shell shock
Shlomo Solomon
shlomo.solomon at gmail.com
Sun Sep 28 15:49:04 IDT 2014
I'm not an expert, but as I understand it,
https://shellshock.detectify.com can only check if your box is exposed
to the internet. So if you have an un-patched bash but you are, for
example, protected by a firewall, your un-patched bash wouldn't be
detected.
The site mentioned in the earlier post -
http://www.engadget.com/2014/09/25/what-is-the-shellshock/ is probably
better, because it checks the actual bash vulnerability.
But that's still not the entire story. Here's a link to another article
discussing patches that solve only part of the problem and explains
how to check if you have the latest patch:
http://www.zdnet.com/shellshock-better-bash-patches-now-available-7000034115/
On Sat, 27 Sep 2014 16:49:47 +0300
Erez D <erez0001 at gmail.com> wrote:
> On Sat, Sep 27, 2014 at 4:37 PM, Dolev Farhi <dolevf at yahoo.com> wrote:
>
> > Yes its all over the place.
> >
> that is why I was suprised it was not mentioned in linux-il ;-)
>
> >
> >
> > For people with web sites, you can use the following online
> > shellshock tester website to check if you are vulnerable in the
> > following url:
> >
> > https://shellshock.detectify.com
> >
> >
> >
> > ------ Original message------
> >
> > *From: *Erez D
> >
> > *Date: *Sat, Sep 27, 2014 16:25
> >
> > *To: *linux-il;
> >
> > *Subject:*shell shock
> >
> >
> > just read about the "new linux bug" in ynet
> > found out it is a bash exploit
> >
> > just fyi,
> >
> > see http://www.engadget.com/2014/09/25/what-is-the-shellshock/
> >
> >
--
Shlomo Solomon
http://the-solomons.net
Sent by Claws Mail 3.9.0 - KDE 4.10.5 - LINUX Mageia 3
More information about the Linux-il
mailing list