Shellshock

General technological topics without their own forum go here

Shellshock

Post by 0phidian on Thu Sep 25, 2014 10:49 pm
([msg=83825]see Shellshock[/msg])

How about that shellshock?

Definitely going to want to update your linux boxes if you haven't already.
User avatar
0phidian
Poster
Poster
 
Posts: 277
Joined: Sat Jun 16, 2012 7:04 pm
Blog: View Blog (0)


Re: Shellshock

Post by tgoe on Sat Sep 27, 2014 12:26 am
([msg=83834]see Re: Shellshock[/msg])

The Ubuntu family has pushed fixes.

Check your machine with this:
Code: Select all
env x='() { :;}; echo vulnerable' bash -c 'echo hello'


Edit: I didn't read the article before posting.
Last edited by tgoe on Sat Sep 27, 2014 1:00 am, edited 1 time in total.
User avatar
tgoe
Contributor
Contributor
 
Posts: 718
Joined: Sun Sep 28, 2008 2:33 pm
Location: q3dm7
Blog: View Blog (0)


Re: Shellshock

Post by Goatboy on Sat Sep 27, 2014 1:00 am
([msg=83838]see Re: Shellshock[/msg])

And check your logs for things like "cgi" and ";};". I haven't seen fail2ban working so hard since Heartbleed.
Assume that everything I say is or could be a lie.
User avatar
Goatboy
Expert
Expert
 
Posts: 2865
Joined: Mon Jul 07, 2008 9:35 pm
Blog: View Blog (0)


Re: Shellshock

Post by tgoe on Sat Sep 27, 2014 1:13 am
([msg=83839]see Re: Shellshock[/msg])

I'd love to read through a postmortem / found-in-the-wild about shellshock but I can't find one. Plz respond.
User avatar
tgoe
Contributor
Contributor
 
Posts: 718
Joined: Sun Sep 28, 2008 2:33 pm
Location: q3dm7
Blog: View Blog (0)


Re: Shellshock

Post by limdis on Sat Sep 27, 2014 3:57 pm
([msg=83841]see Re: Shellshock[/msg])

For those confused that would like some explanation: http://hts.io/17Ocp
"The quieter you become, the more you are able to hear..."
"Drink all the booze, hack all the things."
User avatar
limdis
Addict
Addict
 
Posts: 1657
Joined: Mon Jun 28, 2010 5:45 pm
Blog: View Blog (0)


Re: Shellshock

Post by pretentious on Sun Sep 28, 2014 8:04 am
([msg=83852]see Re: Shellshock[/msg])

I just have to say, Heartbleed and shellshock are 2 really cool names.
Goatboy wrote:Oh, that's simple. All you need to do is dedicate many years of your life to studying security.

IF you feel like exchanging ASCII arrays, let me know ;)
Can you say brainwashing It's a non stop disco
User avatar
pretentious
Addict
Addict
 
Posts: 1219
Joined: Wed Mar 03, 2010 12:48 am
Blog: View Blog (0)


Re: Shellshock

Post by cyberdrain on Mon Sep 29, 2014 5:07 pm
([msg=83868]see Re: Shellshock[/msg])

This keeps getting better and better: cool hack and name. I wonder what else lurks in dusty old code no-one bothered to check before.
Free your mind / Think clearly
User avatar
cyberdrain
Expert
Expert
 
Posts: 2160
Joined: Sun Nov 27, 2011 1:58 pm
Blog: View Blog (0)


Re: Shellshock

Post by -Ninjex- on Tue Sep 30, 2014 7:14 pm
([msg=83882]see Re: Shellshock[/msg])

cyberdrain wrote:I wonder what else lurks in dusty old code no-one bothered to check before.


My guesses are crap efficiency and exploit galore hehe
image
For those that know
K: 0x2CD8D4F9
User avatar
-Ninjex-
Moderator
Moderator
 
Posts: 1691
Joined: Sun Sep 02, 2012 8:02 pm
Blog: View Blog (0)



Return to General

Who is online

Users browsing this forum: No registered users and 0 guests