https://www.cert.gov.uk/resources/alert ... hellshock/
I've just upgraded a 14.04 Ubuntu base to the latest and tried the vulnerability test :
Code: Select all
env x='() { :;}; echo vulnerable’ bash -c “echo this is a test”
Of the distros used on the Joggler, I am not certain which need to be patched. Perhaps, more knowledgeable people here can comment. However, as a start, I think that the following will be vulnerable :joggler@joggler:~$ env x='() { :;}; echo vuln' bash -c "echo this is a test"
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a test
joggler@joggler:~$
Ubuntu bases
Ubuntu
Xubuntu
I wonder of the OpenPeak OS (OS the Joggler comes with) is vulnerable ? Maybe with it being old, the vulnerability does not exist, in it.
Need to understand a bit more about it first, I think. I beleive it came about as a fault in an earlier patch, so in that case, it may only affect systems that have been updated recently. But I may be wrong. More concerned here that my Joggler's don't get pwned by some worm, that is being created right now... (Not me, I wish to add)