Re: [Openvas-discuss] CVE-2014-6271

2014-09-30 Thread Chris
Hi, and as another follow-up: A nice list of vulnerable software/systems is available here: https://github.com/mubix/shellshocker-pocs ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailma

Re: [Openvas-discuss] CVE-2014-6271

2014-09-29 Thread Chris
Hi, most infos and different test patterns are now collected here: https://shellshocker.net/ ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] CVE-2014-6271

2014-09-27 Thread Chris
Same goes for qmail: http://www.gossamer-threads.com/lists/qmail/users/138568 ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] CVE-2014-6271

2014-09-27 Thread Chris
Hi, just as a follow-up: Seems SIP proxies are also vulnerable: https://github.com/zaf/sipshock ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] CVE-2014-6271

2014-09-26 Thread Michael Meyer
*** Phillip Rice wrote: > But have it use credentials and actually run a bash shell command like > > env x='() { (a)=>\' bash -c "echo ls /tmp ; cat echo" A local check will also released soon. Micha -- Michael Meyer OpenPGP Key: 0xAF069E9152A6EFA6 http://www.greenbone.ne

Re: [Openvas-discuss] CVE-2014-6271

2014-09-26 Thread Phillip Rice
attachments, and inform me via reply e-mail. -Original Message- From: Openvas-discuss [mailto:openvas-discuss-boun...@wald.intevation.org] On Behalf Of Rainer Sokoll Sent: 26 September 2014 13:21 To: openvas-discuss@wald.intevation.org Subject: Re: [Openvas-discuss] CVE-2014-6271 Am 26.09.

Re: [Openvas-discuss] CVE-2014-6271

2014-09-26 Thread Rainer Sokoll
Am 26.09.2014 um 14:05 schrieb Christiaan DeVries : I’m new as well, so take all cum grano salis ;-) > What exactly do you mean by the NVT needs a script to test? Basically, I'm > trying to come up with a way I can (mass) scan our networks but as I'm quite > new to OpenVAS I feel I'm missing s

Re: [Openvas-discuss] CVE-2014-6271

2014-09-26 Thread Michael Meyer
*** Christiaan DeVries wrote: > What exactly do you mean by the NVT needs a script to test? > Basically, I'm trying to come up with a way I can (mass) scan our > networks but as I'm quite new to OpenVAS I feel I'm missing > something here. > > When I run the check, I get the following output: > [r

Re: [Openvas-discuss] CVE-2014-6271

2014-09-26 Thread Chris
t;From: Openvas-discuss >[mailto:openvas-discuss-boun...@wald.intevation.org] On Behalf Of >Rainer Sokoll >Sent: 26 September 2014 11:45 >To: openvas-discuss >Subject: Re: [Openvas-discuss] CVE-2014-6271 > > >Am 26.09.2014 um 11:44 schrieb Rainer Sokoll : > >> &

Re: [Openvas-discuss] CVE-2014-6271

2014-09-26 Thread Christiaan DeVries
--Original Message- From: Openvas-discuss [mailto:openvas-discuss-boun...@wald.intevation.org] On Behalf Of Rainer Sokoll Sent: 26 September 2014 11:45 To: openvas-discuss Subject: Re: [Openvas-discuss] CVE-2014-6271 Am 26.09.2014 um 11:44 schrieb Rainer Sokoll : > > Am 26.09.2014 um 09:09 s

Re: [Openvas-discuss] CVE-2014-6271

2014-09-26 Thread Rainer Sokoll
Am 26.09.2014 um 11:44 schrieb Rainer Sokoll : > > Am 26.09.2014 um 09:09 schrieb Chris : > >>> Is it CVE-2014-6271 detection available now? >> >> yes since yesterday: >> >> http://lists.wald.intevation.org/pipermail/openvas-nvts-commits/2014-September/000693.html > > > Does it really work?

Re: [Openvas-discuss] CVE-2014-6271

2014-09-26 Thread Chris
It should be available at Web application abuses and cgi scanning needs to be enabled. Also check the older heartbleed mailing list thread for some hints when missing a NVT. ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://l

Re: [Openvas-discuss] CVE-2014-6271

2014-09-26 Thread Rainer Sokoll
Am 26.09.2014 um 11:49 schrieb Christiaan DeVries : > After running all synchronisations, am still don't have the shellshock > detection, any hints as to what could be wrong with my system? Same here. I grabbed it directly from http://lists.wald.intevation.org/pipermail/openvas-nvts-commits/20

Re: [Openvas-discuss] CVE-2014-6271

2014-09-26 Thread Christiaan DeVries
-boun...@wald.intevation.org] On Behalf Of Rainer Sokoll Sent: 26 September 2014 10:45 To: openvas-discuss Subject: Re: [Openvas-discuss] CVE-2014-6271 Am 26.09.2014 um 09:09 schrieb Chris : >> Is it CVE-2014-6271 detection available now? > > yes since yesterday: > > http://li

Re: [Openvas-discuss] CVE-2014-6271

2014-09-26 Thread Rainer Sokoll
Am 26.09.2014 um 09:09 schrieb Chris : >> Is it CVE-2014-6271 detection available now? > > yes since yesterday: > > http://lists.wald.intevation.org/pipermail/openvas-nvts-commits/2014-September/000693.html Does it really work? If I let it run against a webserver: openvas-nasl -d -t www.exam

Re: [Openvas-discuss] CVE-2014-6271

2014-09-26 Thread Chris
Ah, forgot to mention. There are way more attack possibilities which are collected in: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7169 ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/c

Re: [Openvas-discuss] CVE-2014-6271

2014-09-26 Thread Chris
Hi, >Is it CVE-2014-6271 detection available now? yes since yesterday: http://lists.wald.intevation.org/pipermail/openvas-nvts-commits/2014-September/000693.html ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.in