- Joined
- Oct 24, 2004
- Messages
- 1,294 (0.18/day)
source : arstechnica
Update your repositories and you should see an updated bash release available. I did it for my debian boxes and raspberry pi, everything is ok now.
-
Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.
BASH users : read this
- Thread starter blobster21
- Start date
source : arstechnica
Update your repositories and you should see an updated bash release available. I did it for my debian boxes and raspberry pi, everything is ok now.
- Joined
- Apr 8, 2012
- Messages
- 270 (0.06/day)
- Location
- Canada
| System Name | custom |
|---|---|
| Processor | intel i7 9700 |
| Motherboard | asrock taichi z370 |
| Cooling | EK-AIO 360 D-RGB |
| Memory | 24G Kingston HyperX Fury 2666mhz |
| Video Card(s) | GTX 2080 Ti FE |
| Storage | SSD 960GB crucial + 2 Crucial 500go SSD + 2TO crucial M2 |
| Display(s) | BENQ XL2420T |
| Case | Lian-li o11 dynamic der8auer Edition |
| Audio Device(s) | Asus Xonar Essence STX |
| Power Supply | corsair ax1200i |
| Mouse | MX518 legendary edition |
| Keyboard | gigabyte Aivia Osmium |
| VR HMD | PSVR2 |
| Software | windows 11 |
here is another news and some detail about bash
http://www.theverge.com/2014/9/25/6843669/bash-shellshock-network-worm-could-cause-internet-meltdown
http://www.theverge.com/2014/9/25/6843669/bash-shellshock-network-worm-could-cause-internet-meltdown
- Joined
- Feb 18, 2006
- Messages
- 5,147 (0.78/day)
- Location
- AZ
| System Name | Thought I'd be done with this by now |
|---|---|
| Processor | i7 11700k 8/16 |
| Motherboard | MSI Z590 Pro Wifi |
| Cooling | Be Quiet Dark Rock Pro 4, 9x aigo AR12 |
| Memory | 32GB GSkill TridentZ Neo DDR4-4000 CL18-22-22-42 |
| Video Card(s) | MSI Ventus 2x Geforce RTX 3070 |
| Storage | 1TB MX300 M.2 OS + Games, + cloud mostly |
| Display(s) | Samsung 40" 4k (TV) |
| Case | Lian Li PC-011 Dynamic EVO Black |
| Audio Device(s) | onboard HD -> Yamaha 5.1 |
| Power Supply | EVGA 850 GQ |
| Mouse | Logitech wireless |
| Keyboard | same |
| VR HMD | nah |
| Software | Windows 10 |
| Benchmark Scores | no one cares anymore lols |
got ours updated today. Love the fact that this exploit has basically existed for 25 years...
- Joined
- Nov 18, 2010
- Messages
- 7,125 (1.45/day)
- Location
- Rīga, Latvia
| System Name | HELLSTAR |
|---|---|
| Processor | AMD RYZEN 9 5950X |
| Motherboard | ASUS Strix X570-E |
| Cooling | 2x 360 + 280 rads. 3x Gentle Typhoons, 3x Phanteks T30, 2x TT T140 . EK-Quantum Momentum Monoblock. |
| Memory | 4x8GB G.SKILL Trident Z RGB F4-4133C19D-16GTZR 14-16-12-30-44 |
| Video Card(s) | Sapphire Pulse RX 7900XTX + under waterblock. |
| Storage | Optane 900P[W11] + WD BLACK SN850X 4TB + 750 EVO 500GB + 1TB 980PRO[FEDORA] |
| Display(s) | Philips PHL BDM3270 + Acer XV242Y |
| Case | Lian Li O11 Dynamic EVO |
| Audio Device(s) | Sound Blaster ZxR |
| Power Supply | Fractal Design Newton R3 1000W |
| Mouse | Razer Basilisk |
| Keyboard | Razer BlackWidow V3 - Yellow Switch |
| Software | FEDORA 39 / Windows 11 insider |
Serious issue... 
- Joined
- Oct 24, 2004
- Messages
- 1,294 (0.18/day)
Update: It's still unclear to me if you're safe once you have upgraded your version to 4.2+dfsg-0.1+deb7u1 commited yesterday....
In fact, an updated version has been re-rolled :
Unless you have either 4.1-3+deb6u2, 4.2+dfsg-0.1+deb7u3 or 4.3-9.1, you're potentially still exposed.
And just to make things clear : the vulnerability has the potential to create a privilege escalation on your system (severity level of 10, only with a much more difficult exploitability level of 10)
Sources : security tracker @ debian.org & MEPIS
In fact, an updated version has been re-rolled :
Unless you have either 4.1-3+deb6u2, 4.2+dfsg-0.1+deb7u3 or 4.3-9.1, you're potentially still exposed.
And just to make things clear : the vulnerability has the potential to create a privilege escalation on your system (severity level of 10, only with a much more difficult exploitability level of 10)
Sources : security tracker @ debian.org & MEPIS
Last edited:
johnspack
Here For Good!
