Re: [Owasp-modsecurity-core-rule-set] CVE-2014-6271 - BASH Vulnerability

Sun, 28 Sep 2014 09:34:25 -0700 

What later us it then, in TCP model?

John
- via phone
On Sep 28, 2014 4:28 AM, "Jamie Riden" <jamie.ri...@gmail.com> wrote:

> bash is not link layer. Put the mod_sec rules in and patch bash.
>
> iptables can do pattern matching, but someone's already written the
> mod_sec rules for you, and I suspect it has vastly better protocol
> decoding capabilities.
>
> (Sounds like more bash patches on the way according to Michal
> Zalewski, so both mod_sec rules and patching are preferred rather than
> either in isolation.)
>
> cheers,
>  Jamie
>
> On 27 September 2014 17:28, John Crout <john.cr...@gmail.com> wrote:
> > Are both if these true?
> > Modsecurity is an Application layer firewall, and bash (any shell) is
> Link
> > Layer?
> >
> > Maybe an iptables ruleset?
> >
> > John Crout
> > - via phone
> >
> > On Sep 26, 2014 5:16 PM, "Joshua Roback" <jrob...@gmail.com> wrote:
> >>
> >> http://seclists.org/oss-sec/2014/q3/650
> >>
> >>
> https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/
> >>
> >>
> http://www.csoonline.com/article/2687265/application-security/remote-exploit-in-bash-cve-2014-6271.html
> >>
> >> Has anyone come across a ModSec rule for this new CVE?
> >>
> >> --
> >> Joshua Roback
> >>
> >> _______________________________________________
> >> Owasp-modsecurity-core-rule-set mailing list
> >> Owasp-modsecurity-core-rule-set@lists.owasp.org
> >>
> https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
> >>
> >
> > _______________________________________________
> > Owasp-modsecurity-core-rule-set mailing list
> > Owasp-modsecurity-core-rule-set@lists.owasp.org
> > https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
> >
>
>
>
> --
> Jamie Riden / ja...@honeynet.org / jamie.ri...@gmail.com
> http://uk.linkedin.com/in/jamieriden
>

_______________________________________________
Owasp-modsecurity-core-rule-set mailing list
Owasp-modsecurity-core-rule-set@lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set

Reply via email to