Re: Bug in Bash shell creates big security hole on anything with *nix in it

To: debian-knoppix@lists.debian.org
Subject: Re: Bug in Bash shell creates big security hole on anything with *nix in it
From: "Andrew" <knoppix@rngresearch.com>
Date: Thu, 25 Sep 2014 23:02:35 -0400
Message-id: <[🔎] 3d03161a2f0552dbf412b52857388201.squirrel@webmail.dreamhost.com>
In-reply-to: <[🔎] 20140925015523.GF714@knopper.net>
References: <[🔎] 20140922173029.3F22E88631@mx1.olden.ch> <[🔎] 20140923201133.GB714@knopper.net> <[🔎] 20140923210108.B18BB8844C@mx1.olden.ch> <[🔎] 20140925014257.DC8C588315@mx1.olden.ch> <[🔎] 20140925015523.GF714@knopper.net>

Dear Klaus,

What about when you can't type "sudo", like when using boot cmdline
parameter "secure" (knoppix terminal server)?  More importantly, according
to the linked article, this can be exploited by *remote* on servers
running, for example, apache (cgi) and sshd.

Best regards,
Andrew


On Wed, September 24, 2014 21:55, Klaus Knopper wrote:
> Hello Gilles,
>
> On Wed, Sep 24, 2014 at 06:42:52PM -0700, Gilles van Ruymbeke wrote:
>> Hi Klaus,
>> You may also want to update the GNU Bourne Again Shell (Bash) to fix
>> a new vulnerability, cf the link below:
>> http : / /
>> arstechnica.com/security/2014/09/bug-in-bash-shell-creates-big-security-hole-on-anything-with-nix-in-it/
>
> Since this is a local, not remote security problem, I don't worry much
> about it (you can get root more easily by just typing "sudo"), but the
> security issues with apts signature verification are of more concern. If
> making a new release, I would like to fix as many bugs as possible, of
> course. Do you have new information about the e1000e issue?
>
> Regards
> -Klaus
>
>
> --
> To UNSUBSCRIBE, email to debian-knoppix-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listmaster@lists.debian.org
> Archive: [🔎] 20140925015523.GF714@knopper.net">https://lists.debian.org/[🔎] 20140925015523.GF714@knopper.net
>
>

Reply to:

References:
- Intel e1000e network card missing in Knoppix 7.4.1 Linux kernel
  - From: Gilles van Ruymbeke <gvr_knoppix_mailing_list_no_spam_123@ruymbeke.com>
- Re: Intel e1000e network card missing in Knoppix 7.4.1 Linux kernel
  - From: Klaus Knopper <debian-knoppix@knopper.net>
- Re: Intel e1000e network card missing in Knoppix 7.4.1 Linux kernel
  - From: Gilles van Ruymbeke <gvr_knoppix_mailing_list_no_spam_123@ruymbeke.com>
- Bug in Bash shell creates big security hole on anything with *nix in it
  - From: Gilles van Ruymbeke <gvr_knoppix_mailing_list_no_spam_123@ruymbeke.com>
- Re: Bug in Bash shell creates big security hole on anything with *nix in it
  - From: Klaus Knopper <debian-knoppix@knopper.net>

Prev by Date: Re: Discussion? (Re: Knoppix 7.4.x CD)
Next by Date: bash bug threat
Previous by thread: Re: Bug in Bash shell creates big security hole on anything with *nix in it
Next by thread: Re: Bug in Bash shell creates big security hole on anything with *nix in it
Index(es):
- Date
- Thread