, and perhaps pick and choose, what's on tap to be updated.
MoodyBlues is offline  
Reply With Quote
sponsored links
Old September 25th, 2014, 08:05 PM   #11 (permalink)
root@android:/ #
 
iowabowtech's Avatar
 
Join Date: May 2010
Location: Iowa|USA
Posts: 10,678
 
Device(s): LG G2
Carrier: VZW

Thanks: 5,459
Thanked 7,741 Times in 4,097 Posts
Default

Quote:
Originally Posted by MoodyBlues View Post
Thanks for posting this. I was unaware of it.

I hadn't applied today's system updates yet...





...but now I have:



Same results here in the same order. Oh wait, you run the premier distro too, should have known we'd have similar findings.

...ducks for cover...









I kid, I kid. No distro wars please.
MoodyBlues likes this.
iowabowtech is online now  
Reply With Quote
Old September 25th, 2014, 08:08 PM   #12 (permalink)
- Crazy peacock person -
 
MoodyBlues's Avatar
 
Join Date: Jan 2011
Location: /home/LosAngeles
Posts: 3,340
 
Device(s): Kindle Fire HD 8.9" (rooted), Motorola Atrix 2, Motorola Atrix 4G (retired), Motorola Bravo (retired
Carrier: AT&T

Thanks: 1,094
Thanked 1,564 Times in 969 Posts
Default

Quote:
Originally Posted by iowabowtech View Post
Same results here in the same order. Oh wait, you run the premier distro too, should have known we'd have similar findings.

...ducks for cover...






I kid, I kid. No distro wars please.
OH NO!!

MoodyBlues is offline  
Reply With Quote
Old September 25th, 2014, 08:15 PM   #13 (permalink)
Senior Member
 
Dngrsone's Avatar
 
Join Date: Jan 2013
Location: Centrally located far from everywhere
Gender: Male
Posts: 1,582
 
Device(s): Samsung Galaxy S II 'Epic 4G Touch' SPH-D710, Samsung Galaxy Tab 2 7.0
Carrier: Sprint

Thanks: 166
Thanked 348 Times in 281 Posts
Default

Quote:
Originally Posted by MoodyBlues View Post
Do you have yours set to update automatically? I don't. I like to see, and perhaps pick and choose, what's on tap to be updated.
No, I get alerts, and pick and choose which updates I want to install. Otherwise, I'd be forever uninstalling bad updates.
MoodyBlues likes this.
Dngrsone is offline  
Reply With Quote
Old September 27th, 2014, 03:24 PM   #14 (permalink)
- Crazy peacock person -
 
MoodyBlues's Avatar
 
Join Date: Jan 2011
Location: /home/LosAngeles
Posts: 3,340
 
Device(s): Kindle Fire HD 8.9" (rooted), Motorola Atrix 2, Motorola Atrix 4G (retired), Motorola Bravo (retired
Carrier: AT&T

Thanks: 1,094
Thanked 1,564 Times in 969 Posts
Default

Pay attention to your ongoing system update notifications, *buntu folks. I've now had bash updates three days in a row.
iowabowtech likes this.
MoodyBlues is offline  
Reply With Quote
Reply


Go Back   Android Forums > Android Forums Community > The Lounge > Computers & IT
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT -5. The time now is 06:08 PM.
Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.