Top Posts Tagged with #shellshock bug | Tumlook

Yahoo has announced that no user data was lost when apparently hackers had breached its servers. The web firm was reportedly cautioned regarding this breach by security experts who were studying the computers.

The computers were vulnerable to the Shellshock bug, discovered recently. Yahoo servers are seen as vulnerable to Shellshock even as the attackers employed a different vulnerability for getting into machines.

Yahoo said in a statement that October 6 it had isolated several servers which were vulnerable to be compromised via Shellshock.

#Yahoo #Hack #Shellshock bug #Hackers

•18+ Adults Only

Watch Anya Live on Cam

Anya is live and ready to show you everything. Watch her strip, dance, and perform exclusive shows just for you. Interact in real-time and make your fantasies come true.

✓ Live Streaming✓ Interactive Chat✓ Private Shows✓ HD Quality

Anya is LIVE right now

FREE

Free to watch • No registration required • HD streaming

This update fixes a security flaw in the bash UNIX shell.

#apple #os x #shellshock bug

How to protect yourself from the Shellshock Bash bug

A worrying new security vulnerability has muscled its way onto the Internet, and world-leading security experts are saying it's even worse than this year's Heartbleed fiasco. Called "Bash" or "Shellshock", the security flaw is inherent to a computer's shell.

Read more: http://goo.gl/4mgFMF

#shellshock bash #shellshock bug #security #internet #heartbleed

Coleção de referências sobre "Shellshock"

Próximo ao dia 24/09/2014 foi divulgada uma vulnerabilidade no GNU Bash - conhecida como Shellshock - que permite a execução de código através de variáveis de ambiente. Esta é uma coletânea de links para referência futura e não tem pretensão de ser uma lista definitiva. O fato de um link estar aqui não significa que eu esteja atestando sua qualidade; quero também manter um registro pessoal de como a comunidade tratou o assunto.

Quem quiser colaborar, pode ficar à vontade. :)

CVEs

CVE-2014-6271 (CVE original)

CVE-2014-7169 (O fix para a vulnerabilidade original não foi suficiente, gerando um novo CVE)

BID: 70103

BID: 70137

Advisories

Thread original na oss-sec

US-CERT - TA14-268A

Cisco - cisco-sa-20140926-bash - GNU Bash Environment Variable Command Injection Vulnerability

Citrix - CTX200217 - Citrix Security Advisory for CVE-2014-6271

Posts relacionados a vulnerabilidade

[2014-09-24] Red Hat - ‏Bash specially-crafted environment variables code injection attack

[2014-09-24] Robert Graham (Errata Sec) - Bash bug as big as Heartbleed

[2014-09-24] Akamai - Environment Bashing

[2014-09-24] Robert Graham (Errata Sec) - Bash 'shellshock' scan of the Internet

[2014-09-24] Robert Graham (Errata Sec) - Bash 'shellshock' bug is wormable

[2014-09-24] CSO Online - Remote exploit vulnerability in bash CVE-2014-6271

[2014-09-24] CNET - 'Bigger than Heartbleed': Bash bug could leave IT systems in shellshock

[2014-09-25] Robert Graham (Errata Sec) - Shellshock is 20 years old (get off my lawn)

[2014-09-25] TrustedSec - Shellshock DHCP RCE Proof of Concept

[2014-09-25] Garage4Hackers - Everything you need to know about CVE-2014-6271

[2014-09-25] Troy Hunt - Everything you need to know about the Shellshock Bash bug

[2014-09-25] Security Street (Rapid7) - Bash-ing Into Your Network – Investigating CVE-2014-6271

[2014-09-25] Krypt3ia - SHELLSHOCK!

[2014-09-25] Internet Storm Center InfoSec Handlers Diary Blog - Update on CVE-2014-6271: Vulnerability in bash (shellshock)

[2014-09-25] Symantec - Shellshock: All you need to know about the Bash Bug vulnerability

[2014-09-25] Norton Comunity - Shellshock, The Latest Mac OSX and Linux Vulnerability—And What It Means For You

[2014-09-25] DigitalOcean - How to Protect your Server Against the Shellshock Bash Vulnerability

[2014-09-25] Veracode - Shellshock – what you need to know

[2014-09-25] ClevCode - CVE-2014-6271 / Shellshock & How to handle all the shells! ;)

[2014-09-25] Sucuri - Bash – ShellShocker – Attacks Increase in the Wild – Day 1

[2014-09-25] Thread no StackExchange - What is a specific example of how the shellshock bash bug could be exploited?

[2014-09-26] Securelist - Shellshock and its early adopters

[2014-09-26] Red Hat - Frequently Asked Questions about the Shellshock Bash flaws

[2014-09-27] Robert Graham (Errata Sec) - The shockingly obsolete code of bash

[2014-09-27] Daniel Fox Franke - Shell Shock Exploitation Vectors

[2014-09-27] FireEye - Shellshock in the Wild

[2014-09-27] Infosec Institute - Exploiting and Verifying Shellshock: CVE-2014-6271

[2014-09-28] IT Pro Portal - Shellshock bug is so bad it could take years to eradicate

[2014-09-28] Greg Karékinian - Shellshock (palestra no RailsCamp Germany)

[2014-09-29] TrendLabs - Summary of Shellshock-Related Stories and Materials

[2014-10-30] CloudFlare - Inside Shellshock: How hackers are using it to exploit systems

[2014-10-30] Ars Technica - Shellshock fixes beget another round of patches as attacks mount

[2014-10-01] Troy Hunt - The anatomy of a Shellshock attack in the wild

[2014-10-01] lcamtuf - Bash bug: the other two RCEs, or how we chipped away at the original fix (CVE-2014-6277 and '78)

PoCs, Exploits, Ferramentas

Detectify (Verifica se um site está vulnerável)

Mubix - shellshocker-pocs

PoC que surgiu no Pastebin

Metasploit DHCP server module for CVE-2014-6271

Dica do @antisnatchor para exploração usando BeEF

Brute Logic - Worm em 140 caracteres.

Shellshocking OpenVPN servers

Nessus Plugin ID: 7798 - GNU Bash Environment Variable Handling Code Injection via ProFTPD (Shellshock)

Script para Nmap - [Post original] [Versão 2] [Código da Versão 2 no Bitbucket]

Plugin OpenVAS

#Vulnerabilidades #vulnerability #cve-2014-6271 #cve-2014-7169 #shellshock bug #shellshock

Top Posts Tagged with #shellshock bug | Tumlook