- Joined
- Oct 6, 2007
- Messages
- 5,983 (0.99/day)
- Location
- Nelson B.C. Canada
| System Name | System2 Blacknet , System1 Blacknet2 |
|---|---|
| Processor | System2 Threadripper 1920x, System1 2699 v3 |
| Motherboard | System2 Asrock Fatality x399 Professional Gaming, System1 Asus X99-A |
| Cooling | System2 Noctua NH-U14 TR4-SP3 Dual 140mm fans, System1 AIO |
| Memory | System2 64GBS DDR4 3000, System1 32gbs DDR4 2400 |
| Video Card(s) | System2 GTX 980Ti System1 GTX 970 |
| Storage | System2 4x SSDs + NVme= 2.250TB 2xStorage Drives=8TB System1 3x SSDs=2TB |
| Display(s) | 2x 24" 1080 displays |
| Case | System2 Some Nzxt case with soundproofing... |
| Audio Device(s) | Asus Xonar U7 MKII |
| Power Supply | System2 EVGA 750 Watt, System1 XFX XTR 750 Watt |
| Mouse | Logitech G900 Chaos Spectrum |
| Keyboard | Ducky |
| Software | Manjaro, Windows 10, Kubuntu 23.10 |
| Benchmark Scores | It's linux baby! |
Could this affect BusyBox users under Android?
- Joined
- Oct 24, 2004
- Messages
- 1,294 (0.18/day)
Fortunately NO.
BusyBox uses the Almquist Shell (aka ash) as default system shell, which is not subject to this vulnerability.
Last edited:
Aquinus
Resident Wat-man
- Joined
- Jan 28, 2012
- Messages
- 13,147 (2.94/day)
- Location
- Concord, NH, USA
| System Name | Apollo |
|---|---|
| Processor | Intel Core i9 9880H |
| Motherboard | Some proprietary Apple thing. |
| Memory | 64GB DDR4-2667 |
| Video Card(s) | AMD Radeon Pro 5600M, 8GB HBM2 |
| Storage | 1TB Apple NVMe, 4TB External |
| Display(s) | Laptop @ 3072x1920 + 2x LG 5k Ultrafine TB3 displays |
| Case | MacBook Pro (16", 2019) |
| Audio Device(s) | AirPods Pro, Sennheiser HD 380s w/ FIIO Alpen 2, or Logitech 2.1 Speakers |
| Power Supply | 96w Power Adapter |
| Mouse | Logitech MX Master 3 |
| Keyboard | Logitech G915, GL Clicky |
| Software | MacOS 12.1 |
Thanks, but I had this patched two days ago. 
There was a discussion in linux security mailing list about this before it went "public". By the time anyone really knew about it, the patch had already been made for BASH and at least Debian had pushed it out already. If you've updated Debian in the last 36 hours, you probably have the patch.
While this is a vulnerability, it's not one if you have a server setup with half-decent security settings because you would need to actually be able to get into bash to do anything in the first place and that first leap in a secure system is hard. Much like heartbleed, most cases this isn't going to be an issue and it certainly isn't now as a patch is already floating around.
There was a discussion in linux security mailing list about this before it went "public". By the time anyone really knew about it, the patch had already been made for BASH and at least Debian had pushed it out already. If you've updated Debian in the last 36 hours, you probably have the patch.
While this is a vulnerability, it's not one if you have a server setup with half-decent security settings because you would need to actually be able to get into bash to do anything in the first place and that first leap in a secure system is hard. Much like heartbleed, most cases this isn't going to be an issue and it certainly isn't now as a patch is already floating around.
Frick
Fishfaced Nincompoop
- Joined
- Feb 27, 2006
- Messages
- 18,930 (2.85/day)
- Location
- Piteå
| System Name | Black MC in Tokyo |
|---|---|
| Processor | Ryzen 5 5600 |
| Motherboard | Asrock B450M-HDV |
| Cooling | Be Quiet! Pure Rock 2 |
| Memory | 2 x 16GB Kingston Fury 3400mhz |
| Video Card(s) | XFX 6950XT Speedster MERC 319 |
| Storage | Kingston A400 240GB | WD Black SN750 2TB |WD Blue 1TB x 2 | Toshiba P300 2TB | Seagate Expansion 8TB |
| Display(s) | Samsung U32J590U 4K + BenQ GL2450HT 1080p |
| Case | Fractal Design Define R4 |
| Audio Device(s) | Line6 UX1 + some headphones, Nektar SE61 keyboard |
| Power Supply | Corsair RM850x v3 |
| Mouse | Logitech G602 |
| Keyboard | Cherry MX Board 1.0 TKL Brown |
| VR HMD | Acer Mixed Reality Headset |
| Software | Windows 10 Pro |
| Benchmark Scores | Rimworld 4K ready! |
http://threatpost.com/bash-exploit-reported-first-round-of-patches-incomplete/108550
http://threatpost.com/patching-bash-vulnerability-a-challenge-for-ics-scada
Those industrial systems are always trouble.