how to test for vulnerable Bash shell: Execute the following: $ env x='() { :;}; echo vulnerable’ bash -c “echo this is a test” on the command line, if it comes back with this is a test then the system is vulnerable If the system returns: bash: warning: x: ignoring function definition attempt bash: error … Read more
This Shellshock issue has now spawned 6 CVE’s CVE = Common Vulnerabilities and Exposures Threat level Yellow at Internet Storm Center This is a complex vulnerability first CVE got patched almost immediately CVE-2014-6271 The second CVE now has a patch as of Friday). CVE-2014-7169 The 3rd and 4th CVE CVE-2014-7186, CVE-2014-7187 not patched … Read more
What started as an environment of function and usability on Unix systems has devolved in another security exploit mess. US -CERT has the report for both potential exploits now (one was patched) all tools are there for hackers to exploit specific websites running Linux or Unix. That means that there are many websites that … Read more
There are two Common Vulnerability and Exposure CVE-2014-6271 and CVE-2014-7169 Akamai has posted it’s response CERT has posted it’s vulnerability Note Red Hat has developed the following test: $ env x='() { :;}; echo vulnerable’ bash -c “echo this is a test” RedHat Blog also discusses it and has set up a FAQ Updating Bash on … Read more
How dangerous is it? It is an inherent Linux glibc vulnerability. RedHat is discussing it on their articles page – has the CVE number 2015-0235 https://access.redhat.com/articles/1332213 It is nicknamed “Ghost” due to the ghostbyname() function calls in the glibc library, specifically: “GHOST is a ‘buffer overflow’ bug affecting the gethostbyname() and gethostbyname2() function calls in the … Read more
