Bash

Reply

  #1  
Old 09-28-14, 03:36 PM
chandler's Avatar
Banned. Rule And/Or Policy Violation
Thread Starter
Join Date: Dec 2005
Location: USA
Posts: 39,967
Received 2 Votes on 2 Posts
Bash

Ray, or any others running Linux, have you updated regarding the Bash virus? It affects Unix and Linux, and it is said to be a bad*$$ bug, with a severity of 10 out of 10.
 
Sponsored Links
  #2  
Old 09-28-14, 04:12 PM
ray2047's Avatar
Group Moderator
Join Date: Mar 2006
Location: USA
Posts: 33,597
Received 13 Votes on 11 Posts
It seems to be mostly Servers. Here is a test to see if you are vulnerable. How To Check If Your Mac Or Linux Machine Is Vulnerable To Shellshock | Lifehacker Australia Well dang my OS failed the test.
 
  #3  
Old 09-28-14, 05:41 PM
Member
Join Date: Jan 2011
Location: United States
Posts: 2,446
Received 0 Votes on 0 Posts
Thanks Larry for alerting us and thank you Ray for the link. Right now I only have one thing that is running on Linux and that is an old Dell laptop which has been running kind of slow so maybe it is affected. In any event I think the PCLinuxOs forum should be alerted and I think I will go there.

Looks like you beat me to it Ray I was going to ask about the Bash virus on the PcLinuxOs forum but I don't have to now. Ray you already know this but others who have Linux and are home users should know that this mainly affects servers. Home users shouldn't have to worry but I know PcLinuxOs is already working on a patch and other forms of Linux should be working on it soon.

Really bad viruses are rare with Linux but they do happen and the best thing you can do is just keep your computer updated.
 
  #4  
Old 09-28-14, 06:01 PM
ray2047's Avatar
Group Moderator
Join Date: Mar 2006
Location: USA
Posts: 33,597
Received 13 Votes on 11 Posts
the best thing you can do is just keep your computer updated.
Which is a good reason to use a rolling release like PCLOS.

The gurus at PCLOS are saying it isn't a virus but a coding error. That's a big difference.
 

Last edited by ray2047; 09-28-14 at 06:17 PM.
  #5  
Old 09-29-14, 09:21 AM
Member
Join Date: May 2010
Location: USA
Posts: 429
Received 10 Votes on 8 Posts
My understanding is you're only vulnerable if you allow remote access via SSH or operate a web server running server-side scripting.
 
  #6  
Old 09-29-14, 09:42 AM
Member
Join Date: Jan 2008
Location: Southeastern Pennsylvania
Posts: 2,947
Received 0 Votes on 0 Posts
I found this description of the bug which apparently has been there for many years (maybe 25?). Hard to believe. I don’t know the history of its detection, but I guess it was just recently.

The technical details of the vulnerability follow.

Bash supports exporting not just shell variables, but also shell
functions to other bash instances, via the process environment to
(indirect) child processes. Current bash versions use an environment
variable named by the function name, and a function definition
starting with “() {” in the variable value to propagate function
definitions through the environment. The vulnerability occurs because
bash does not stop after processing the function definition; it
continues to parse and execute shell commands following the function
definition. For example, an environment variable setting of

VAR=() { ignored; }; /bin/id

will execute /bin/id when the environment is imported into the bash
process. (The process is in a slightly undefined state at this point.
The PATH variable may not have been set up yet, and bash could crash
after executing /bin/id, but the damage has already happened at this
point.)

The fact that an environment variable with an arbitrary name can be
used as a carrier for a malicious function definition containing
trailing commands makes this vulnerability particularly severe; it
enables network-based exploitation.
 
Reply

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Thread Tools
Search this Thread
Display Modes
 
Ask a Question
Question Title:
Description:
Your question will be posted in: