Bash patch did not fix vulnerability CVE-2014-7169, please fix
The latest patch for Bash bug that I just installed for Mavericks took care of the CVE-2014-6172 vulnerability though from my testing CVE-2014-7169 is still vulnerable. Please fix all Bash vulnerabilities soon.
Apple is on record as saying:
The vast majority of OS X users are not at risk to recently reported bash vulnerabilities," an Apple spokesperson told iMore. "Bash, a UNIX command shell and language included in OS X, has a weakness that could allow unauthorized users to remotely gain control of vulnerable systems. With OS X, systems are safe by default and not exposed to remote exploits of bash unless users configure advanced UNIX services.
You do not appear to be running any of these advanced UNIX services, so can you tell us exactly what your concern is?
Also, my testing shows that CVE-2014-7169 is fixed by using this test:
env X='() { (a)=>\' sh -c "echo date"; cat echo; rm ./echo
Did you forget to delete the file "echo" from your home folder by any chance?
Similar Messages
-
Hi ,
Nexus 7000 evaluation for CVE-2014-6271 and CVE-2014-7169 , I am referring below link to check for NX OS - n7000-s1-dk9.5.1.3.bin
https://tools.cisco.com/bugsearch/bug/CSCur04856
5.1.3 is not mentioned in the affected list.Need help to know if 5.1 is affected with BASH Vulnerability .
Thanks for help in advance .The concern with the bash shell is that services MAY be setup to run as
users which use those shells, and therefore be able to have things
injected into those shells. Nothing on NetWare uses bash by default,
because NetWare is not anything like Linux/Unix in its use of shells.
Sure, you can load bash for fun and profit on NetWare, but unless you
explicitly request it the bash.nlm file is never used. On NetWare I do
not think it is even possible to have any normal non-Bash environment
variable somehow be exported/inherited into a bash shell, though I've
never tried.
Good luck.
If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below... -
OpenSSL vulnerability CVE-2014-0224
My customer want to know whether ASE is affected by the following OpenSSL vulnerability in http://www.openssl.org/news/secadv_20140605.txt
SSL/TLS MITM vulnerability (CVE-2014-0224),
DTLS recursion flaw (CVE-2014-0221)
DTLS invalid fragment vulnerability (CVE-2014-0195)
SSL_MODE_RELEASE_BUFFERS NULL pointer dereference (CVE-2014-0198)
SSL_MODE_RELEASE_BUFFERS session injection or denial of service (CVE-2010-5298)
Anonymous ECDH denial of service (CVE-2014-3470)
Can you help me to confirm the above question?You have clearly double posted this question in two groups.
So the first question goes back to you.
Are you Running SAP Applications on ASE, if so this is not the proper group? -
I purchased a book in advance. It is now in my library, but the word "paused" appears across the book and I cannot access. I assume the download did not complete, but I cannot seem to fix it. Does anyone know what the problem could be?
Close all open apps by double-tapping the home button, then swiping upward on the app window (not the smaller icon) off the screen.
Then reset: hold down the home button along with the power button until you see the Apple, then let go. -
I purchased an album and some of the songs did not download completely. How can I fix this?
I have the EXACT issue as Hatchs88 and the response doesn't help. I found a 3 of 4 missing songs as "song".tmp file in the music directory but I can't do anything here... The iTunes store just says purchased and it doesn't the songs show up in the purchased list either. What's funny is that I was able to download on an iPod touch but I cant get it on my PC...
-
I am being billed $6.99 by apple on iTunes but I did not make a purchase, how can I fix this?
Use the email form to contact Apple here > Apple - Support - iTunes Store - Contact Us
-
Did not want Add Credit; I want to fix expiring cr...
I accidently purchased skype credit for $10.00. I did not want that.
I wanted to fix my credit card information because my card on this account was expiring.
Somehow, I also stopped auto pay.
I am in a hurricane warning area (Mobile, Alabama) and I need SKYPE immediately to communicate with family.
Can you help with with all three of these situations?
Thanks for your prompt response.
Email address: *edited for privacy*
ChrisYou probably did kind of authorize it by not turning off auto renew .
iTunes Store: Subscribing to iTunes Match - http://support.apple.com/kb/HT4914
People responding to you here are other users like you. We no more have connection to Apple than you do.
Contact iTunes Store support staff through the report a problem links in your account history or,
iTunes Customer Service Contact - http://www.apple.com/support/itunes/contact.html > Get iTunes support via Express Lane > iTunes > iTunes Store -
Impact of CVE-2014-6271 and CVE-2014-7169 (Shellshock) on NetWare6.5 SP8
Greetings, all...
I see that Novell has a handy security note out regarding CVE-2014-6271:
http://support.novell.com/security/c...2014-6271.html
as it pertains to SUSE and SLE, as well as one for CVE-2014-7169:
http://support.novell.com/security/c...2014-7169.html
Testing in a bash shell on one of my NetWare boxes, I've been pleasantly
surprised, though remain unconvinced that the older bash port is entirely
free of vulnerability, here.
Yes, I do have a couple SSL sites running on NetWare Apache (2.2.27), though
I don't believe that anyone is using mod_cgi or mod_cgid.
(BTW, if anyone needs patched versions of bash 3.0.27 for CentOS 4.8, I have
32 and 64-bit binary rpms on my FTP server:
ftp.2rosenthals.com/pub/CentOS/4.8 .)
Just curious as to what the consensus is regarding NetWare with this thing.
TIA
Lewis
Lewis G Rosenthal, CNA, CLP, CLE, CWTS
Rosenthal & Rosenthal, LLC www.2rosenthals.com
Need a managed Wi-Fi hotspot? www.hautspot.com
visit my IT blog www.2rosenthals.net/wordpressThe concern with the bash shell is that services MAY be setup to run as
users which use those shells, and therefore be able to have things
injected into those shells. Nothing on NetWare uses bash by default,
because NetWare is not anything like Linux/Unix in its use of shells.
Sure, you can load bash for fun and profit on NetWare, but unless you
explicitly request it the bash.nlm file is never used. On NetWare I do
not think it is even possible to have any normal non-Bash environment
variable somehow be exported/inherited into a bash shell, though I've
never tried.
Good luck.
If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below... -
CVE-2014-6271 and CVE-2014-7169 / Oracle Linux
Hi ,
patches required to resolve the vulnerabilities described in CVE-2014-6271 and CVE-2014-7169 in Oracle linux 5 (x86) is "bash-3.2-33.el5_11.4.x86_64.rpm "
from where i can get this patch, its not availible on support.oracle/patches !!
Thanks,
ThamerYour Oracle Linux system should be configured to automatically install packages either from the Unbreakable Linux Network or public-yum.oracle.com. You might want to ask your Linux sysadmin for assistance if your servers aren't already configured for updates.
You can also check Chapter 1 and Chapter 2 of the Oracle Linux Administrator's Guide for more details on using ULN or public-yum: Oracle® Linux (it's for OL6 but the concepts are the same for OL5). -
ERROR: "You did not complete the entire form. Please enter your country."
When I tried to download a song tonight, I got a message that said that my billing info had changed and that I needed to verify it before I could purchase any music. On the "Edit Payment Information" page, I put in all of my info (my address was missing), and hit done. I get the error: "You did not complete the entire form. Please enter your country." Well, the country field is not editable, and but it says "United States," which is the right country. I can't get passed it, so I can't download anything. I'm running the latest version of iTunes... but I haven't purchased anything since.
The other thing that concerns me is that I didn't change any billing info, so this is a bit strange. Does anyone have any ideas of what's going on? Thanks!!Just in case this ever happens to anyone else, here is how to fix the problem (THANKS, ITUNES SUPPORT)!!
1) Sign out of the iTunes Store by choosing Sign Out from the Store menu in iTunes.
2) Visit Apple's My Info website:
http://myinfo.apple.com
3) Choose your country and preferred language. Then enter your iTunes Store account name and password and click Continue.
4) Choose Address Book from the menu on the left. On the Edit Address Book page, look at your shipping addresses at the bottom. If you have multiple shipping addresses, remove any out-of-date or duplicate addresses by clicking Delete. Also, make sure the state or province field is filled out correctly for each address. To edit an address, click Edit.
5) Now choose Phone Numbers from the menu on the left to look at your phone numbers. The area codes should be in the area code fields and the phone numbers should be in the phone number fields. If an area code is missing, or if it is in a phone number field, your account information may not save properly.
6) Make any other necessary corrections, then click the Save Changes button.
