Major security alert - Linux etc... - GoFuckYourself.com

EddyTheDog · 09-25-2014, 04:52 AM

http://www.bbc.co.uk/news/technology-29361794

Looks serious.....

seeandsee · 09-25-2014, 06:12 AM

Fucking Linux

WDF · 09-25-2014, 08:54 AM

A bash patch was applied to our cpanel servers yesterday during an update.

Babaganoosh · 09-25-2014, 09:15 AM

https://gfy.com/showthread.php?t=1150685

Heads up though, it doesn't look like the patch fixed it completely yet.

http://www.reddit.com/r/netsec/comme...l_exploitable/

Harmon · 09-25-2014, 09:17 AM

_Richard_ · 09-25-2014, 09:17 AM

ah that sucks

Babaganoosh · 09-25-2014, 09:43 AM

https://access.redhat.com/node/1200223

If you're affected, mod_security is the best way to stop this right now.

If you're not using mod_security, iptables can protect you a little better than doing nothing.

iptables -I INPUT -m string --hex-string '|28 29 20 7B|' --algo bm -j DROP

MrGusMuller · 09-25-2014, 02:32 PM

To test if your version of Bash is vulnerable to this issue, run the following command:

$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
If the output of the above command looks as follows:

vulnerable this is a test
you are using a vulnerable version of Bash. The patch used to fix this issue ensures that no code is allowed after the end of a Bash function. Thus, if you run the above example with the patched version of Bash, you should get an output similar to:

$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test" bash: warning: x: ignoring function definition attempt bash: error importing function definition for `x' this is a test

nm_ · 09-25-2014, 05:05 PM

already found people pinging to check for the exploit in my server logs ;[

update your servers asap!

Klen · 09-26-2014, 05:12 AM

Quote:

Originally Posted by MrGusMuller

To test if your version of Bash is vulnerable to this issue, run the following command:

$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
If the output of the above command looks as follows:

vulnerable this is a test
you are using a vulnerable version of Bash. The patch used to fix this issue ensures that no code is allowed after the end of a Bash function. Thus, if you run the above example with the patched version of Bash, you should get an output similar to:

$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test" bash: warning: x: ignoring function definition attempt bash: error importing function definition for `x' this is a test

Got second thing so i guess i am patched.But this look same shit as mysql inject on sql select query.

just a punk · 09-26-2014, 05:32 AM

Code:

yum clean all && yum update bash

09-25-2014, 04:52 AM	#1
EddyTheDog Just Doing My Own Thing Industry Role: Join Date: Jan 2011 Location: London, Spain, New Zealand, GFY - Not Croydon... Posts: 25,106	Major security alert - Linux etc... http://www.bbc.co.uk/news/technology-29361794 Looks serious.....

09-25-2014, 06:12 AM	#2
seeandsee Check SIG! Industry Role: Join Date: Mar 2006 Location: Europe (Skype: gojkoas) Posts: 50,945	Fucking Linux __________________ BUY MY SIG - 50$/Year Contact here

09-25-2014, 08:54 AM	#3
WDF Confirmed User Industry Role: Join Date: Jan 2013 Location: Nashville,TN. Music City U.S.A. Posts: 2,248	A bash patch was applied to our cpanel servers yesterday during an update. __________________ Please HELP

09-25-2014, 09:15 AM	#4
Babaganoosh ♥♥♥ Likes Hugs ♥♥♥ Industry Role: Join Date: Nov 2001 Location: /home Posts: 15,841	https://gfy.com/showthread.php?t=1150685 Heads up though, it doesn't look like the patch fixed it completely yet. http://www.reddit.com/r/netsec/comme...l_exploitable/ __________________ I like pie.

09-25-2014, 09:43 AM	#7
Babaganoosh ♥♥♥ Likes Hugs ♥♥♥ Industry Role: Join Date: Nov 2001 Location: /home Posts: 15,841	https://access.redhat.com/node/1200223 If you're affected, mod_security is the best way to stop this right now. If you're not using mod_security, iptables can protect you a little better than doing nothing. iptables -I INPUT -m string --hex-string '\|28 29 20 7B\|' --algo bm -j DROP __________________ I like pie.

09-25-2014, 09:17 AM	#5
Harmon ( ͡ʘ╭͜ʖ╮͡ʘ) Industry Role: Join Date: Mar 2004 Posts: 20,010

09-25-2014, 09:17 AM	#6
_Richard_ Too lazy to set a custom title Industry Role: Join Date: Oct 2006 Location: Earth Posts: 30,989	ah that sucks

09-25-2014, 02:32 PM	#8
MrGusMuller Confirmed User Industry Role: Join Date: Oct 2010 Location: Portugal Posts: 1,262	To test if your version of Bash is vulnerable to this issue, run the following command: $ env x='() { :;}; echo vulnerable' bash -c "echo this is a test" If the output of the above command looks as follows: vulnerable this is a test you are using a vulnerable version of Bash. The patch used to fix this issue ensures that no code is allowed after the end of a Bash function. Thus, if you run the above example with the patched version of Bash, you should get an output similar to: $ env x='() { :;}; echo vulnerable' bash -c "echo this is a test" bash: warning: x: ignoring function definition attempt bash: error importing function definition for `x' this is a test __________________ StagCMS - Adult CMS - user friendly adult content management system - speed up your websites with no SQL connections ICQ: 632343*113

09-25-2014, 05:05 PM	#9
nm_ Confirmed User Industry Role: Join Date: May 2011 Location: San Diego Posts: 328	already found people pinging to check for the exploit in my server logs ;[ update your servers asap!

09-26-2014, 05:32 AM	#11
just a punk So fuckin' bored Industry Role: Join Date: Jun 2003 Posts: 32,384	Code: yum clean all && yum update bash __________________ Obey the Cowgod