BashBleed/ShellShock - My heart is bleeding - The Something Awful Forums

The Something Awful Forums > Discussion > Serious Hardware/Software Crap > BashBleed/ShellShock - My heart is bleeding

alo: May 1, 2005

Fat Dallas posted:

This vulnerability only affects the following version of BASH:

bash-4.2.45-5.el7_0.2
bash-4.1.2-15.el6_5.1
bash-4.1.2-15.el6_5.1.sjis.1
bash-4.1.2-9.el6_2.1
bash-4.1.2-15.el6_4.1
bash-3.2-33.el5.1
bash-3.2-33.el5_11.1.sjis.1
bash-3.2-24.el5_6.1
bash-3.2-32.el5_9.2
bash-3.0-27.el4.2

And uh... everything earlier too.

# ¿ Sep 25, 2014 18:18

Adbot: ADBOT LOVES YOU

# ¿ Apr 26, 2024 19:51

alo: May 1, 2005

ukle posted:

It also affects Busybox as well, which is where the first seen in the wild use of this exploit was found.

I don't believe this is true (I hope).

Fat Dallas posted:

Fair point... But if you're running anything earlier than v.3.0, then you have bigger problems.

Which is why this is kind of a big thing in the long term for older appliances that will never see anything newer than bash 2.95. A lot of older appliances that are connected to the Internet are just going to keep connecting to botnets until their power supplies die.

The heartbleed vulnerability was limited to a 2 year window. Almost every appliance affected was still vendor supported.

# ¿ Sep 25, 2014 19:50

alo: May 1, 2005

Debian has released a package (for stable).

https://security-tracker.debian.org/tracker/CVE-2014-7169

# ¿ Sep 25, 2014 22:42

The Something Awful Forums > Discussion > Serious Hardware/Software Crap > BashBleed/ShellShock - My heart is bleeding