Re: OFF TOPIC: ³Shell Shock² for my system MacOS 10.6.8 bash version 3.2.48(1)
Re: OFF TOPIC: ³Shell Shock² for my system MacOS 10.6.8 bash version 3.2.48(1)
- Subject: Re: OFF TOPIC: ³Shell Shock² for my system MacOS 10.6.8 bash version 3.2.48(1)
- From: Emmanuel LEVY <email@hidden>
- Date: Fri, 28 Nov 2014 10:22:04 +0100
Hi,
I'm not a security engineer, but from what I understand when a script tells you you are "vulnerable", understand you are "potentially vulnerable".
I think that the attack needs to launch a cgi on your machine - and then the forged URL sent to the cgi is considered by bash as part of the program to run, whence the vulnerability.
If your Apache isn't running, I don't think anyone can have a cgi run on your machine, so I think you can relax.
By the way, you say patchs start at 10.9, but http://support.apple.com/en-us/ht1222 says that they patch bash from 10.7.5.
You might upgrade to Lion, it's less than 20$ I think and it's cool, in particular Mail works way better.
Best,
Emmanuel
On Oct 2, 2014, at 3:18 AM, CYB wrote:
> is there a patch against “Shell Shock” for my system MacOS 10.6.8 bash version 3.2.48(1)-release (x86_64-apple-darwin10.0)
>
> Hi all, someone out there knows about the ShellShock bug that can affect our Macs?
> I read some articles and I found some patch in apple but just for Mac OS 10.9.
> My Mac is running OS 10.6.8 and I don't find anything about it nor info, neither a patch, but I'm a little bit worried about it.
> So my questions are
> 1.- Do I really need to worried about this bug? My Mac is not a server, and of course is alwasy connected to the internet.
> 2.- If the answer is "yes you need to be worried" ant of you knows how to solve this problem?
>
> I found this page, that had a scrip in bash that the author suggest that you run if the test for vulnerability is positive, I run the test and I get "vulnerable" , so I run the bash script but nothing change.
> https://stackoverflow.com/questions/26080275/how-do-i-upgrade-bash-in-mac-osx-snow-leopard-and-set-it-the-correct-path/26112210#26112210
> I really don't know how to use bash or shel properly, so I'm blind at this moment, and of course I don't want to be hacked in any way.
>
> Thanks for your help
>
> Carlos Ysunza B.
> Director/ Ysunza Santiago Comunicación Visual
> Tel. (52)55 5256-0336
> email@hidden
> http://www.carlosysunza.com
> http://www.ysunzasantiago.com
> http://www.lightbox.ws
> http://www.softrobot.com.mx
> <A8F115BB-C999-4552-AC78-773E4C92A257[9].png>https://www.facebook.com/CarlosYsunzaFotografia
> <A8F115BB-C999-4552-AC78-773E4C92A257[9].png> _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> AppleScript-Users mailing list (email@hidden)
> Help/Unsubscribe/Update your Subscription:
> Archives: http://lists.apple.com/archives/applescript-users
>
> This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
AppleScript-Users mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
Archives: http://lists.apple.com/archives/applescript-users
This email sent to email@hidden