BitShares Forum

Main => Stakeholder Proposals => Topic started by: cryptillionaire on September 25, 2014, 06:06:40 pm

Title: Linux delegates - update bash to evade shellshock vulnerability!
Post by: cryptillionaire on September 25, 2014, 06:06:40 pm
http://arstechnica.com/security/2014/09/concern-over-bash-vulnerability-grows-as-exploit-reported-in-the-wild/
Aparantley this has a huge impact on linux/unix/osx servers with bash installed; if you've got it installed, please update it and keep ontop of this news!
Title: Re: Linux delegates - update bash to evade shellshock vulnerability!
Post by: liondani on September 25, 2014, 07:52:00 pm
updated before 1-2 days bash....
Now I realize how important it is to update in  daily base!
Title: Re: Linux delegates - update bash to evade shellshock vulnerability!
Post by: toast on September 25, 2014, 09:10:02 pm
I think there's not a patch that completely fixes it out yet
Title: Re: Linux delegates - update bash to evade shellshock vulnerability!
Post by: maqifrnswa on September 25, 2014, 09:40:19 pm
I think this does it:
http://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-025

I think most distros already pushed fixes, maybe they just haven't propagated yet
Title: Re: Linux delegates - update bash to evade shellshock vulnerability!
Post by: cube on September 26, 2014, 02:37:16 am
Quote from: cryptillionaire on September 25, 2014, 06:06:40 pm
http://arstechnica.com/security/2014/09/concern-over-bash-vulnerability-grows-as-exploit-reported-in-the-wild/
Aparantley this has a huge impact on linux/unix/osx servers with bash installed; if you've got it installed, please update it and keep ontop of this news!

Updated to patched bash.

I do not see it as much of a threat. The exploit only works if a delegate is using shared hosting or running services such as Web server which has bash escape.  I doubt any delegate would do that.
Title: Re: Linux delegates - update bash to evade shellshock vulnerability!
Post by: cryptillionaire on September 26, 2014, 08:19:34 am
Quote from: cube on September 26, 2014, 02:37:16 am
Quote from: cryptillionaire on September 25, 2014, 06:06:40 pm
http://arstechnica.com/security/2014/09/concern-over-bash-vulnerability-grows-as-exploit-reported-in-the-wild/
Aparantley this has a huge impact on linux/unix/osx servers with bash installed; if you've got it installed, please update it and keep ontop of this news!

Updated to patched bash.

I do not see it as much of a threat. The exploit only works if a delegate is using shared hosting or running services such as Web server which has bash escape.  I doubt any delegate would do that.
Shared hosting like 2 cores out of 16 on a cloud provider? Cause I see that as quite a likely scenario.
Either way, best to be safe and patch it ;D
Title: Re: Linux delegates - update bash to evade shellshock vulnerability!
Post by: CoinHoarder on September 26, 2014, 09:16:50 pm
Just in case anyone would find this useful.. it is a guide on how to tell if you are vulnerable and how to fix it.

https://www.digitalocean.com/community/tutorials/how-to-protect-your-server-against-the-shellshock-bash-vulnerability
Title: Re: Linux delegates - update bash to evade shellshock vulnerability!
Post by: coolspeed on September 28, 2014, 07:57:37 am
Fixed. Thanks for warning.
Title: Re: Linux delegates - update bash to evade shellshock vulnerability!
Post by: coolspeed on September 28, 2014, 07:59:27 am
Quote from: CoinHoarder on September 26, 2014, 09:16:50 pm
Just in case anyone would find this useful.. it is a guide on how to tell if you are vulnerable and how to fix it.

https://www.digitalocean.com/community/tutorials/how-to-protect-your-server-against-the-shellshock-bash-vulnerability

It helped me. Thank you for your link.
Title: Re: Linux delegates - update bash to evade shellshock vulnerability!
Post by: cryptillionaire on October 01, 2014, 08:45:16 pm
Excellent response guys, if anyone hasn't looked into patching this, please do.
It might not have a massive impact on bitshare dacs, but it's better safe than sorry.