People following security groups or having subscribed to sec advisory services might have already seen the CVE-2014-6271 today, which refers to a really BAD remote code execution vulnerability in BASH shell. You might think: well remote code exec in BASH how this gonna work on local system? Just forget to think about your local shell, think about CGI scripts running on web servers which are plain bash scripts or call bash script functions…..you getting bad feelings. You should, because sec researchers estimate a much bigger impact than heardbleed had in terms of number of vulnerable systems and impact at all. Here are some write ups
The bug is registered with CVE-2014-6271 http://seclists.org/oss-sec/
Some more details written by Robert Graham http://blog.erratasec.com/
If you would like to check for this with NESSUS security scanner, at the moment there is no update yet available. According to the nessus support forum and discussion group the plugin release was postponed, because of some unexpected behavior during tests. I just restarted the plugin update process on my Nessus scanner, but there is still no plugin available to check for the bug.
– Daniel
PS: you can follow on twitter using these tags #bash #shellshock.  Just wonder if i can just use „USER AGENT SWITCHER“ plugin for my browser to try exploiting stuff.
UPDATE: Nessus has now several plugins available for testing. Just completed a run against our DMZ and all ok. Also Cisco and CheckPoint released their IPS signatures.
No Comments