Jump to content


Photo

STB vulnerable?


  • Please log in to reply
7 replies to this topic

#1 Rob van der Does

  • Senior Member
  • 7,766 posts

+184
Excellent

Posted 27 September 2014 - 06:09

Are STB's liable to this vulnerability: http://www.bloomberg...nux-to-mac.html ?



Re: STB vulnerable? #2 littlesat

  • PLi® Core member
  • 57,058 posts

+698
Excellent

Posted 27 September 2014 - 07:00

Do we use bash?

WaveFrontier 28.2E | 23.5E | 19.2E | 16E | 13E | 10/9E | 7E | 5E | 1W | 4/5W | 15W


Re: STB vulnerable? #3 Pale-Rider

  • Senior Member
  • 126 posts

+6
Neutral

Posted 27 September 2014 - 07:08

for a little more info you can also have a read of this thread.

 

http://www.legitfta.com/forum/showthread.php?21383-Bash-test


Re: STB vulnerable? #4 betacentauri

  • PLi® Core member
  • 7,185 posts

+323
Excellent

Posted 27 September 2014 - 07:33

As far as I know images use busybox instead of bash. So they shouldn't be affected.
Xtrend ET-9200, ET-8000, ET-10000, OpenPliPC on Ubuntu 12.04

Re: STB vulnerable? #5 Pale-Rider

  • Senior Member
  • 126 posts

+6
Neutral

Posted 27 September 2014 - 07:41

well according to the post I quoted above the ATV image is coming back as vulnerable to this. tested with the method outlined in the PC world article here.

 

http://www.pcworld.com/article/2687763/safe-from-shellshock-how-to-protect-your-home-computer-from-the-bash-shell-bug.html


Re: STB vulnerable? #6 MiLo

  • PLi® Core member
  • 14,054 posts

+298
Excellent

Posted 27 September 2014 - 08:28

The standard OpenPLi box is NOT vulnerable because it does not run bash. If you have manually installed "bash", then the box may become vulnerable. However, you'll also need something to expose the shell to the outside, which is something that the webinterface does not do.


Real musicians never die - they just decompose

Re: STB vulnerable? #7 Erik Slagter

  • PLi® Core member
  • 46,969 posts

+541
Excellent

Posted 27 September 2014 - 08:29

All "known" images use the built-in shell from busybox, not bash.

 

But besides that, you'd only be vulnerable if you'd expose a shell to a hostile environment (like internet), which mostly is a stupid thing to do anyway. I don't get the commotion actually.


* Wavefrontier T90 with 28E/23E/19E/13E via SCR switches 2 x 2 x 6 user bands
I don't read PM -> if you have something to ask or to report, do it in the forum so others can benefit. I don't take freelance jobs.
Ik lees geen PM -> als je iets te vragen of te melden hebt, doe het op het forum, zodat anderen er ook wat aan hebben.


Re: STB vulnerable? #8 Erik Slagter

  • PLi® Core member
  • 46,969 posts

+541
Excellent

Posted 27 September 2014 - 08:30

Wow that's spooky, the same content at the same time!


Edited by Erik Slagter, 27 September 2014 - 08:30.

* Wavefrontier T90 with 28E/23E/19E/13E via SCR switches 2 x 2 x 6 user bands
I don't read PM -> if you have something to ask or to report, do it in the forum so others can benefit. I don't take freelance jobs.
Ik lees geen PM -> als je iets te vragen of te melden hebt, doe het op het forum, zodat anderen er ook wat aan hebben.



2 user(s) are reading this topic

0 members, 2 guests, 0 anonymous users