Hi,
and as another follow-up:
A nice list of vulnerable software/systems is available here:
https://github.com/mubix/shellshocker-pocs
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailma
Hi,
most infos and different test patterns are now collected here:
https://shellshocker.net/
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Same goes for qmail:
http://www.gossamer-threads.com/lists/qmail/users/138568
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Hi,
just as a follow-up:
Seems SIP proxies are also vulnerable:
https://github.com/zaf/sipshock
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
*** Phillip Rice wrote:
> But have it use credentials and actually run a bash shell command like
>
> env x='() { (a)=>\' bash -c "echo ls /tmp ; cat echo"
A local check will also released soon.
Micha
--
Michael Meyer OpenPGP Key: 0xAF069E9152A6EFA6
http://www.greenbone.ne
attachments, and inform me
via reply e-mail.
-Original Message-
From: Openvas-discuss [mailto:openvas-discuss-boun...@wald.intevation.org] On
Behalf Of Rainer Sokoll
Sent: 26 September 2014 13:21
To: openvas-discuss@wald.intevation.org
Subject: Re: [Openvas-discuss] CVE-2014-6271
Am 26.09.
Am 26.09.2014 um 14:05 schrieb Christiaan DeVries :
I’m new as well, so take all cum grano salis ;-)
> What exactly do you mean by the NVT needs a script to test? Basically, I'm
> trying to come up with a way I can (mass) scan our networks but as I'm quite
> new to OpenVAS I feel I'm missing s
*** Christiaan DeVries wrote:
> What exactly do you mean by the NVT needs a script to test?
> Basically, I'm trying to come up with a way I can (mass) scan our
> networks but as I'm quite new to OpenVAS I feel I'm missing
> something here.
>
> When I run the check, I get the following output:
> [r
t;From: Openvas-discuss
>[mailto:openvas-discuss-boun...@wald.intevation.org] On Behalf Of
>Rainer Sokoll
>Sent: 26 September 2014 11:45
>To: openvas-discuss
>Subject: Re: [Openvas-discuss] CVE-2014-6271
>
>
>Am 26.09.2014 um 11:44 schrieb Rainer Sokoll :
>
>>
&
--Original Message-
From: Openvas-discuss [mailto:openvas-discuss-boun...@wald.intevation.org] On
Behalf Of Rainer Sokoll
Sent: 26 September 2014 11:45
To: openvas-discuss
Subject: Re: [Openvas-discuss] CVE-2014-6271
Am 26.09.2014 um 11:44 schrieb Rainer Sokoll :
>
> Am 26.09.2014 um 09:09 s
Am 26.09.2014 um 11:44 schrieb Rainer Sokoll :
>
> Am 26.09.2014 um 09:09 schrieb Chris :
>
>>> Is it CVE-2014-6271 detection available now?
>>
>> yes since yesterday:
>>
>> http://lists.wald.intevation.org/pipermail/openvas-nvts-commits/2014-September/000693.html
>
>
> Does it really work?
It should be available at Web application abuses and cgi scanning needs to be
enabled.
Also check the older heartbleed mailing list thread for some hints when missing
a NVT.
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://l
Am 26.09.2014 um 11:49 schrieb Christiaan DeVries :
> After running all synchronisations, am still don't have the shellshock
> detection, any hints as to what could be wrong with my system?
Same here. I grabbed it directly from
http://lists.wald.intevation.org/pipermail/openvas-nvts-commits/20
-boun...@wald.intevation.org] On
Behalf Of Rainer Sokoll
Sent: 26 September 2014 10:45
To: openvas-discuss
Subject: Re: [Openvas-discuss] CVE-2014-6271
Am 26.09.2014 um 09:09 schrieb Chris :
>> Is it CVE-2014-6271 detection available now?
>
> yes since yesterday:
>
> http://li
Am 26.09.2014 um 09:09 schrieb Chris :
>> Is it CVE-2014-6271 detection available now?
>
> yes since yesterday:
>
> http://lists.wald.intevation.org/pipermail/openvas-nvts-commits/2014-September/000693.html
Does it really work? If I let it run against a webserver:
openvas-nasl -d -t www.exam
Ah, forgot to mention. There are way more attack possibilities which are
collected in:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7169
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/c
Hi,
>Is it CVE-2014-6271 detection available now?
yes since yesterday:
http://lists.wald.intevation.org/pipermail/openvas-nvts-commits/2014-September/000693.html
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.in
17 matches
Mail list logo