Thread: Huge bash exploit CVE-2014-6271
View Single Post
Old 29-09-2014, 12:38   #19
Qtx
Inactive
 
Join Date: May 2012
Location: Probably outside the M25
Services: Sky Fibre Unlimited 40/10
Posts: 3,473
Qtx has a bronzed appealQtx has a bronzed appeal
Qtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appeal
Re: Huge bash exploit CVE-2014-6271
Still not over...

Further flaws render Shellshock patch ineffective

Quote:
Google security researcher Michal "lcamtuf" Zalewski has disclosed to iTnews that over the past two days he has discovered two previously unaddressed issues in the Bash function parser, one of which is as bad as the original Shellshock vulnerability.

"The first one likely permits remote code execution, but the attack would require a degree of expertise to carry out," Zalewski said.

"The second one is essentially equivalent to the original flaw, trivially allowing remote code execution even on systems that deployed the fix for the initial bug," he added.

Common vulnerabilities and exposures numbers CVE-2014-6277 and CVE-2014-6278 have been assigned to the vulnerabilties.
There are a few more CVE's other than those listed too.

List of PoCs for various services

Makes you wonder if GCHQ and the NSA are weeping that these have been found :p
Qtx is offline   Reply With Quote