• From: A not too distant future
  • Registered: 2013-03-03
  • Posts: 478

Topic: Update your Bash!

I was wondering why I got a bash update this morning. If you're running Linux or Mac OS X, I'd run an update ASAP. (The chumby devices aren't vulnerable, as far as I know, because they use busybox).
More information:
http://www.pcworld.com/article/2687857/ … ttack.html
http://www.nydailynews.com/news/nationa … -1.1952516
http://www.wired.com/2014/09/internet-b … hock-worm/
http://www.forbes.com/sites/jameslyne/2 … leed-3-0b/
http://www.theguardian.com/technology/2 … heartbleed
http://arstechnica.com/security/2014/09 … content%29

  • Registered: 2014-09-25
  • Posts: 1

Re: Update your Bash!

Shelled into my Insignia and did a bash check using this:

env x='() { :;}; echo vulnerable' bash -c 'echo Testing...'

and returned vulnerable.

My I8's are behind 2 firewalls and I keep SSH off most of the time.

So I am not that worried about it.

  • From: Oceanside, CA
  • Registered: 2008-04-17
  • Posts: 650

Re: Update your Bash!

CC has a corrupt (and unusable) bash, so you safe there.
C1 has a vulnerable bash.
I8 has a vulnerable bash, not sure on a C8, but I'd imagine it's vulnerable too if it has a working bash since this bug has been there from the start.

I'm curious if any popular routers are vulnerable.  I run a mega image of dd-wrt on my main router and it only has busybox's "ash" for a shell, so it's safe, but I'd be curious if there are others that aren't safe.

I did see a handful of requests in a few apache logs for some domains I run that were cause for me to double-check on a couple machines.  Unfortunately one is running an ARM version that is no longer supported by Ubuntu which it runs.  This may raise the priority of me updating it to run a more recent Debian version so I can receive critical security updates like this one.

I'm not running any CGI on the machine that still has a bad bash implementation (and I double checked) so I *should* be safe..?!??!

All of the rest of my machines were updated to be safe earlier today.

Linux Guy - Occasional Chumby Hacker

Materdaddy's Website

  • sweh
  • sweh
  • Blue Buddy
  • Offline
  • Registered: 2011-03-19
  • Posts: 190

Re: Update your Bash!

Materdaddy wrote:

I'm curious if any popular routers are vulnerable.  I run a mega image of dd-wrt on my main router and it only has busybox's "ash" for a shell, so it's safe, but I'd be curious if there are others that aren't safe.

root@OpenWrt:~# env x='() { :;}; echo vulnerable' bash -c 'echo Testing...'
env: bash: No such file or directory