Showing posts with label vulnerability. Show all posts
Showing posts with label vulnerability. Show all posts

Saturday, 27 September 2014

shellshock on my systems - no real worries

To determine if your Linux or Unix system is vulnerable, from a command line, type something like this:

 env x=’() { :;}; echo vulnerable’ bash -c “echo this is a test”

 If the system is vulnerable, the output will be:

 vulnerable
this is a test

 An unaffected (or patched) system will output:

 bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x’
this is a test

 or it will say that bash is not present or something else, you figure it out :)

 So what about my systems? Here's the list:

  • pfSense firewall 2.1.4-RELEASE (amd64), built on Fri Jun 20 12:59:50 EDT 2014, FreeBSD 8.3-RELEASE-p16 : not vulnerable, bash is not there by default :) check /etc/shells if you have it installed
  • FreeNAS home server FreeNAS-9.2.1.7-RELEASE-x64 (fdbe9a0), FreeBSD 9.2-RELEASE-p10 #0 r262572+4fb5adc: Wed Aug  6 17:07:16 PDT 2014 : bash present by defeult, system vulnerable, checked jails, bash not present, will wait for the fix in next version, there's good comment on this at the end of this discussion :)
  • Mac Darwin Kernel Version 13.3.0: Tue Jun  3 21:27:35 PDT 2014; root:xnu-2422.110.17~1/RELEASE_X86_64 x86_64 : vulnerable, (I think) I haven't played with enabling/opening things, so will be waiting on Apple :)
  • Hackintosh Darwin Kernel Version 13.3.0: Tue Jun  3 21:27:35 PDT 2014; root:xnu-2422.110.17~1/RELEASE_X86_64 x86_64 : vulnerable, (I know) I haven't played with enabling/opening things, so will be waiting on Apple
  • XBMC based HTPC on Ubuntu 14.04.1 LTS, Linux ___ 3.11.0-13-generic #20-Ubuntu SMP Wed Oct 23 07:38:26 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux : not vulnerable
  • I haven't hacked into my TV and I won't :)

Good luck to you all!


Posted by at 1 comment:
Labels: , , , , , , , , , , , , ,
Location: Salaspils, Salaspils pilsēta, Latvia

Thursday, 6 March 2014

cybersecurity day today for me #security #linux #truecrypt #opensource #keychain #apple #keychain2go

All of the following in one day (+night...)

 Twitter told me that Critical Linux Flaw Threatens More Systems Than You Think today.

 Updated my Linux-es tonight (Ubuntu server 13.10 and raspbian), noticed that simple update doesn't affect package in question :D Need to be persistent and upgrade package from source...

 And left my XBMC box for the other day, it also runs on Ubuntu.

 As mounting Apple's encrypted disk failed me last week plus it makes duplicate copies in my Dropbox, decided to look for alternatives. Moved to open software, namely TrueCrypt.

 Interesting and convincing. Plus, now I can view it on my mobile iOS devices too :)

 I used to store some passwords in some files... Finally it got me, too hard to manage and search. Need some password manager. For me as Apple user the obvious first choice was keychain plus Keychain2Go app to get it on iOS devices. Set up sync, nice! :) Now need to move passwords there gradually. The question remains, what about being dependent on Apple? Noticed 2 nice things about it: keychain is in Apple's opensource domain actually (!) and there are tools for export available. So, some day there will be integration. 

Posted by at No comments:
Labels: , , , , , , , , , , , , , , , , , , ,
Location: Salaspils, Salaspils pilsēta, Latvia
Subscribe to: Posts (Atom)