Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: Update on CVE-2014-6271: Vulnerability in bash (shellshock) - SANS Internet Storm Center SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Update on CVE-2014-6271: Vulnerability in bash (shellshock)
So far I have tested ash, dash, ksh, pdksh, zsh, and busybox linked to sh (mostly on x86 ubuntu 12.04 but also dash and busybox on x86 debian and armhf). None of them exhibited this bug. The whole "export functions in environment variables" is a bash extension and not part of the POSIX shell spec.
Pat Wood

3 Posts
Ubiquiti EdgeMAX as well.

http://community.ubnt.com/t5/EdgeMAX/Re-Bash-shell-vuln-Is-ER-also-vulnerable/td-p/1024523
Pat Wood

3 Posts
Quoting John Hardin:For a system having Apache and mod_rewrite where you can modify the rewrite rules but it's hard to upgrade bash, here's a potential mitigation for CGI attacks:



Feedback solicited.

eta 9/26: Okay, this does appear to work.



you might use "\(\) \{" on the start of your regex, since () ..many.spaces.. { wouldnt work for the exploit; its has to be exactly "() {"



cheers
Pat Wood
5 Posts
please note, under certain conditions suphp-driven webapps might be exploited (safe_mode ON, system() / popen() / open() - calls in the application)

more info:
https://www.8ack.de/guides/suphp_shellshock
Pat Wood
5 Posts
From: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash


The following Cisco products have been analyzed and are not affected by this vulnerability:

<snip>

Routing and Switching - Enterprise and Service Provider

Cisco Broadband Access Center Telco Wireless
Cisco CRS-1
Cisco IOS
Cisco IOS-XR running on
Cisco ASR 9000 Series Aggregation Services Routers
Cisco CRS Router
Cisco XR 12000 Series Router
Cisco Metro Ethernet 1200 Series Access Devices
Cisco ONS 15454 Series Multiservice Provisioning Platforms
Cisco Prime Provisioning for SPs

<snip>
Art

1 Posts

Sign Up for Free or Log In to start participating in the conversation!