Thread: Huge bash exploit CVE-2014-6271
View Single Post
Old 25-09-2014, 09:04   #3
Qtx
Inactive
 
Join Date: May 2012
Location: Probably outside the M25
Services: Sky Fibre Unlimited 40/10
Posts: 3,473
Qtx has a bronzed appealQtx has a bronzed appeal
Qtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appeal
Re: Huge bash exploit CVE-2014-6271
Quote:
Originally Posted by qasdfdsaq View Post
But they would still have to have some way to spawn a Bash shell in the first place (i.e. have shell access) right? Seeing as SSH won't execute any commands or even provide an environment prior to authentication... Yet the CVE says authentication not required.
Don't need to already have shell access. You can do it through a a http request and spawn a remote shell.

Quote:
if (len(sys.argv)<4):
print "Usage: %s <host> <vulnerable CGI> <attackhost/IP>" % sys.argv[0]
print "Example: %s localhost /cgi-bin/test.cgi 10.0.0.1/8080" % sys.argv[0]
exit(0)
Can also be abused via a rogue DHCP server to exploit some linux distros and also apple macs. It's not just mod_cgi.
Qtx is offline   Reply With Quote