Skip to first unread message
Mark Young
Sep 26, 2014, 9:39:09 AM9/26/14
to beagl...@googlegroups.com
The bash flaw is there, does anyone have information on a fix yet?
Robert Nelson
Sep 26, 2014, 9:42:41 AM9/26/14
to Beagle Board
On Fri, Sep 26, 2014 at 8:39 AM, Mark Young <mymou...@gmail.com> wrote:
> The bash flaw is there, does anyone have information on a fix yet?
>
> http://securitywatch.pcmag.com/internet/327769-serious-bash-flaw-lets-attackers-hijack-linux-and-mac-computers
>
It should come down the security repo:
> The bash flaw is there, does anyone have information on a fix yet?
>
> http://securitywatch.pcmag.com/internet/327769-serious-bash-flaw-lets-attackers-hijack-linux-and-mac-computers
>
sudo apt-get update
sudo apt-get upgrade
see:
https://packages.qa.debian.org/b/bash.html
Regards,
--
Robert Nelson
http://www.rcn-ee.com/
c...@isbd.net
Sep 27, 2014, 5:48:41 AM9/27/14
to beagl...@googlegroups.com
Mark Young <mymou...@gmail.com> wrote:
> [-- text/plain, encoding 7bit, charset: UTF-8, 13 lines --]
However the vulnerability is only a risk to a BBB which has some sort
of access open to the internet. If your BBB is on a LAN behind a NAT
router and you don't have any ports open and redirected to the BBB
then your BBB isn't at risk even if not patched yet.
--
Chris Green
·
> [-- text/plain, encoding 7bit, charset: UTF-8, 13 lines --]
>
> The bash flaw is there, does anyone have information on a fix yet?
>
> http://securitywatch.pcmag.com/internet/327769-serious-bash-flaw-lets-attackers-hijack-linux-and-mac-computers
>
As already noted the fix is already in the repositories.
> The bash flaw is there, does anyone have information on a fix yet?
>
> http://securitywatch.pcmag.com/internet/327769-serious-bash-flaw-lets-attackers-hijack-linux-and-mac-computers
>
However the vulnerability is only a risk to a BBB which has some sort
of access open to the internet. If your BBB is on a LAN behind a NAT
router and you don't have any ports open and redirected to the BBB
then your BBB isn't at risk even if not patched yet.
--
Chris Green
·
Nuno Sucena Almeida
Sep 27, 2014, 8:48:03 AM9/27/14
to beagl...@googlegroups.com
On 09/27/2014 05:35 AM, c...@isbd.net wrote:
> If your BBB is on a LAN behind a NAT
> router and you don't have any ports open and redirected to the BBB
> then your BBB isn't at risk even if not patched yet.
Unless the router dhcp daemon gets compromised:
> If your BBB is on a LAN behind a NAT
> router and you don't have any ports open and redirected to the BBB
> then your BBB isn't at risk even if not patched yet.
https://www.trustedsec.com/september-2014/shellshock-dhcp-rce-proof-concept/
--
c...@isbd.net
Sep 27, 2014, 10:34:04 AM9/27/14
to beagl...@googlegroups.com
DHCP going to talk to the outside?
--
Chris Green
·
Mark
Sep 27, 2014, 10:59:10 AM9/27/14
to beagl...@googlegroups.com
My company has it setup.
Mark
·
--
For more options, visit http://beagleboard.org/discuss
---
You received this message because you are subscribed to a topic in the Google Groups "BeagleBoard" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/beagleboard/qty38kNQhL8/unsubscribe.
To unsubscribe from this group and all its topics, send an email to beagleboard...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Mr Mark F. Young
"We cannot solve our problems with the same
thinking we used when we created them"
-Einstein
– Winston Churchill
William Hermans
Sep 27, 2014, 11:28:08 AM9/27/14
to beagl...@googlegroups.com
apt-get update && apt-get upgrade problem solved.
You received this message because you are subscribed to the Google Groups "BeagleBoard" group.
To unsubscribe from this group and stop receiving emails from it, send an email to beagleboard...@googlegroups.com.
Jesse Cobra
Sep 27, 2014, 12:26:45 PM9/27/14
to beagl...@googlegroups.com
Doesn't BeagleBoard use busybox bash which doesn't even have the flaw?
On Sat, Sep 27, 2014 at 7:59 AM, Mark <mymou...@gmail.com> wrote:
You received this message because you are subscribed to the Google Groups "BeagleBoard" group.
To unsubscribe from this group and stop receiving emails from it, send an email to beagleboard...@googlegroups.com.
Robert Nelson
Sep 27, 2014, 2:17:35 PM9/27/14
to Beagle Board
On Sep 27, 2014 11:26 AM, "Jesse Cobra" <jesse...@gmail.com> wrote:
>
> Doesn't BeagleBoard use busybox bash which doesn't even have the flaw?
Starting with the BBB rev c, the factory image is based on Debian. This we use real bash...
William Hermans
Sep 27, 2014, 9:20:10 PM9/27/14
to beagl...@googlegroups.com
Not to step on Roberts toes or anything but technically Debian comes with with dash configured. Whether or not there is something done after the fact I do not know. As I have pretty much been using my own custom rootfs based on Roberts build instructions since last year. Also I am not sue if what effects bash effects dash too but . . .
However all it takes is one command dpkg-reconfigure dash -> select no and all bets are off.--
Robert Nelson
Sep 27, 2014, 9:32:58 PM9/27/14
to Beagle Board
On Sat, Sep 27, 2014 at 8:20 PM, William Hermans <yyr...@gmail.com> wrote:
> Not to step on Roberts toes or anything but technically Debian comes with
> with dash configured. Whether or not there is something done after the fact
> I do not know. As I have pretty much been using my own custom rootfs based
> on Roberts build instructions since last year. Also I am not sue if what
> effects bash effects dash too but . . .
>
> However all it takes is one command dpkg-reconfigure dash -> select no and
> all bets are off.
In debian, bash is still considered "essential" therefor it's always
> Not to step on Roberts toes or anything but technically Debian comes with
> with dash configured. Whether or not there is something done after the fact
> I do not know. As I have pretty much been using my own custom rootfs based
> on Roberts build instructions since last year. Also I am not sue if what
> effects bash effects dash too but . . .
>
> However all it takes is one command dpkg-reconfigure dash -> select no and
> all bets are off.
installed. By default "dash" takes over /bin/sh
There's a todo here:
https://wiki.debian.org/Proposals/RemoveBashFromEssential
Reply all
Reply to author
Forward
0 new messages