[Emerging-Sigs] Bash 0-day

Cooper F. Nelson cnelson at ucsd.edu
Wed Sep 24 13:33:11 EDT 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

This popped up on one of my mailing lists today:

> https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/

This is an example of the exploit code:

> $ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
>  vulnerable
>  this is a test

I'm not sure of what would be the best way to detect this, as its
potentially exploitable via multiple ports/protocols and I suspect
trivial to obfuscate.

- -- 
Cooper Nelson
Network Security Analyst
UCSD ACT Security Team
cnelson at ucsd.edu x41042
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)

iQEcBAEBAgAGBQJUIwBXAAoJEKIFRYQsa8FW3+4H/3qMEZ5MirfKyd21/TyyWXgy
BLiIlNojmmB/xG+vcgjI9efTY+i6+6gE4zPl0ID6EOU89m/oCEcghO9zw09arO3H
YmFeJRZjpIK3iym+FGZMIDvo2F4tt76Oo+58wWxYqkNjYUKWVde6e18wp15hPx/L
Uy1S1Ec3AozhEjNcFgUR6vI7hRz+bmEv5Qa2dLfsiEuWBkJvTw9wYnHYjFgrNMOm
3w6lyJmkOC2R+/A0CD436IbnEg55uSwL6kE0pdGfmx4b9kHpJ9Wauj3lLsUUo/PF
ja0FhmeGhtfjzrSlJXw7mWUKXMujPviYZswzGZWyQknfktFwHLKplM+cz4LBaZQ=
=VV4h
-----END PGP SIGNATURE-----


More information about the Emerging-sigs mailing list