Announcement

Collapse
No announcement yet.

BASH bug vulnerability?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #16
    Originally posted by TheUberOverLord View Post
    I do know that many devices even when they use OpenVPN may use other shells like Ash, as on example and not "Bash". So it's possible to have a version of OpenVPN that is not exposed to this "Bash" exploit.
    Exactly.

    How is a nonprofessional, unfamiliar with the inner workings, to determine what, if any, risk exists from any given device?

    In this case, if ASUS does not provide an official assessment of each of its products, along with clear steps to mitigate risk for those devices that have exposure, what are people who depend on those devices to do?
    Mike____________________________________________________________ __________________
    HS3 Pro Edition 3.0.0.548

    HW: Stargate | NX8e | CAV6.6 | Squeezebox | PCS | WGL 800RF, Rain8Net+ | RFXCOM | QSE100D | Vantage Pro | Green-Eye | X10: XTB-232, -IIR | Edgeport/8 | Way2Call | Ecobee3

    Comment


    • #17
      Originally posted by Uncle Michael View Post
      Exactly.

      How is a nonprofessional, unfamiliar with the inner workings, to determine what, if any, risk exists from any given device?

      In this case, if ASUS does not provide an official assessment of each of its products, along with clear steps to mitigate risk for those devices that have exposure, what are people who depend on those devices to do?
      Yes I even went to their website to look for any kind of press release, with some sort of statement.

      Some Manufacturers/Vendors are starting to do the "Right Thing" even when none of their products are exposed to this. Just by simply make a press release stating such.

      I am starting to actually start judging some of these companies suddenly by them not taking the minimal time, required to simply do that. Especially more so when you know that their product contain software that has been announced to have some exposure to this and your not exactly sure if the way that software was implemented is safe.

      Don

      Comment


      • #18
        There are now Seven not Six any longer "Bash" AKA Shellshock vulnerabilities which have been located as of 10/04/2014 4:00 PM CTD time.

        These are NEW items added to the list. To see the complete list of all items posted here. Please see the links at the bottom of this post.

        McAffee Products has fixes for Bash AKA Shellshock now:

        https://kc.mcafee.com/corporate/inde...SB10085#status

        Symantec Products has fixes for Bash AKA Shellshock now:

        http://www.symantec.com/outbreak/?id=shellshock

        Avaya Products has fixes for Bash AKA Shellshock now:

        https://support.avaya.com/helpcenter...26131554370002

        Kace Endpoint Systems Management Products has fixes for Bash AKA Shellshock now:

        http://www.kace.com/support/resource...ail?sol=133716

        Riverbed Products has fixes for Bash AKA Shellshock now:

        https://supportkb.riverbed.com/suppo...tent&id=S24997

        Untangle Products has fixes for Bash AKA Shellshock now:

        https://support.untangle.com/hc/en-u...ts-vulnerable-

        pfSense Products has fixes for Bash AKA Shellshock now:

        https://www.pfsense.org/security/adv...8.packages.asc

        Additional Bash Flaws Show Weakness of Original Shellshock Patch now:

        http://www.infosecurity-magazine.com...laws-original/

        Windows What to understand and know about Bash AKA Shellshock vulnerabilities:

        http://grandstreamdreams.blogspot.co...d-linkage.html

        Bash AKA Shellshock vulnerabiltiy determined to have been present since at least 12/08/1991. Investigation contunues on how far back it goes:

        http://www.openwall.com/lists/oss-security/2014/10/04/2

        For the complete list of located products posted here. Please go here:

        http://board.homeseer.com/showpost.p...20&postcount=9

        For more information including "Proper" testing methods. Please go to the top of this thread here:

        http://board.homeseer.com/showpost.p...99&postcount=1

        Don
        Last edited by TheUberOverLord; October 4th, 2014, 05:44 PM.

        Comment


        • #19
          Thank-you Don.
          - Pete

          Auto mator
          Homeseer 3 Pro - 3.0.0.548 (Linux) - Ubuntu 18.04/W7e 64 bit Intel Haswell CPU 16Gb- Mono 6.8X
          Homeseer Zee2 (Lite) - 3.0.0.548 (Linux) - Ubuntu 18.04/W7e - CherryTrail x5-Z8350 BeeLink 4Gb BT3 Pro - Mono 6.8X
          HS4 Pro - V4.0.9.0 - Ubuntu 18.04/W7e 64 bit Intel Kaby Lake CPU - 32Gb - Mono 6.8X
          HS4 Lite -

          X10, UPB, Zigbee, ZWave and Wifi MQTT automation. OmniPro 2, Russound zoned audio, Smartthings hub, Hubitat Hub, and Home Assistant

          Comment


          • #20
            You are very welcome.

            Added information to the list for Android, Apple and Windows which includes a derivate which can/could be worth looking into for Windows systems as well:

            http://board.homeseer.com/showpost.p...20&postcount=9

            Don

            Comment

            Working...
            X