New Vulnerability, Shellshock

Discussion in 'Masalah Teknik dan Keamanan' started by junior riau, 25 Sep 2014.

Thread Status:
Not open for further replies.
  1. junior riau

    junior riau Hosting Guru Web Hosting

    Messages:
    3,230
    Likes Received:
    515
    Trophy Points:
    113
  2. dhyhost

    dhyhost Hosting Guru Web Hosting

    Messages:
    3,950
    Likes Received:
    615
    Trophy Points:
    113
    hmm, berarti harus di disable ya CGI scriptsnya ?
     
  3. junior riau

    junior riau Hosting Guru Web Hosting

    Messages:
    3,230
    Likes Received:
    515
    Trophy Points:
    113
  4. junior riau

    junior riau Hosting Guru Web Hosting

    Messages:
    3,230
    Likes Received:
    515
    Trophy Points:
    113
  5. FluidaWeb

    FluidaWeb Expert 1.0

    Messages:
    648
    Likes Received:
    86
    Trophy Points:
    28
    tinggal update aja ,,,
    yum update apt-get update (tergantung OSnya)
     
  6. vishualhost

    vishualhost Expert 2.0

    Messages:
    813
    Likes Received:
    81
    Trophy Points:
    28
    yum update bash
    untuk pengguna centos
    info tambahan ini berdampak juga ke vps , jd kl yg jual virtual server bisa di update jg bash nya
     
    BikinDesainSitus likes this.
  7. pluto01

    pluto01 Hosting Guru Web Hosting

    Messages:
    3,686
    Likes Received:
    757
    Trophy Points:
    113
    yupz sdh diupdate
     
  8. Fuji Ahmad

    Fuji Ahmad Apprentice 2.0

    Messages:
    460
    Likes Received:
    61
    Trophy Points:
    28
    yang kemaren2 baru update, silahkan update lagi, kemungkinan yg terbaru udah fix
     
  9. orioon

    orioon Beginner 1.0

    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Nubi ikut nimbrung ya

    Cara Test Vuln
    Exploit 1
    env x='() { :;}; echo vulnerable' bash -c "echo this is a test"

    Exploit 2
    env X='() { (shellshocker.net)=>\' bash -c "echo date"; cat echo; rm ./echo

    Exploit 3
    env X=' () { }; echo hello' bash -c 'date'

    Exploit 4
    bash -c 'true <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF' ||
    echo "CVE-2014-7186 vulnerable, redir_stack"

    Exploit 5
    (for x in {1..200} ; do echo "for x$x in ; do :"; done; for x in {1..200} ; do echo done ; done) | bash ||
    echo "CVE-2014-7187 vulnerable, word_lineno"

    Exploit 6
    shellshocker='() { echo You are vulnerable; }' bash -c shellshocker

    Exploit 7
    bash -c "f() { x() { _;}; x() { _;} <<a; }" 2>/dev/null || echo vulnerable

    Centos : yum update bash -y
    Debian : apt-get update; apt-get install --only-upgrade bash
    Arch Linux : pacman -Syu

    atau dengan ini
    wget https://shellshocker.net/fixbash -O - | sh

     
  10. merkurius

    merkurius Poster 2.0

    Messages:
    312
    Likes Received:
    24
    Trophy Points:
    18
    ada pengaruh ke cloudlinux kah? kok rasanya saya coba ke cloudlinux gk ada updatean yah untuk bash
     
Loading...
Thread Status:
Not open for further replies.

Share This Page

Loading...