so if its a dns server with only dns open on the external firewall, but is running a management interface for internal management, is it vulnerable eaxternally since the only inbound access are DNS ports and im assuming apche doesnt defaultly listen on those ports
On Sun, Sep 28, 2014 at 1:13 PM, Josh Reynolds via Af <[email protected]> wrote: > If it ONLY does dhcp/dns/ntp, that's fine. > > If it also has a base apache install, it's likely vulnerable :) > > Josh Reynolds, Chief Information Officer > SPITwSPOTS, www.spitwspots.com > On 09/28/2014 06:38 AM, Ken Hohhof via Af wrote: > > Why? > > Take the case of a dedicated server that only does let’s say DHCP or DNS > or NTP. It only has one port open to the Internet, and there’s no way to > get to a bash shell via that port. How the hell is someone going to pass > an environment variable to a bash shell on that server? > > > > *From:* Shayne Lebrun via Af <[email protected]> > *Sent:* Sunday, September 28, 2014 8:40 AM > *To:* [email protected] > *Subject:* Re: [AFMUG] Bash specially-crafted environment variables > codeinjection attack > > > Ø I think the articles have maybe overstated the risk a bit, since you > would need to either authenticate (at least as a regular user) to get to a > shell, or find a publicly exposed script that will pass an environment > variable to bash for you. > > > > Please don’t think like this. > > > > *From:* Af [mailto:[email protected] > <[email protected]>] *On Behalf Of *Ken Hohhof via > Af > *Sent:* Saturday, September 27, 2014 1:38 PM > *To:* [email protected] > *Subject:* Re: [AFMUG] Bash specially-crafted environment variables code > injection attack > > > > So maybe I won’t do that. > > > > The newer servers where I could just do a yum update have been > straightforward, as you’d expect. > > > > I think the articles have maybe overstated the risk a bit, since you would > need to either authenticate (at least as a regular user) to get to a shell, > or find a publicly exposed script that will pass an environment variable to > bash for you. > > > > *From:* Jeremy via Af <[email protected]> > > *Sent:* Saturday, September 27, 2014 12:13 PM > > *To:* [email protected] > > *Subject:* Re: [AFMUG] Bash specially-crafted environment variables code > injection attack > > > > Our webserver was vulnerable. Tried to fix it without backing it up > first....yeah, I know. Lost it all. So I guess I will be building a new > website from my 2013 backup this weekend. It's a good thing I carpet > bombed my website to prevent anyone from messing with it! > > > > On Sat, Sep 27, 2014 at 10:25 AM, Ken Hohhof via Af <[email protected]> wrote: > > Unfortunately I have a couple old servers running RHEL4 and one old > BlueQuartz webhosting appliance based on CentOS4. I’m a little reluctant > to try compiling the patch myself unless I switch to a difference shell > first, if I screw up my command shell it might be difficult to fix. > > > > Any guess if I’d be safe using the RPM cited in this thread: > > > http://serverfault.com/questions/631055/how-do-i-patch-rhel-4-for-the-bash-vulnerabilities-in-cve-2014-6271-and-cve-2014 > > > > the RPM it points to is: > > > > > http://public-yum.oracle.com/repo/EnterpriseLinux/EL4/latest/i386/getPackage/bash-3.0-27.0.2.el4.i386.rpm > > > > > > *From:* Ty Featherling via Af <[email protected]> > > *Sent:* Saturday, September 27, 2014 10:52 AM > > *To:* [email protected] > > *Subject:* Re: [AFMUG] Bash specially-crafted environment variables code > injection attack > > > > Yeah probably the NSA! Hahaha! > > -Ty > > On Sep 26, 2014 10:36 PM, "That One Guy via Af" <[email protected]> wrote: > > Man I bet theres some guy whose been exploiting this for 20 years who is > pissed right now > > > > On Fri, Sep 26, 2014 at 1:54 PM, Ty Featherling via Af <[email protected]> > wrote: > > CentOS on some, Ubuntu on others. Already got the answers in this thread > though, thanks. > > > > -Ty > > > > On Fri, Sep 26, 2014 at 11:54 AM, Mike Hammett via Af <[email protected]> > wrote: > > Which distribution? > > > > ----- > Mike Hammett > Intelligent Computing Solutions > http://www.ics-il.com > > > ------------------------------ > > *From: *"Ty Featherling via Af" <[email protected]> > *To: *[email protected] > *Sent: *Thursday, September 25, 2014 2:42:31 PM > *Subject: *Re: [AFMUG] Bash specially-crafted environment variables code > injection attack > > Noob question but how can I easiest update my linux boxes to get the > latest patches? > > > > -Ty > > > > On Thu, Sep 25, 2014 at 1:59 PM, Josh Reynolds via Af <[email protected]> > wrote: > > Upgraded our systems at 6am yesterday for this. Also pulled the bash .deb > out of debian-stable/security for our ubiquiti edgerouters. (I made on a > post on the UBNT forum with the CVE info yesterday.) > > Side note: TONS of things are affected by this... > > Josh Reynolds, Chief Information Officer > SPITwSPOTS, www.spitwspots.com > > On 09/25/2014 10:25 AM, Peter Kranz via Af wrote: > > PS.. This vulnerability can be exploited via HTTP/Apache attack vectors, so > you need to patch any vulnerable system running Apache. > > > > Peter Kranz > > Founder/CEO - Unwired Ltd > > www.UnwiredLtd.com > > Desk: 510-868-1614 x100 > > Mobile: 510-207-0000 > > [email protected] > > > > -----Original Message----- > > From: Af [mailto:[email protected] > <[email protected]>] On Behalf Of Matt via Af > > Sent: Thursday, September 25, 2014 10:27 AM > > To: [email protected] > > Subject: [AFMUG] Bash specially-crafted environment variables code injection > attack > > > > Bash specially-crafted environment variables code injection attack > > > > https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/ > > > > > > > > > > > > > > > > -- > > All parts should go together without forcing. You must remember that the > parts you are reassembling were disassembled by you. Therefore, if you > can't get them together again, there must be a reason. By all means, do not > use a hammer. -- IBM maintenance manual, 1925 > > > > > -- All parts should go together without forcing. You must remember that the parts you are reassembling were disassembled by you. Therefore, if you can't get them together again, there must be a reason. By all means, do not use a hammer. -- IBM maintenance manual, 1925
