Hello all,
We received this email today:
Update your bash asap.
http://ift.tt/1xmeM6s
http://ift.tt/Y8MfC1
We received this email today:
Code:
Hello,
We're emailing all our customers that use Authy for their SSH shells. We wanted to let you know that today, a critical vulnerability in bash (Bourne-Again-SHell) was disclosed by Stephane Chazelas.
This vulnerability is so critical that even if you have Two-Factor Authentication an attacker would be able to by-pass the two-factor verification and execute commands remotely on your server.
We recommend you update now.
Here's a few things to help you:
To test if you are vulnerable you can use the following command:
env t='() { :;}; echo You are vulnerable.' bash -c "true"
If it prints "You are vulnerable" you need to upgrade as soon as possible. Patches for the major Linux distributions have been already released.
If you are using a Ubuntu or Debian type the following commands to apply the security patch:
apt-get update
apt-get upgrade
If you are using RedHat, CentOS or Fedora type the following commands to apply the security patch:
yum clean all
yum update bash
If you want to know more about this vulnerability please read the following thread on the oss-sec mailing list:
http://ift.tt/1vgZZFY
Authy Engineering TeamUpdate your bash asap.
http://ift.tt/1xmeM6s
http://ift.tt/Y8MfC1
Aucun commentaire:
Enregistrer un commentaire