Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Shell shock vulnerability options needed on large college campus

Posted on 2014-09-26
2
Medium Priority
?
471 Views
Last Modified: 2014-09-29
Hey there,

I need some options for testing my network against these.  I've been using http://bashsmash.ccsir.org/ but wanted to make sure I wasn't getting false positives.  Any ideas?

Please help!

thanks metalfubar
0
Comment
Question by:metalfubar
2 Comments
 
LVL 29

Accepted Solution

by:
Jan Springer earned 2000 total points
ID: 40346652
On the command line:

env VAR='() { :;}; echo Bash is vulnerable!' bash -c "echo Bash Test"

Also, if you don't have cgi applications that use bash scripts, you should be okay from an http/https perspective.
0
 
LVL 62

Expert Comment

by:gheist
ID: 40347281
For complete audit you need to check for BASH scripts invoked from network (snmpd, dhcpd, httpd)
0) upgrade bash yesterday, and announce to your users that worm herders will be executed or something like that...
1) SubAgent in snmpd.conf - if none you are clean, otherwise check script
2) not popular but check for any scripts mentioned
3) ScriptAlias (note that fcgid and wsgi and passenger are NOT vulnerable) = check all scripts in ScriptAlias directories. Do you use scripts at all? Just remove any CGI support, it is there just for epic case dinosaurs re-surrect...
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Examines three attack vectors, specifically, the different types of malware used in malicious attacks, web application attacks, and finally, network based attacks.  Concludes by examining the means of securing and protecting critical systems and inf…
What monsters are hiding in your child's room? In this article I will share with you a tech horror story that could happen to anyone, along with some tips on how you can prevent it from happening to you.
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Suggested Courses

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question