verdant Posted September 27, 2014 Share Posted September 27, 2014 Just to alert everyone running OS X to Cameron Kaiser's (of TenFourFox fame) universal (PPC/Intel OS X 10.4 thru to 10.9) new bash patch compiled from the newly patched source code, that is easy and quick to apply! 4 Link to comment Share on other sites More sharing options...
atlee Posted September 27, 2014 Share Posted September 27, 2014 Hi Verdant, You are only vunerable if someone already has access to your system. Without the attackers public key being stored under authorized_keys they have no way in. Yes it's a bad exploit but this exploit cannot be taken any further without any sort of access to begin with within a system. I have tested the exploit remotely on a system with an old version of bash and the simple vunerability test makes it no further. atlee Link to comment Share on other sites More sharing options...
verdant Posted September 27, 2014 Author Share Posted September 27, 2014 Hi Atlee, Even if attackers have no current access to a person's OS X system, given that Cameron Kaiser's bash patch fixes the two reported bash vulnerabilities in a quick and easy way, it does not make sense (at least to me) to continue using a vulnerable bash version when one can readily update bash to a non-vulnerable version, giving more peace of mind....but each OS X user has to make their own choice of how to react to the bash vulnerabilities reported. Link to comment Share on other sites More sharing options...
atlee Posted September 27, 2014 Share Posted September 27, 2014 Hi Atlee, Even if attackers have no current access to a person's OS X system, given that Cameron Kaiser's bash patch fixes the two reported bash vulnerabilities in a quick and easy way, it does not make sense (at least to me) to continue using a vulnerable bash version when one can readily update bash to a non-vulnerable version, giving more peace of mind....but each OS X user has to make their own choice of how to react to the bash vulnerabilities reported. I should of really stated media is over-hyping a problem to make it seem more worse then it is. e.g. bigger then heart bleed omg :/ meltdown but at the end of the day fixing security holes is better then leaving yourself open. Link to comment Share on other sites More sharing options...
verdant Posted September 29, 2014 Author Share Posted September 29, 2014 Cameron Kaiser has posted a revised BASH version 4.3.27 to fix a 3rd vulnerability that has come to light.......just overlay it over your old copy of 4.3.26........ Link to comment Share on other sites More sharing options...
Allan Posted September 30, 2014 Share Posted September 30, 2014 Nice, thanks verdant! Link to comment Share on other sites More sharing options...
verdant Posted October 1, 2014 Author Share Posted October 1, 2014 Cameron Kaiser has posted a BASH version 4.3.28 patch to fix all five currently known internal vulnerabilities.......just overlay it over your old copy of 4.3.2x........ Link to comment Share on other sites More sharing options...
blacksheep Posted October 10, 2014 Share Posted October 10, 2014 Perhaps it's worth to mention that Cameron Kaiser updated the bash fix to 4.3.30 version. It's the same link as before. Link to comment Share on other sites More sharing options...
Recommended Posts