Bash remote vulnerability

ginggs

ginggs

༼ つ ◕_◕ ༽つ
Super Moderator
Joined
Jun 26, 2006
Messages
12,171
Reaction score
737
Location
Kapkaupunki
http://alblue.bandlem.com/2014/09/bash-remote-vulnerability.html

As you’ve probably heard, there’s a remote vulnerability in Bash, which means that an attacker can supply a malicious code by virtue of passing in an environment variable with a specially crafted value that is then executed by Bash when a new shell starts up. This could potentially give an attacker control over an account running requests, which could include any HTTP request (variables such as REMOTE_HOST are passed through to CGI scripts by default) as well as certain environment variables in SSH (such as TERM).

I have written about this more at InfoQ, and most major operating system vendors have published updates to their versions of Bash.

Apple typically take time to fix these issues, so in the meantime, if you have an OSX server estate you are advised to upgrade to a new version of bash immediately.

If you have the Xcode developer tools available, you can compile it yourself as follows:
Click to expand...
 
Mod please move - this is Mac OS X not some linux rubbish



:D

Thanks for the link Ginggs. I have two servers I may need to take action with - depending on what plans their owners have for their futures. They are in the process of retiring them (OS X 10.5, so a few years old now).
 
Does this bash thing also apply if you do not have an AppleTV or Apple remote? Clicking on the geek link above got me this error:

51023346.jpg
 
MagicDude4Eva said:
I heard that hackers specifically target the deletion of Clifton Shores and Project Runway - soooo worried right now
Click to expand...

Never realized you stayed in the East ;) if they can just figure out how to block Justin Bieber, I might allow them full access
 
creeper said:
Never realized you stayed in the East ;) if they can just figure out how to block Justin Bieber, I might allow them full access
Click to expand...
Justin Bieber is the malicious code they inject into your system.
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X