[Haifux] The Bash vulnerability (shellshock)
boazg
boaz.gezer at gmail.com
Sat Sep 27 11:37:45 IDT 2014
try it with DHCP instead
https://www.trustedsec.com/september-2014/shellshock-dhcp-rce-proof-concept/
On Sat, Sep 27, 2014 at 11:36 AM, boazg <boaz.gezer at gmail.com> wrote:
> you need to find a vulnerable site. CGI doesn't have to pass through bash.
> you need a site that opens a subshell for something. they aren't uncommon,
> but it's not every linux-CGI site.
>
> On Fri, Sep 26, 2014 at 2:33 PM, Eli Billauer <eli at billauer.co.il> wrote:
>
>> Hi,
>>
>> I did
>>
>> # yum upgrade bash
>>
>> on Haifux' server, and it's off the hook. But I was also surprised that
>> it the attack failed even before that.
>>
>> Eli
>>
>>
>> On 26/09/14 12:39, guy keren wrote:
>>
>>> On 09/26/2014 12:30 PM, Eli Billauer wrote:
>>>
>>>> env x='() { :;}; echo vulnerable' bash -c 'echo This is a test'
>>>>
>>>
>>> you're too late - there's a (partial?) fix being distributed around...
>>>
>>> --guy
>>> _______________________________________________
>>> Haifux mailing list
>>> Haifux at haifux.org
>>> http://haifux.org/mailman/listinfo/haifux
>>>
>>>
>>
>> --
>> Web: http://www.billauer.co.il
>>
>>
>> _______________________________________________
>> Haifux mailing list
>> Haifux at haifux.org
>> http://haifux.org/mailman/listinfo/haifux
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://haifux.org/pipermail/haifux/attachments/20140927/a6178f96/attachment.html>
More information about the Haifux
mailing list