ShellShock

Post Reply
User avatar
BeJay
Maker
Posts: 139
Joined: Mon Jun 23, 2014 6:31 pm
Location: Perth
Contact:

ShellShock

Post by BeJay » Thu Sep 25, 2014 8:45 pm

Well it would seem that my pi that hasn't been updated for ages it not susceptible to "ShellShock" vun:

Code: Select all

pi@backyardpiradio ~ $ uptime
 20:43:36 up 375 days,  2:03,  1 user,  load average: 0.41, 0.26, 0.24
pi@backyardpiradio ~ $ env X="() { :;} ; echo busted" /bin/sh -c "echo stuff"
stuff
pi@backyardpiradio ~ $


but the missus is in trouble with her MAC ;)

Image

Now is a good time for those out there in maker land to update your stuff ;)

Check out TroyHunt's post: http://www.troyhunt.com/2014/09/everything-you-need-to-know-about.html#.VCPgs8alqtM.twitter

Cheers

Bj

User avatar
Jubbp
Master Maker
Posts: 209
Joined: Sun Jun 22, 2014 8:15 pm
Location: Bunbury WA
Contact:

Re: ShellShock

Post by Jubbp » Mon Oct 27, 2014 5:26 pm

Hey BJ,

Have you tested this after the recent updates?

I'll have to give this a go when home later

PJ

User avatar
BeJay
Maker
Posts: 139
Joined: Mon Jun 23, 2014 6:31 pm
Location: Perth
Contact:

Re: ShellShock

Post by BeJay » Tue Oct 28, 2014 5:54 pm

Yes it was patched in the latest Mavericks release, and of course the "all new" Yosemite.

A quirky little bug that took a long time to patch. It really only affects web servers, but CUPS runs on port 631 on a MAC so was natively available as a web interface which was exploited early IIRC.. Anyway the coast seems to be clear until someone finds something else!

parkview
Guru Maker
Posts: 603
Joined: Tue Jun 24, 2014 8:25 pm
Location: Busselton
Contact:

Re: ShellShock

Post by parkview » Tue Oct 28, 2014 9:06 pm

coast is clear? Now we have to patch the Poodle!

I love these names they give to them.

Post Reply