RIPE Atlas vs. bash/shellshock vulnerability
Dear RIPE Atlas users, The RIPE NCC made a public announcement earlier about this issue (see https://www.ripe.net/internet-coordination/news/announcements/ripe-ncc-secur...). Still, since we have received some questions in email and Twitter about RIPE Atlas vs. this vulnerability so we'd like to respond to these with some more detail. The RIPE Atlas v1-v2-v3 probes are/were not affected by this issue at all since they don't run bash (or even have it installed) and also not providing any accessible services. The anchors have bash installed, but it is not used for any of the services provided. Besides, these servers have been patched right away. The infrastructure components (ie. controllers) were affected and as the RIPE NCC announcement explains, they have been patched as soon as the patch came out; basically within the day. Regards, Robert Kisteleki for the Atlas team
has bash 4.3 upto patch v29 been applied ? Folks will need to keep ontop of bash bug exploits for a while I guess Colin
On 3 Oct 2014, at 09:08, Robert Kisteleki <robert@ripe.net> wrote:
Dear RIPE Atlas users,
The RIPE NCC made a public announcement earlier about this issue (see https://www.ripe.net/internet-coordination/news/announcements/ripe-ncc-secur...).
Still, since we have received some questions in email and Twitter about RIPE Atlas vs. this vulnerability so we'd like to respond to these with some more detail.
The RIPE Atlas v1-v2-v3 probes are/were not affected by this issue at all since they don't run bash (or even have it installed) and also not providing any accessible services. The anchors have bash installed, but it is not used for any of the services provided. Besides, these servers have been patched right away.
The infrastructure components (ie. controllers) were affected and as the RIPE NCC announcement explains, they have been patched as soon as the patch came out; basically within the day.
Regards, Robert Kisteleki for the Atlas team
The infrastructure components (ie. controllers) were affected and as the RIPE NCC announcement explains, they have been patched as soon as the patch came out; basically within the day.
patch is not singular. #shellshock is the gift that keeps giving. four times so far, 30+ systems. it's sysadmin sympathy week. please extend mine to brian and the elves. randy
potentially 6 times if not more in coming weeks http://lists.gnu.org/archive/html/bug-bash/2014-10/msg00031.html Colin
On 3 Oct 2014, at 20:26, Randy Bush <randy@psg.com> wrote:
The infrastructure components (ie. controllers) were affected and as the RIPE NCC announcement explains, they have been patched as soon as the patch came out; basically within the day.
patch is not singular. #shellshock is the gift that keeps giving. four times so far, 30+ systems. it's sysadmin sympathy week. please extend mine to brian and the elves.
randy
participants (3)
-
Colin Johnston -
Randy Bush -
Robert Kisteleki