Meteobridge is not "shellshocked"
Posted: Sat Sep 27, 2014 1:11 am
As some requests are coming in, Meteobridges are not affected by the latest bash exploit aka "shellshock".
Reason is, that Meteobridges are based on OpenWRT, which uses a simplified shell called "ash" included
in the "busybox" package. You can also test the exploit check on the shell of Meteobridge, when you login
via ssh (user "root", password "meteobridge") and try the exploit test...
Reason is, that Meteobridges are based on OpenWRT, which uses a simplified shell called "ash" included
in the "busybox" package. You can also test the exploit check on the shell of Meteobridge, when you login
via ssh (user "root", password "meteobridge") and try the exploit test...
Code: Select all
root@MeteoBridge:~# env X='() { :;} ; echo busted' /bin/bash -c "echo completed"
env: can't execute '/bin/bash': No such file or directory
root@MeteoBridge:~# env X='() { :;} ; echo busted' /bin/ash -c "echo completed"
completed
root@MeteoBridge:~#