New Vulnerability, Shellshock


Status
Not open for further replies.

dhyhost

Web Hosting Service
The Warrior
Verified Provider
hmm, berarti harus di disable ya CGI scriptsnya ?
 

IIXPLANET

Expert 2.0
yum update bash
untuk pengguna centos
info tambahan ini berdampak juga ke vps , jd kl yg jual virtual server bisa di update jg bash nya
 

orioon

Beginner 1.0
Nubi ikut nimbrung ya

Cara Test Vuln
Exploit 1
env x='() { :;}; echo vulnerable' bash -c "echo this is a test"

Exploit 2
env X='() { (shellshocker.net)=>\' bash -c "echo date"; cat echo; rm ./echo

Exploit 3
env X=' () { }; echo hello' bash -c 'date'

Exploit 4
bash -c 'true <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF' ||
echo "CVE-2014-7186 vulnerable, redir_stack"

Exploit 5
(for x in {1..200} ; do echo "for x$x in ; do :"; done; for x in {1..200} ; do echo done ; done) | bash ||
echo "CVE-2014-7187 vulnerable, word_lineno"

Exploit 6
shellshocker='() { echo You are vulnerable; }' bash -c shellshocker

Exploit 7
bash -c "f() { x() { _;}; x() { _;} <<a; }" 2>/dev/null || echo vulnerable

Centos : yum update bash -y
Debian : apt-get update; apt-get install --only-upgrade bash
Arch Linux : pacman -Syu

atau dengan ini
wget https://shellshocker.net/fixbash -O - | sh

 

merkurius

Poster 2.0
ada pengaruh ke cloudlinux kah? kok rasanya saya coba ke cloudlinux gk ada updatean yah untuk bash
 
Status
Not open for further replies.

Top