September 26, 2014 - Slingshot Orbit of Technology

Archive | September 26, 2014

Testing Shellshock Bug In BASH – CVE-2014-7169 (Exploit 2)

Even after upgrading bash you may still be vulnerable to this exploit. Try running the following code.

env testbug='() { (CEV-2014-7169)=>\' bash -c "echo date"; cat echo ; rm -f echo

If the above command outputs the current date (it may also show errors), you are still vulnerable.

To test for the vulnerability on your *nix systems just issue the following command as any user (doesn’t have to be root):

env testbug='() { :;}; echo VULNERABLE' bash -c "echo completed"

If you see this:

VULNERABLE
completed

It’s vulnerable, if it’s fixed or not vulnerable you should see this:

bash: warning: testbug: ignoring function definition attempt
bash: error importing function definition for `testbug'
completed

New macOS zero-day, currently no PoC. https://t.co/usSM8CXUNW 5 years ago
“The exploit is highly efficient because the malicious app doesn't need admin access to retrieve passwords from the… https://t.co/wb3xu9MWL2 5 years ago
There is no way of telling whether this security flaw has been actively used or not, best practice is to assume tha… https://t.co/v3vBjImZTN 5 years ago
You can see which version of Kubernetes your nodes are running by running: kubectl get nodes. Your output tells you… https://t.co/vYrqpHsDv7 5 years ago
Kubernetes CVE-2018-1002105 allows any authenticated user to get administrative access to the cluster (using standa… https://t.co/lqv0HcFbWH 5 years ago