PDA

View Full Version : Linux Servers at risk



wainuitech
26-09-2014, 11:51 PM
Looks like admins world wide could be busy, depending how they are setup -- http://www.itnews.com.au/News/396197,first-shellshock-botnet-attacks-akamai-us-dod-networks.aspx-- Guess it makes a change from Windows Based computers/ Servers.

fred_fish
27-09-2014, 11:19 AM
Yeah, the difference being that it was fixed as soon as it was found and the patches uploaded to the repo's already.
All my servers were fixed in the morning update yesterday (thanks Debian security team! :D )
Actually first fix was Thursday, but a further vuln required a second patch.

jcr1
28-09-2014, 10:56 AM
I used this;
env x='() { :;}; echo vulnerable' bash -c 'echo hello'

picked it up from here;
http://www.theguardian.com/technology/2014/sep/25/bug-bash-software-could-be-bigger-threat-heartbleed

and it indicated that a couple of my servers were vulnerable (Debian7). Apt-get update upgrade seemed to fix it. So here's hoping?

My deb6 server was funny, as the line of code indicated it was fine, and I wonder whether that was due to me using this tutorial? A few months ago and consequently fixing it when I updated.
http://www.howtoforge.com/how-to-get-lts-updates-for-debian-6-squeeze

inphinity
28-09-2014, 09:52 PM
Yeah, the difference being that it was fixed as soon as it was found and the patches uploaded to the repo's already.

Except there was about a two week gap between it being found, and it being widely announced & patched. And as you've pointed out, the first patch didn't even fix it properly ;)

fred_fish
28-09-2014, 10:57 PM
@jcr1 Yes, the squeeze-lts is covered too.

Except there was about a two week gap between it being found, and it being widely announced & patched. And as you've pointed out, the first patch didn't even fix it properly ;)
Indeed.
Showing quite a few scans in the server logs.
Seems unpatched Cpanel implementations are prime targets.