LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 10-02-2014, 01:19 PM   #1
seyiisq
LQ Newbie
 
Registered: Sep 2013
Posts: 13

Rep: Reputation: Disabled
Shell Shock on Bash


Hello All,

Due to the latest news regarding on Bash vulnerability. I will like to seek advise on the latest patch update for my Bash.

After running the simple vulnerability test, i realise that my system is vulnerable

I have currently upgraded from "bash-3.0-19.2.src.rpm" to "bash-3.0-19.7.src.rpm" but did not solve the problem.

My OS version is "Red Hat Enterprise Linux AS release 4 (Nahant Update 1)"

Please, can someone assist
 
Old 10-02-2014, 01:39 PM   #2
Habitual
LQ Addict
 
Registered: Jan 2011
Posts: 8,258
Blog Entries: 11

Rep: Reputation: 2290Reputation: 2290Reputation: 2290Reputation: 2290Reputation: 2290Reputation: 2290Reputation: 2290Reputation: 2290Reputation: 2290Reputation: 2290Reputation: 2290
open a new terminal and type:
Code:
env x='() { :;}; echo vulnerable'  bash -c "echo not vulnerable"
 
Old 10-02-2014, 01:53 PM   #3
szboardstretcher
Senior Member
 
Registered: Aug 2006
Location: Detroit, MI
Distribution: GNU/Linux systemd
Posts: 4,185

Rep: Reputation: 1587Reputation: 1587Reputation: 1587Reputation: 1587Reputation: 1587Reputation: 1587Reputation: 1587Reputation: 1587Reputation: 1587Reputation: 1587Reputation: 1587
In that form, you would see:

Quote:
vulnerable
not vulnerable
If you ARE vulnerable.

But that only tests one part of it. The more complete test ATM is:
Code:
env 'x=() { :;}; echo vulnerable' 'BASH_FUNC_x()=() { :;}; echo vulnerable' bash -c "echo test"
I think. It's hard to keep track. :/

Last edited by szboardstretcher; 10-02-2014 at 01:58 PM.
 
Old 10-02-2014, 02:36 PM   #4
onebuck
Moderator
 
Registered: Jan 2005
Location: Midwest USA, Central Illinois
Distribution: Slackware®
Posts: 12,716
Blog Entries: 27

Rep: Reputation: 2058Reputation: 2058Reputation: 2058Reputation: 2058Reputation: 2058Reputation: 2058Reputation: 2058Reputation: 2058Reputation: 2058Reputation: 2058Reputation: 2058
Member Response

Hi,
Quote:
Originally Posted by seyiisq View Post
Hello All,

Due to the latest news regarding on Bash vulnerability. I will like to seek advise on the latest patch update for my Bash.

After running the simple vulnerability test, i realise that my system is vulnerable

I have currently upgraded from "bash-3.0-19.2.src.rpm" to "bash-3.0-19.7.src.rpm" but did not solve the problem.

My OS version is "Red Hat Enterprise Linux AS release 4 (Nahant Update 1)"

Please, can someone assist
Since you are using RedHatEl then you should present these queries to RedHad.. In the Slackware forum a on going thread may help you to see how they are tracking & patching; https://www.linuxquestions.org/quest...-a-4175489800/ on and around posts #216 & #225 should help you and not having to read the whole thread.

You may request that your thread be moved to RedHat forum by pressing the report button on your initial post then request politely a move.

Hope this helps.
Have fun & enjoy!
 
Old 10-02-2014, 05:58 PM   #5
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,353
Blog Entries: 55

Rep: Reputation: 3541Reputation: 3541Reputation: 3541Reputation: 3541Reputation: 3541Reputation: 3541Reputation: 3541Reputation: 3541Reputation: 3541Reputation: 3541Reputation: 3541
Quote:
Originally Posted by seyiisq View Post
Due to the latest news regarding on Bash vulnerability. I will like to seek advise on the latest patch update for my Bash.
Do you realize you're way late??!!@#3@ This has been going on for over a week now.


Quote:
Originally Posted by seyiisq View Post
After running the simple vulnerability test, i realise that my system is vulnerable I have currently upgraded from "bash-3.0-19.2.src.rpm" to "bash-3.0-19.7.src.rpm" but did not solve the problem. My OS version is "Red Hat Enterprise Linux AS release 4 (Nahant Update 1)"
See https://access.redhat.com/articles/1200223 because:
- there's 6 CVE numbers attached right now,
- 6 tests described on the page,
- all affected RHEL products and their fixed Bash versions.

*BTW you don't install .src.rpm's to fix vulnerabilities: those are for compiling packages. (Which you shouldn't do.) Please either get the knowledge stat or let somebody responsible and knowledgeable maintain those systems and in a timely fashion!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
BASH Anti shell-shock wrapper. GazL Slackware 5 10-06-2014 05:19 PM
Shell Shock- Security Threat abhijeetdutta Linux - Newbie 1 09-25-2014 01:47 PM
LXer: Ubuntu 11.10 without Unity shell shock LXer Syndicated Linux News 0 12-07-2011 02:50 AM
shell shock wogga Linux - Software 3 05-25-2004 04:55 PM


All times are GMT -5. The time now is 02:57 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration