Critical Bash Vuln

Remote code execution potential!

Bug in Bash shell creates big security hole on anything with *nix in it | Ars Technica

Find more posts tagged with

Comments

aftereffector

Because of its wide distribution, the vulnerability could be as wide-ranging as the Heartbleed bug,

Awwww &@*# not that again!

though it may not be nearly as dangerous.

I don't exactly feel better. Unless I am wrong, which is very possible, this looks like an injection attack vector that will primarily target servers, which should get updated in short order - but there are an awful lot of *nix systems using bash out there.

LinuxRacr

Yeah, I saw this notification come in today at work via Red Hat. I guess I'll need to add this to my patching...

UnixGuy

yeah I ran yum update this morning and I was about read what's with the update to 'bash', thought it was a new version or something. Thanks for that

wes allen

This one also appears to be wormable - so psyched I am off for a few days!

wes allen

filetype:sh inurl:cgi-bin;

1.2 million hits.

docrice

Don't be alarmed. It only looks weaponized now.

https://gist.github.com/anonymous/929d622f3b36b00c0be1

The hammers are located in isle 18 to the right.

wes allen

Another couple updates:

https://securosis.com/blog/why-the-bash-vulnerability-is-such-a-big-deal

http://www.troyhunt.com/2014/09/everything-you-need-to-know-about.html?m=1

chaser7783

Not only has it been weaponized VT shows a 0/55 rate for detection.
Source: https://www.virustotal.com/en/file/73b0d95541c84965fa42c3e257bb349957b3be626dec9d55efcc6ebcba6fa489/analysis/1411634118/

Here is some good info on the breakdown within the ELF binary showing all of it's features.
Source: KernelMode.info • View topic - Linux/Bash0day alias Shellshock alias Bashdoor

the_Grinch

Yeah we just alerted for it at work. Updating my Spacewalk and then deploying to all my boxes.

chaser7783

There is also an incomplete fix to CVE-2014-6271.
Source: oss-sec: Re: CVE-2014-6271: remote code execution through bash

wes allen

Client side (DHCP) attacks - https://www.trustedsec.com/september-2014/shellshock-dhcp-rce-proof-concept/

powmia

I wonder if there is any correlation between this and the AWS reboot

JDMurray

SANS Internet Storm Center blog articles on ShellShock: