briankelly63
Guru
- Joined
- Nov 14, 2008
- Messages
- 1,398
- Reaction score
- 320
Patch worked on an old 1.4 install..
FYI: The current bash patch is incomplete, and is still not 100% effective.
As per: http://seclists.org/oss-sec/2014/q3/695
More information here: http://www.troyhunt.com/2014/09/everything-you-need-to-know-about.html
Keep an eye on your boxes, and keep looking for an updated patch here (Red Hat): https://access.redhat.com/solutions/1207723
I have a friend that's a high end security consultant and he's super nervous about this right now, even with the patch in place.
there is another patch out today
cd /root
wget http://incrediblepbx.com/bash-fix2.tar.gz
tar zxvf bash-fix2.tar.gz
rm -f bash-fix2.tar.gz
./bash-fix2
cd /bin
cp bash bash.old
cd /root
wget http://incrediblepbx.com/bash-bbb.tar.gz
tar zxvf bash-bbb.tar.gz
rm bash-bbb.tar.gz
cp -f bash /bin/bash
deb http://old-releases.ubuntu.com/ubuntu/ raring main universe multiverse
deb-src http://old-releases.ubuntu.com/ubuntu/ raring main universe multiverse
deb http://old-releases.ubuntu.com/ubuntu/ raring-updates main universe multiverse
deb-src http://old-releases.ubuntu.com/ubuntu/ raring-updates main universe multiverse
steven is correct. BeagleBone Black build of RasPBX (not our product) is using an older version of Ubuntu which is no longer supported. I've compiled all available BASH fixes into a new version of BASH, but the SegFault test still flunks. 4 out of 5 tests pass with this update. We'll keep checking.
Code:cd /bin cp bash bash.old cd /root wget http://incrediblepbx.com/bash-bbb.tar.gz tar zxvf bash-bbb.tar.gz rm bash-bbb.tar.gz cp -f bash /bin/bash
Special thanks to Steve Jenkins for documenting the compile process and also providing the 5 BASH tests for all known vulnerabilities.
In light of Ubuntu's move of these repos, you probably should also update /etc/apt/sources.list and then apt-get update:
Code:deb http://old-releases.ubuntu.com/ubuntu/ raring main universe multiverse deb-src http://old-releases.ubuntu.com/ubuntu/ raring main universe multiverse deb http://old-releases.ubuntu.com/ubuntu/ raring-updates main universe multiverse deb-src http://old-releases.ubuntu.com/ubuntu/ raring-updates main universe multiverse
steven is correct. BeagleBone Black build of RasPBX (not our product) is using an older version of Ubuntu which is no longer supported. I've compiled all available BASH fixes into a new version of BASH, but the SegFault test still flunks. 4 out of 5 tests pass with this update. We'll keep checking.
Code:cd /bin cp bash bash.old cd /root wget http://incrediblepbx.com/bash-bbb.tar.gz tar zxvf bash-bbb.tar.gz rm bash-bbb.tar.gz cp -f bash /bin/bash
Special thanks to Steve Jenkins for documenting the compile process and also providing the 5 BASH tests for all known vulnerabilities.
Link up your team and customers Phone System Live Chat Video Conferencing
Hosted or Self-managed. Up to 10 users free forever. No credit card. Try risk free.
Check your inbox!
We’ve sent you an email. Click on the button in the email body to verify your email address – (if you can not find it, check your spam folder).
Upon verification you will be directed to the 3CX setup wizard.