Tag Archives: Linux

New Exploit Vulnerability: CVE-2014-6271

A remotely exploitable vulnerability has been discovered by Stephane Chazelas in bash on Linux. The vulnerability has the CVE identifier CVE-2014-6271 and has been given the name Shellshock by some:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271

GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution.

An advisory from Akamai explains the problem in more depth, as does this OSS-Sec mailing list post.

How to check?

You can check if you’re vulnerable by running the following lines in your default shell, which on many systems will be Bash. If you see the words “busted”, then you’re at risk. If not, then either your Bash is fixed or your shell is using another interpreter.

env X="() { :;} ; echo busted" /bin/sh -c "echo completed"
env X="() { :;} ; echo busted" `which bash` -c "echo completed"

Or run this command in the default shell:

$ env x='() { :;}; echo vulnerable' bash -c 'echo hello'

If the output includes the word “vulnerable”, okay… you’re at risk.

Patch:

This vulnerability affects Apple’s OS X – and is useful for privilege escalation – as well as Debian and other Linux distributions. Fortunately, patches are already available: http://seclists.org/oss-sec/2014/q3/650

Patch your systems ASAP!

Support List:

  1. Novel/SuSE
  2. Debian
  3. Ubuntu
  4. Mint
  5. Redhat/Fedora
  6. Mageia
  7. CentOS

After patching my system (Ubuntu 12.04 LTS):
ShellShock

Linux上Wine的一些中文配置

配置wine之前,首先语言包一定要装全,再进行下列操作

1.安装一些必要组件:

winetricks msxml3 gdiplus riched20 riched30 vcrun6 vcrun2005sp1  wenquanyi

2.拷贝字体
下载网盘中的字体,解压,移至~/.wine/dosdevices/c:/windows/Fonts目录

cp Fonts/* ~/.wine/dosdevices/c:/windows/Fonts

3.修改注册表

wine regedit

打开wine注册表:

[HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes] :

修改如下几项,没有的要新建字符串:

Microsoft YaHei=MSYH
MS Shell Dlg=SimSun
MS Shell Dlg2=SimSun
Tms Rmn=SimSun
SimHei=SimHei

转载请注明:Open Source Planet » Linux上Wine的一些中文配置

Wine迅雷配置+下载99.9%解决

看这篇文章之前,首先Wine的中文配置需要完成,详见此文章:Linux上Wine的一些中文配置

先用wine运行一次单文件版迅雷:(下载地址)
查看自解压位置为

$ cd ~/.wine/dosdevices/c:/windows/temp
$ ls
ComDlls _dotnet35 Languages _riched20 Thunder.exe
Components _gdiplus Profiles _riched30 _wenquanyi
_dotnet30 _ie6 Program Skins _wmp10

1.配置wine,进入configure wine去,在应用程序tab下增加应用程序设置,选到目录下的thunder.exe,还有Program/下的thunder5.exe(切记这两个都要勾选,才可以完美解决99.9%下载停止的问题),设置windows版本为windows98。(如果首次运行不了,把默认设置也改为98)

2.替换Program/下的atl71.dll为ansi版本

$ cp ~/atl71.dll ~/.wine/dosdevices/c:/windows/temp/Program/

转载请注明:Open Source Planet » Wine迅雷配置+下载99.9%解决

关于一直以来的Wireshark超级用户问题

Linux下安装Wireshark后,无论是通过软件包,还是编译安装,运行wireshark后提示要以超级用户来获取权限,这个问题很多人通过

sudo wireshark

来解决,但是也可以通过添加用户组和修改权限来解决:

我是编译安装的,进入/usr/local/bin/

$ cd /usr/local/bin/

$ ls
2to3 editcap pydoc3 python3.3m randpkt
2to3-3.3 idle3 pydoc3.3 python3.3m-config rawshark
capinfos idle3.3 python3 python3-config text2pcap
dftest mergecap python3.3 pyvenv tshark
dumpcap pcap-config python3.3-config pyvenv-3.3 wireshark

/usr/local/bin$ sudo groupadd wireshark

/usr/local/bin$ sudo chgrp wireshark dumpcap

/usr/local/bin$ sudo chmod 4755 dumpcap

/usr/local/bin$ sudo gpasswd -a myfreedom614 wireshark  此处myfreedom614换成你的用户名

这样运行wireshark就可以顺利获取Interface List了

转载请注明:Open Source Planet » 关于一直以来的Wireshark超级用户问题

Spotify for Linux Preview Build

Spotify for Linux
This is a preview build of Spotify for Linux. As a preview release this version is still unsupported, but Spotify team are running it themselves and will try to make sure it keeps pace with its Mac and Windows siblings.
They have packaged it for Debian Squeeze/Ubuntu

Debian & Ubuntu:
1. Add this line to your list of repositories by editing your /etc/apt/sources.list
deb http://repository.spotify.com stable non-free

2. If you want to verify the downloaded packages,you will need to add our public key
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 94558F59

3. Run apt-get update
sudo apt-get update

4. Install spotify!
sudo apt-get install spotify-client

转载请注明:Open Source Planet » Spotify for Linux Preview Build