• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Update your BASH

MattW

Well-known member
#3
Not out of the woods yet!

http://us3.campaign-archive2.com/?u=722bc323a024d15a407baae81&id=af55e39aa1&e=ce439208f7

Bash
Urgent Action Required
We have both been made aware of some malware being spread via this vulnerability and we have seen another variant our self on our own IDS.

Please ensure you are upgraded or have taken other measures to prevent exploitation.

Also be aware that vendors such as redhat are working on a potential patch for the incomplete patch so you may need to upgrade twice.

https://bugzilla.redhat.com/show_bug.cgi?id=1146319#c11

Evidence of active exploitation:
http://www.kernelmode.info/forum/viewtopic.php?f=16&t=3505#p23987
 

MattW

Well-known member
#6
The new one isn't as bad as the original one apparently, so they still recommend applying the initial fix, and then updating again once they fix the second one.
 

Xon

Well-known member
#16
It looks like this particular design flaw*, is one that will keep giving for a few more rounds of bugfixing.

*Bash is doing crazy stuff to unsanitized environmental variables.