Bash bug

linelec (OP)

Full Member

Offline

Activity: 210
Merit: 100

Bash bug

September 25, 2014, 03:44:43 PM

~$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test" vulnerable this is a test

https://twitter.com/ErrataRob/status/514834901766397953

If you see garbage posts (off-topic, trolling, spam, no point, etc.), use the "report to moderator" links. All reports are investigated, though you will rarely be contacted about your reports.

Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.

1715128508

Hero Member

Offline

Posts: 1715128508

Ignore

1715128508

1715128508


	Report to moderator

1715128508

Hero Member

Offline

Posts: 1715128508

Ignore

1715128508


	Report to moderator

kcud_dab

Legendary

Offline

Activity: 1652
Merit: 1000

Bitcoin enthusiast!

Re: Bash bug

September 25, 2014, 03:55:14 PM

Oui sympatique cette faille.. quelques exemples :

https://twitter.com/cnbrkbolat/status/514889775724363776 <-- privilege escalation via VMWare sous OS X

https://gist.github.com/anonymous/929d622f3b36b00c0be1 <-- surement un trojan / logiciel malveillant (l'idée est de le dl un fichier et de l'exécuter)

--
Rejoignez le chan IRC #bitcoin-fr @ irc.freenode.net !

linelec (OP)

Full Member

Offline

Activity: 210
Merit: 100

Re: Bash bug

September 26, 2014, 11:41:50 AM

Quote from: kcud_dab on September 25, 2014, 03:55:14 PM

Oh mon Dieu ! Attention a vos bitcoins Grin

Could the Bash bug cause an internet MELTDOWN?
Hackers scramble to exploit Shellshock flaw as experts warn your details may be at risk

http://www.dailymail.co.uk/sciencetech/article-2770512/Could-Bash-bug-cause-internet-MELTDOWN-Hackers-scramble-exploit-Shellshock-flaw-experts-warn-details-risk.html

kcud_dab

Legendary

Offline

Activity: 1652
Merit: 1000

Bitcoin enthusiast!

Re: Bash bug

September 26, 2014, 11:59:06 AM

Un autre ex d'exploit

https://www.trustedsec.com/september-2014/shellshock-dhcp-rce-proof-concept/ <-- attaque via un DHCPd sur un réseau local

--
Rejoignez le chan IRC #bitcoin-fr @ irc.freenode.net !

superresistant

Legendary

Offline

Activity: 2128
Merit: 1120

Re: Bash bug

September 26, 2014, 01:29:19 PM

http://stackoverflow.com/questions/26037618/how-to-get-a-php-variable-from-one-file-to-another-maybe-using-jquery-javascript

Tapez dans le shell :

Code:

env x='() { :;}; echo vulnerable' bash -c "echo this is a test"

Si vous voyez :

Code:

vulnerable

Corrigez la faille (Ubuntu/Mint/ElementaryOs):

Code:

sudo apt-get update

sudo apt-get install --only-upgrade bash

Pour Debian :

Code:

mkdir src
cd src
wget http://ftp.gnu.org/gnu/bash/bash-4.3.tar.gz
#download all patches
for i in $(seq -f "%03g" 0 25); do wget http://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-$i; done
tar zxvf bash-4.3.tar.gz
cd bash-4.3
#apply all patches
for i in $(seq -f "%03g" 0 25);do patch -p0 < ../bash43-$i; done #build and install
./configure && make && make install

sangoku

Hero Member

Offline

Activity: 616
Merit: 501

Re: Bash bug

December 10, 2014, 12:01:56 PM

Un lien, peu de texte explicatif, attention, ton post va se faire deleter par kcud_dab.
Son argument pour effacer les miens, c'est un seul lien et très peu de texte explicatif

DΛSH is digital cash. Transactions are obscured in the blockchain, making them private from the wallet. You can send Dash to family or friends, or pay for goods or services, anywhere in the world. DΛSH Anonymous and Untraceable. The Perfect Digital Cash And The Best Way To Protect Your Privacy https://www.dashpay.io DΛSH is 59.5 times faster with syncing and updating than Monero.
My DΛSH Address: XgF6sNzGHU58dn36WsC16no9FHct6nPeZD

superresistant

Legendary

Offline

Activity: 2128
Merit: 1120

Re: Bash bug

December 10, 2014, 12:59:00 PM

Quote from: sangoku on December 10, 2014, 12:01:56 PM

Un lien, peu de texte explicatif, attention, ton post va se faire deleter par kcud_dab.
Son argument pour effacer les miens, c'est un seul lien et très peu de texte explicatif

Pages: [1]

Bitcoin Forum > Local > Français > Hors-sujet > Bash bug

« previous topic next topic »