Bash
#1
09-28-14, 03:36 PM
Bash
Ray, or any others running Linux, have you updated regarding the Bash virus? It affects Unix and Linux, and it is said to be a bad*$$ bug, with a severity of 10 out of 10.
#2
09-28-14, 04:12 PM
It seems to be mostly Servers. Here is a test to see if you are vulnerable. How To Check If Your Mac Or Linux Machine Is Vulnerable To Shellshock | Lifehacker Australia Well dang my OS failed the test.
#3
09-28-14, 05:41 PM
Member
Join Date: Jan 2011
Location: United States
Posts: 2,412
Upvotes: 0
Received 0 Upvotes
on
0 Posts
Thanks Larry for alerting us and thank you Ray for the link. Right now I only have one thing that is running on Linux and that is an old Dell laptop which has been running kind of slow so maybe it is affected. In any event I think the PCLinuxOs forum should be alerted and I think I will go there.
Looks like you beat me to it Ray I was going to ask about the Bash virus on the PcLinuxOs forum but I don't have to now. Ray you already know this but others who have Linux and are home users should know that this mainly affects servers. Home users shouldn't have to worry but I know PcLinuxOs is already working on a patch and other forms of Linux should be working on it soon.
Really bad viruses are rare with Linux but they do happen and the best thing you can do is just keep your computer updated.
Looks like you beat me to it Ray I was going to ask about the Bash virus on the PcLinuxOs forum but I don't have to now. Ray you already know this but others who have Linux and are home users should know that this mainly affects servers. Home users shouldn't have to worry but I know PcLinuxOs is already working on a patch and other forms of Linux should be working on it soon.
Really bad viruses are rare with Linux but they do happen and the best thing you can do is just keep your computer updated.
#4
09-28-14, 06:01 PM
the best thing you can do is just keep your computer updated.
The gurus at PCLOS are saying it isn't a virus but a coding error. That's a big difference.
Last edited by ray2047; 09-28-14 at 06:17 PM.
#5
09-29-14, 09:21 AM
Member
My understanding is you're only vulnerable if you allow remote access via SSH or operate a web server running server-side scripting.
#6
09-29-14, 09:42 AM
Join Date: Jan 2008
Location: Southeastern Pennsylvania
Posts: 3,102
Received 93 Upvotes
on
85 Posts
I found this description of the bug which apparently has been there for many years (maybe 25?). Hard to believe. I don’t know the history of its detection, but I guess it was just recently.
The technical details of the vulnerability follow.
Bash supports exporting not just shell variables, but also shell
functions to other bash instances, via the process environment to
(indirect) child processes. Current bash versions use an environment
variable named by the function name, and a function definition
starting with “() {” in the variable value to propagate function
definitions through the environment. The vulnerability occurs because
bash does not stop after processing the function definition; it
continues to parse and execute shell commands following the function
definition. For example, an environment variable setting of
VAR=() { ignored; }; /bin/id
will execute /bin/id when the environment is imported into the bash
process. (The process is in a slightly undefined state at this point.
The PATH variable may not have been set up yet, and bash could crash
after executing /bin/id, but the damage has already happened at this
point.)
The fact that an environment variable with an arbitrary name can be
used as a carrier for a malicious function definition containing
trailing commands makes this vulnerability particularly severe; it
enables network-based exploitation.
Bash supports exporting not just shell variables, but also shell
functions to other bash instances, via the process environment to
(indirect) child processes. Current bash versions use an environment
variable named by the function name, and a function definition
starting with “() {” in the variable value to propagate function
definitions through the environment. The vulnerability occurs because
bash does not stop after processing the function definition; it
continues to parse and execute shell commands following the function
definition. For example, an environment variable setting of
VAR=() { ignored; }; /bin/id
will execute /bin/id when the environment is imported into the bash
process. (The process is in a slightly undefined state at this point.
The PATH variable may not have been set up yet, and bash could crash
after executing /bin/id, but the damage has already happened at this
point.)
The fact that an environment variable with an arbitrary name can be
used as a carrier for a malicious function definition containing
trailing commands makes this vulnerability particularly severe; it
enables network-based exploitation.
