Solved

Shell shock vulnerability options needed on large college campus

Posted on 2014-09-26
2
450 Views
Last Modified: 2014-09-29
Hey there,

I need some options for testing my network against these.  I've been using http://bashsmash.ccsir.org/ but wanted to make sure I wasn't getting false positives.  Any ideas?

Please help!

thanks metalfubar
0
Comment
Question by:metalfubar
2 Comments
 
LVL 28

Accepted Solution

by:
Jan Springer earned 500 total points
ID: 40346652
On the command line:

env VAR='() { :;}; echo Bash is vulnerable!' bash -c "echo Bash Test"

Also, if you don't have cgi applications that use bash scripts, you should be okay from an http/https perspective.
0
 
LVL 62

Expert Comment

by:gheist
ID: 40347281
For complete audit you need to check for BASH scripts invoked from network (snmpd, dhcpd, httpd)
0) upgrade bash yesterday, and announce to your users that worm herders will be executed or something like that...
1) SubAgent in snmpd.conf - if none you are clean, otherwise check script
2) not popular but check for any scripts mentioned
3) ScriptAlias (note that fcgid and wsgi and passenger are NOT vulnerable) = check all scripts in ScriptAlias directories. Do you use scripts at all? Just remove any CGI support, it is there just for epic case dinosaurs re-surrect...
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial

685 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question