[Server-devel] Fixing the Shellshocker bash exploit on the old FC9 based XS 0.6

Anna aschoolf at gmail.com
Thu Sep 25 23:12:06 EDT 2014


Yup, the fix was only for CVE-2014-6271.  My XS 0.6 is still vulnerable to
CVE-2014-7169.

I was just looking at my Apache access log to see if anyone was trying the
exploits.  Luckily this guy who hit me is a security researcher:

209.126.230.72 - - [24/Sep/2014:23:55:55 -0500] "GET / HTTP/1.0" 200 2692
"() { :; }; ping -c 11 209.126.230.74" "shellshock-scan (
http://blog.erratasec.com/2014/09/bash-shellshock-scan-of-internet.html)"

But I don't think this person is up to any good:

89.207.135.125 - - [25/Sep/2014:07:04:51 -0500] "GET
/cgi-sys/defaultwebpage.cgi HTTP/1.0" 404 77 "-" "() { :;}; /bin/ping -c 1
198.101.206.138"

My .htaccess is set up to block user agents by keyword, like bot, crawler,
google, bing, etc.  I threw the word "ping" in there, at least that'll give
a 403 to the above attempt.

I'll keep an eye on https://ftp.gnu.org/gnu/bash/bash-4.3-patches/ and hope
a patch for CVE-2014-7169 lands in there soon.

Yes, I do need to stop procrastinating and replace this machine.  This old
Dell's power supply is going bad.  Takes me about an hour of mysterious
fiddling to get it powered back on after shutdown.

Anna Schoolfield
Birmingham

On Thu, Sep 25, 2014 at 9:14 PM, Samuel Greenfeld <samuel at greenfeld.org>
wrote:

> XS 0.7 school servers are based on CentOS 6.x, which still gets security
> updates.
>
> So you can log onto your XS 0.7 schoolserver as root, and "yum update
> bash" to get the latest version.
>
> Note that there is talk that the first fix may not be complete, so you may
> have to update bash twice.
>
>
> On Thu, Sep 25, 2014 at 7:04 PM, Anna <aschoolf at gmail.com> wrote:
>
>> The patch that fixes the "shellshocker" exploit isn't, from the best that
>> I can tell, going to be released for Fedora versions older than 17.
>>
>> I just patched my XS 0.6 with this:
>>
>> curl -k https://shellshocker.net/fixbash | sh
>>
>> You'll need to be able to compile, I'm not sure of any other specific
>> requirements since I installed the Development Tools group on this box a
>> long time ago.
>>
>> You can find more information here:  https://shellshocker.net/
>>
>> Anna Schoolfield
>> Birmingham
>>
>> _______________________________________________
>> Server-devel mailing list
>> Server-devel at lists.laptop.org
>> http://lists.laptop.org/listinfo/server-devel
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.laptop.org/pipermail/server-devel/attachments/20140925/d521cd3a/attachment.html>


More information about the Server-devel mailing list