Results 1 to 6 of 6
  1. #1
    Join Date
    Jul 2011
    Location
    Sweden
    Posts
    150
    Points
    5,248
    Level
    30

    Exclamation Severe shell vulnerability detected in Unix

    I just got a security flash from CERT-SE that informed me that there have been a severe security issue detected in unix shell.
    The vulnerability lets a potential attacker execute malicious code in the shell, and gain access to the system.

    At present there are no known workarounds for this issue, except running a WAF. To test if your system is afflicted by this issue, you can run the following command in the commandline:

    Code:
    $ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
    If your system is afflicted, you will see the following output in your shell:

    Code:
    vulnerable
    this is a test
    At present this vulnerability is known to be exploited by atleast one worm.

    For more information, see the following articles:
    https://securityblog.redhat.com/2014...ection-attack/
    http://seclists.org/oss-sec/2014/q3/649
    http://seclists.org/oss-sec/2014/q3/650

  2. The Following 3 Users Say Thank You to Evanion For This Useful Post:


  3. #2
    Join Date
    Apr 2012
    Posts
    2,179
    Points
    24,164
    Level
    67
    Hi Evanion

    Many thanks, your correct and one of our systems failed, but has now been patched thanks, but all other systems had already been updated.

    For those on centos, ssh in and run yum update, where you'll see bash update ready to install

    I hope your keeping well

    Many thanks

    John

  4. The Following 2 Users Say Thank You to d2d4j For This Useful Post:


  5. #3
    Join Date
    Oct 2012
    Posts
    166
    Points
    5,230
    Level
    30
    Yes, thanks for bringing attention to this. If you have auto OS updates enabled on your InterWorx box, the update should have been applied. Otherwise, definitely run yum update to secure your system.

  6. The Following User Says Thank You to IWorx-Brett For This Useful Post:


  7. #4
    Join Date
    Oct 2012
    Posts
    166
    Points
    5,230
    Level
    30
    Actually, looks like the issue isn't fully patched yet:

    https://access.redhat.com/articles/1200223

    In any case, keeping OS Updates enabled on your InterWorx boxes is highly recommended and will ensure your box receives the updated patch when it's released by red hat.

    To check your update settings, log into NodeWorx and go to Server >> Software Updates.

  8. The Following 2 Users Say Thank You to IWorx-Brett For This Useful Post:


  9. #5
    Join Date
    Oct 2013
    Location
    Alcester, UK
    Posts
    152
    Points
    2,227
    Level
    19
    Quote Originally Posted by IWorx-Brett View Post
    Actually, looks like the issue isn't fully patched yet:

    https://access.redhat.com/articles/1200223

    In any case, keeping OS Updates enabled on your InterWorx boxes is highly recommended and will ensure your box receives the updated patch when it's released by red hat.

    To check your update settings, log into NodeWorx and go to Server >> Software Updates.
    And Houston we have a problem: http://us3.campaign-archive2.com/?u=...1&e=32ff2cc196

    "We have both been made aware of some malware being spread via this vulnerability and we have seen another variant our self on our own IDS."
    Michael Dance
    Licensecart Certified Distribution for Blesta, Interworx, KernelCare, CraftSRV, Softaculous, SolusVM, LiteSpeed & SSLs.
    Free Softaculous & 50% off KernelCare with every InterWorx license bought with us. We pride ourselves by being the cheapest External provider.
    Need Help? Check out the InterWorx FAQs or check out our Knowledgebase. In the InterWorx family, you're never alone!


  10. The Following 2 Users Say Thank You to Licensecart For This Useful Post:


  11. #6
    Join Date
    Apr 2012
    Posts
    2,179
    Points
    24,164
    Level
    67
    Hi

    I wonder if this is also connected with the bots trying to take over routers, computers, IoT (internet of Things) etc... for mass bot DDoS.

    It's just a thought

    Many thanks

    John

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •