[Emerging-Sigs] Bash 0-day

Darien Huss dhuss at emergingthreats.net
Wed Sep 24 13:54:47 EDT 2014


Thanks Cooper, we should have something going out today for this.

Regards,
Darien

On Wed, Sep 24, 2014 at 1:33 PM, Cooper F. Nelson <cnelson at ucsd.edu> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> This popped up on one of my mailing lists today:
>
> >
> https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/
>
> This is an example of the exploit code:
>
> > $ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
> >  vulnerable
> >  this is a test
>
> I'm not sure of what would be the best way to detect this, as its
> potentially exploitable via multiple ports/protocols and I suspect
> trivial to obfuscate.
>
> - --
> Cooper Nelson
> Network Security Analyst
> UCSD ACT Security Team
> cnelson at ucsd.edu x41042
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.17 (MingW32)
>
> iQEcBAEBAgAGBQJUIwBXAAoJEKIFRYQsa8FW3+4H/3qMEZ5MirfKyd21/TyyWXgy
> BLiIlNojmmB/xG+vcgjI9efTY+i6+6gE4zPl0ID6EOU89m/oCEcghO9zw09arO3H
> YmFeJRZjpIK3iym+FGZMIDvo2F4tt76Oo+58wWxYqkNjYUKWVde6e18wp15hPx/L
> Uy1S1Ec3AozhEjNcFgUR6vI7hRz+bmEv5Qa2dLfsiEuWBkJvTw9wYnHYjFgrNMOm
> 3w6lyJmkOC2R+/A0CD436IbnEg55uSwL6kE0pdGfmx4b9kHpJ9Wauj3lLsUUo/PF
> ja0FhmeGhtfjzrSlJXw7mWUKXMujPviYZswzGZWyQknfktFwHLKplM+cz4LBaZQ=
> =VV4h
> -----END PGP SIGNATURE-----
> _______________________________________________
> Emerging-sigs mailing list
> Emerging-sigs at lists.emergingthreats.net
> https://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
>
> Support Emerging Threats! Subscribe to Emerging Threats Pro
> http://www.emergingthreats.net
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20140924/cb479ef1/attachment.html>


More information about the Emerging-sigs mailing list