7) Click Log out in the upper-right corner.
When you make your next iTunes Store purchase, you will be asked to review your billing information. At that point, you can change your information or simply click Done. After that, you should be able to purchase items. -
I have purchased a TV show series. I show that from the purchased screen it has downloaded. However it is not in my library. How do I watch this episode? Several of the episodes are in the library but a few did not make it there. Help please!
Sometimes things have inconsistent labeling. Check your Recently Added playlist.
-
I update my I phone3Gs , but when I go back to restore it from my back up its asking me password to unlock the backup but I did not mention or add any password please adivse
If you did not enable backup encryption and it is now asking for a password, the backup is corrupt.
There is no way to remove the "password".
Restore the device as new and sync back your content. Everything should already be in iTunes. -
CSCuq79267 - UCS Apache 2.2 Vulnerability CVE-2014-0118
I too am seeing this same behavior. Nessus has found this, and 3 other, vulnerabilities with the Apache version provided by the UCS platform.
Any fixes in the works? We are currently running firmware 2.2(3c). The release notes for 2.2(3d) and 2.2(3e) do not address CVE-2014-0118.
EDIT:
2.2(3f) also does not address these vulnerabilities. Does the UCS version of Apache use the modules that are found faulty according to Nessus?
Nessus is also reporting the following CVEs related to this one: CVE-2013-6438, CVE-2014-0098, CVE-2013-5704, CVE-2014-0226, and CVE-2014-0231.Hi,
Please refer this links,
Linux GHOST vulnerability (CVE-2015-0235) is not as scary as it looks | Symantec Connect
https://rhn.redhat.com/errata/RHSA-2015-0090.html
Regards,
S27 -
Schannel and TLS 1.x padding vulnerability (CVE-2014-8730)
Hi all,
Is the implementation of TLS by Microsoft Secure Channel (Schannel) (http://msdn.microsoft.com/en-us/library/windows/desktop/aa380123%28v=vs.85%29.aspx) affected by "CVE-2014-8730 TLS 1.x padding vulnerability"?
Please see the following links for more details about this vulnerability:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8730
https://community.qualys.com/blogs/securitylabs/2014/12/08/poodle-bites-tls
Is there a confirmation from Microsoft that Schannel is not affected by this vulnerability?
Regards,
SanjayNo, Microsoft SChannell is not affected.Only F5 products are affected:
http://www.securityfocus.com/bid/71549
Vadims Podāns, aka PowerShell CryptoGuy
My weblog: en-us.sysadmins.lv
PowerShell PKI Module: pspki.codeplex.com
PowerShell Cmdlet Help Editor pscmdlethelpeditor.codeplex.com
Check out new: SSL Certificate Verifier
Check out new:
PowerShell File Checksum Integrity Verifier tool.
i know some Windows 2008 System which are affected?! Why? -
DNS vulnerability - CVE-2014-8500
Hello,
I have an mavericks server. where DNS service is active.
Have you got a patch for this security vulnerability (does not limit delegation chaining, which allows remote attackers to cause a denial of service) ?
Thanks
GillesYou can do nothing, or you can configure BIND to relay queries for external hosts to another server instead of resolving them recursively.
Maybe you are looking for
-
IPod Touch wont start up once ran out of battery
This is the second time this has happened. I was just watching videos on YouTube when the battery ran completely out. The next morning I plugged the iPod Touch 2G into my mac but nothing happened for about 5 mins. until it started to flash the apple
-
VmWare, Solaris 10, x86, Patch 120536-05, video drivers
Hello, I have Solaris 10 x86 working under VmWare 5.x with JDS. I use the Xorg VmWare video driver with a resolution of 1280x1024. Everything works fine as long I don't apply the patch 120536-05 (updated video drivers and fixes). I mean the only reas
-
Updated to 10.4 and the New Purchased feature is not working. Anyone else having this problem?
-
Nokia 5610 help!!!
Hey, i have a nokia 5610 and i have two question: 1) above the screen, there are two things, one of them is the camera , what is the other thing and what does it do? 2) behind the slider, ( the on that goes to music player and radio ) , there is a li
-
Hi everyone, I am trying to deploy the simple sample for xws-security in the JWSDP 1.4 on redhat 9.0, I have done all the configurations as suggested by the tutorial and the readme file in the sample. But when I tried to run the sample by running "as